Jump to content

ludmillaxy

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Very good expert, helped me step by step and solved my problem quickly, thanks MrCharlie :-)

  2. Perfect, after restarting the site no longer appears in the list ergative. many thanks, you were really kind the OTL log All processes killed ========== OTL ========== C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: User User: Utente ->Java cache emptied: 0 bytes Total Java Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: User ->Temp folder emptied: 0 bytes User: Utente ->Temp folder emptied: 197899 bytes ->Temporary Internet Files folder emptied: 3915818 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 401300740 bytes ->Flash cache emptied: 4463598 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 218456 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33456 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 672 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 62161 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 391,00 mb OTL by OldTimer - Version 3.2.54.0 log created on 07192012_180410 Files\Folders moved on Reboot... C:\Users\Utente\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\master6411 moved successfully. PendingFileRenameOperations files... File C:\Users\Utente\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\Windows\temp\master6411 not found! Registry entries deleted on Reboot...
  3. Done, But I did not see the file Extra.txt the OTL.Txt: OTL logfile created on: 19/07/2012 17:23:55 - Run 2 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Utente\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 15,98 Gb Total Physical Memory | 13,88 Gb Available Physical Memory | 86,87% Memory free 19,88 Gb Paging File | 17,78 Gb Available in Paging File | 89,45% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,38 Gb Total Space | 169,59 Gb Free Space | 71,14% Space Free | Partition Type: NTFS Drive D: | 6,72 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 931,51 Gb Total Space | 374,80 Gb Free Space | 40,24% Space Free | Partition Type: NTFS Computer Name: UTENTE-PC | User Name: Utente | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/19 17:23:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Utente\Desktop\OTL.exe PRC - [2012/07/12 12:04:10 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012/07/04 15:32:31 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/04/27 03:32:58 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/11/17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/10/14 10:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/06/21 23:18:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/27 03:32:58 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/05 22:36:05 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Programmi\DAZ 3D\Content Management Service\ContentManagementServer.exe -- (DAZContentManagementService) SRV - [2010/10/27 17:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programmi\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/28 21:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/12/10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010/10/27 16:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010/10/27 16:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010/10/27 16:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010/10/27 16:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010/10/27 16:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010/10/27 16:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010/10/27 16:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010/10/27 16:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC) DRV:64bit: - [2009/10/07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D D1 EE 35 A2 5E CD 01 [binary data] IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={47FC9320-D897-4921-AE56-B5889CDE177F}&mid=7c8b4ec1fd4e47d0a4ab25244249b572-6d354736b5b92fde34f4dff8624d32f2b2c2aa80〈=it&ds=AVG&pr=fr&d=2012-07-11 10:43:39&v=11.1.0.12&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "TVitalia Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2477282&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.it/" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: firefox@red-cog.com:2.8 FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.5.0 FF - prefs.js..extensions.enabledItems: gmailnoads@mywebber.com:3.3.2 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: wisestamp@wisestamp.com:2.0.10 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.13 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88 FF - prefs.js..extensions.enabledItems: {24cc1362-11c6-4918-a2c0-b9ee5a563185}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4.1 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1 FF - prefs.js..extensions.enabledItems: {6E5A7695-7C8C-42ae-9ACE-98CB5E185599}:1.0 FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4.7 FF - prefs.js..extensions.enabledItems: {9a3fa4df-b5e1-4520-a207-ec1c32ea9fb0}:2.4.2 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: {bb2f2bde-b84f-4940-874d-8371c4d76b19}:0.1 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.36 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5 FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:6.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 4001 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 4001 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 4001 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.gopher: "127.0.0.1" FF - prefs.js..network.proxy.gopher_port: 4001 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 4001 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.socks_version: 4 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 0 FF - prefs.js..searchreset.backup.browser.search.defaultenginename: "Crawler Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/04 15:32:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/26 22:36:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/26 00:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions [2012/03/29 22:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions [2011/11/26 00:10:33 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2011/11/26 00:11:16 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011/11/30 17:34:33 | 000,000,000 | ---D | M] (ArchiBar Community Toolbar) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185} [2011/11/26 00:10:33 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2011/11/26 00:10:34 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011/11/26 00:11:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2011/11/26 00:10:34 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011/11/26 00:11:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/11/26 00:10:33 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2011/11/26 00:10:34 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011/11/26 00:10:33 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.2012\extensions\personas@christopher.beard [2012/03/29 22:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (ArchiBar Community Toolbar) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2011/11/30 23:52:30 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/11/30 23:52:30 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2011/11/30 23:52:28 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2011/11/30 23:52:30 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2011/11/30 23:52:29 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\febeprof.x\extensions\personas@christopher.beard [2012/07/17 10:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions [2012/07/06 14:14:22 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2012/07/08 23:12:51 | 000,000,000 | ---D | M] (ArchiBar Community Toolbar) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{24cc1362-11c6-4918-a2c0-b9ee5a563185} [2012/06/26 17:24:07 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2012/06/06 10:25:42 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012/03/30 14:57:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/11/30 23:56:48 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2012/05/20 14:53:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/11/30 23:56:48 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2012/06/06 22:42:46 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08} [2012/07/03 21:46:28 | 000,000,000 | ---D | M] (Wappalyzer) -- C:\Users\Utente\AppData\Roaming\mozilla\Firefox\Profiles\gb19pc3y.default\extensions\wappalyzer@crunchlabz.com [2012/07/14 22:45:33 | 000,001,650 | ---- | M] () -- C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\gb19pc3y.default\searchplugins\componenti-aggiuntivi-per-firefox.xml [2012/01/23 23:28:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/06/22 22:36:30 | 000,084,634 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI [2012/07/17 10:04:09 | 000,457,304 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI [2011/07/17 15:57:32 | 000,742,808 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{15A82062-5139-4855-9706-130A8A4BE80C}.XPI [2011/12/21 10:39:09 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI [2011/12/08 12:09:55 | 000,059,201 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.XPI [2011/08/25 08:32:26 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI [2011/10/30 11:34:06 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012/02/11 17:05:41 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012/07/03 21:46:28 | 000,045,005 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI [2011/08/18 17:13:10 | 000,014,961 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\FIREFOX@RED-COG.COM.XPI [2012/04/10 22:29:31 | 000,084,034 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\FIREPHPEXTENSION-BUILD@FIREPHP.ORG.XPI [2011/11/30 23:59:30 | 000,021,360 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\GMAILNOADS@MYWEBBER.COM.XPI [2012/01/26 18:07:40 | 000,008,363 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI [2012/05/22 10:43:48 | 001,771,909 | ---- | M] () (No name found) -- C:\USERS\UTENTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GB19PC3Y.DEFAULT\EXTENSIONS\WISESTAMP@WISESTAMP.COM.XPI [2012/06/21 23:18:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/16 21:44:00 | 000,001,393 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml [2012/07/11 10:43:38 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/05/16 21:44:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/05/16 21:44:00 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml [2012/07/10 10:47:26 | 000,005,137 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ergative.xml [2012/05/16 21:44:00 | 000,000,817 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml [2012/05/16 21:44:00 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml [2012/05/16 21:44:00 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml O1 HOSTS File: ([2012/07/19 16:05:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll File not found O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found O3 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [spywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [spywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3415623699-1113118810-3251386990-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Value error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F744A53-4E78-40AE-98CE-D9C83415B361}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll File not found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\tmtb - No CLSID value found O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll File not found O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/07 02:29:02 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/19 17:23:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Utente\Desktop\OTL.exe [2012/07/19 16:06:02 | 000,000,000 | R--D | C] -- C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012/07/19 16:05:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/07/19 15:09:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/07/19 15:09:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/07/19 15:09:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/07/19 15:09:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/07/19 15:06:36 | 004,582,475 | R--- | C] (Swearware) -- C:\Users\Utente\Desktop\ComboFix.exe [2012/07/19 09:55:24 | 000,000,000 | ---D | C] -- C:\Users\Utente\Desktop\RK_Quarantine [2012/07/18 23:24:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Utente\Desktop\dds.com [2012/07/18 16:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/07/18 15:54:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/07/18 15:52:22 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Utente\Desktop\tdsskiller.exe [2012/07/18 11:28:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/07/18 11:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/07/18 11:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/18 11:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/18 10:37:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClamWin [2012/07/17 23:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro [2012/07/17 23:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2012/07/17 18:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012/07/17 10:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012/07/17 10:25:14 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012/07/16 22:38:58 | 000,051,496 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012/07/16 22:37:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012/07/16 19:01:33 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/07/16 19:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/07/16 19:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/07/14 23:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2012/07/14 23:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012/07/14 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012/07/14 10:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012/07/14 10:25:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/07/12 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012/07/11 10:41:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/07/11 10:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/07/10 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\Unity [2012/07/10 23:34:32 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\Unity [2012/07/10 15:37:03 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Roaming\SUPERAntiSpyware.com [2012/07/10 10:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader [2012/07/10 10:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google Books Downloader [2012/07/04 17:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/07/04 15:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/06/29 23:28:49 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\bitfreak.info [2012/06/29 15:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions [2012/06/29 15:13:07 | 000,000,000 | ---D | C] -- C:\Windows\Fonts\AdvUninstal [2012/06/29 15:13:06 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\Innovative Solutions [2012/06/29 15:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Innovative Solutions [2012/06/29 15:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO [2012/06/29 15:13:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions [2012/06/26 22:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/06/26 22:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/06/26 22:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/06/26 22:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight ========== Files - Modified Within 30 Days ========== [2012/07/19 17:23:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Utente\Desktop\OTL.exe [2012/07/19 17:08:13 | 003,045,703 | ---- | M] () -- C:\Users\Utente\Desktop\2012-MANUALE-ORTI.pdf [2012/07/19 16:58:54 | 000,039,444 | ---- | M] () -- C:\Users\Utente\Desktop\ScreenShot001.jpg [2012/07/19 16:12:55 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/19 16:12:55 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/19 16:11:20 | 001,713,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/07/19 16:11:20 | 000,764,410 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/07/19 16:11:20 | 000,667,922 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/07/19 16:11:20 | 000,154,820 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/07/19 16:11:20 | 000,129,002 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/07/19 16:05:56 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2012/07/19 16:05:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/07/19 16:05:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/07/19 16:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/07/19 16:05:48 | 4276,662,270 | -HS- | M] () -- C:\hiberfil.sys [2012/07/19 16:02:25 | 004,582,475 | R--- | M] (Swearware) -- C:\Users\Utente\Desktop\ComboFix.exe [2012/07/19 15:24:58 | 012,123,173 | ---- | M] () -- C:\Users\Utente\Desktop\2012-Buone-erbacce-da-non-strappare-02.pdf [2012/07/19 15:24:55 | 008,685,019 | ---- | M] () -- C:\Users\Utente\Desktop\2012-Insetti-da-balcone.pdf [2012/07/19 15:24:54 | 015,031,093 | ---- | M] () -- C:\Users\Utente\Desktop\2012-Buone-erbacce-da-non-strappare-01.pdf [2012/07/19 11:45:33 | 243,906,940 | ---- | M] () -- C:\Users\Utente\Desktop\Tuts+ Premium - 67 High-Res Ground Textures Pack.rar [2012/07/19 10:03:47 | 000,105,595 | ---- | M] () -- C:\Users\Utente\Desktop\Grafica_Kosebelle-12_11.pdf [2012/07/19 10:03:45 | 000,070,605 | ---- | M] () -- C:\Users\Utente\Desktop\Grafica_Odisio-12_11.pdf [2012/07/19 09:54:48 | 001,552,384 | ---- | M] () -- C:\Users\Utente\Desktop\RogueKiller.exe [2012/07/18 23:24:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Utente\Desktop\dds.com [2012/07/18 15:52:23 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Utente\Desktop\tdsskiller.exe [2012/07/18 15:38:49 | 000,061,522 | ---- | M] () -- C:\Users\Utente\Desktop\cartello di cantiere MORIONDO REV_LT.pdf [2012/07/18 11:28:44 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/18 11:27:14 | 000,001,456 | ---- | M] () -- C:\Users\Utente\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs [2012/07/17 23:56:56 | 000,000,382 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012/07/17 18:36:13 | 000,017,408 | ---- | M] () -- C:\Users\Utente\AppData\Local\WebpageIcons.db [2012/07/17 18:10:59 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/07/17 18:03:09 | 000,394,784 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2012/07/16 22:38:58 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012/07/16 19:02:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/07/16 09:58:54 | 000,082,424 | ---- | M] (TG Soft S.a.s.) -- C:\Windows\SysWow64\drivers\viragtlt.sys [2012/07/14 11:36:59 | 001,421,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/07/14 10:49:50 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012/07/14 10:35:14 | 000,001,958 | ---- | M] () -- C:\Users\Utente\Documents\cc_20120714_103510.reg [2012/07/14 10:33:08 | 000,047,688 | ---- | M] () -- C:\Users\Utente\Documents\cc_20120714_103302.reg [2012/07/14 10:28:04 | 001,638,424 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/07/12 18:44:28 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012/07/10 10:47:32 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk [2012/07/04 22:34:29 | 000,442,349 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120710-151349.backup [2012/07/04 15:32:38 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/07/04 15:32:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/07/03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/29 15:13:06 | 000,002,442 | ---- | M] () -- C:\Users\Utente\Desktop\Advanced Uninstaller PRO 11.lnk ========== Files Created - No Company Name ========== [2012/07/19 16:58:54 | 000,039,444 | ---- | C] () -- C:\Users\Utente\Desktop\ScreenShot001.jpg [2012/07/19 15:24:21 | 008,685,019 | ---- | C] () -- C:\Users\Utente\Desktop\2012-Insetti-da-balcone.pdf [2012/07/19 15:24:09 | 012,123,173 | ---- | C] () -- C:\Users\Utente\Desktop\2012-Buone-erbacce-da-non-strappare-02.pdf [2012/07/19 15:24:04 | 015,031,093 | ---- | C] () -- C:\Users\Utente\Desktop\2012-Buone-erbacce-da-non-strappare-01.pdf [2012/07/19 15:23:54 | 003,045,703 | ---- | C] () -- C:\Users\Utente\Desktop\2012-MANUALE-ORTI.pdf [2012/07/19 15:09:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/07/19 15:09:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/07/19 15:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/07/19 15:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/07/19 15:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/07/19 10:39:23 | 243,906,940 | ---- | C] () -- C:\Users\Utente\Desktop\Tuts+ Premium - 67 High-Res Ground Textures Pack.rar [2012/07/19 10:03:47 | 000,105,595 | ---- | C] () -- C:\Users\Utente\Desktop\Grafica_Kosebelle-12_11.pdf [2012/07/19 10:03:45 | 000,070,605 | ---- | C] () -- C:\Users\Utente\Desktop\Grafica_Odisio-12_11.pdf [2012/07/19 09:54:49 | 001,552,384 | ---- | C] () -- C:\Users\Utente\Desktop\RogueKiller.exe [2012/07/18 15:38:49 | 000,061,522 | ---- | C] () -- C:\Users\Utente\Desktop\cartello di cantiere MORIONDO REV_LT.pdf [2012/07/18 11:28:44 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/07/17 23:41:41 | 000,000,382 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012/07/17 18:36:13 | 000,017,408 | ---- | C] () -- C:\Users\Utente\AppData\Local\WebpageIcons.db [2012/07/17 10:26:06 | 000,394,784 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat [2012/07/16 19:01:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/07/14 10:35:12 | 000,001,958 | ---- | C] () -- C:\Users\Utente\Documents\cc_20120714_103510.reg [2012/07/14 10:33:05 | 000,047,688 | ---- | C] () -- C:\Users\Utente\Documents\cc_20120714_103302.reg [2012/07/12 18:44:28 | 000,001,875 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012/07/10 10:47:32 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk [2012/07/04 15:32:38 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/06/29 15:13:06 | 000,042,496 | ---- | C] () -- C:\Windows\SysWow64\AdvUninstCPL.cpl [2012/06/29 15:13:06 | 000,002,442 | ---- | C] () -- C:\Users\Utente\Desktop\Advanced Uninstaller PRO 11.lnk [2012/06/29 15:13:06 | 000,002,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk [2012/05/30 17:30:10 | 000,106,276 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/04/30 16:03:20 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012/04/29 16:13:26 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2012/04/27 03:33:12 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2012/02/23 23:58:38 | 000,000,132 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012/02/08 19:15:33 | 000,000,132 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012/01/11 18:46:40 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll [2012/01/11 18:46:40 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\AVEQT.dll [2011/12/28 11:01:37 | 000,001,456 | ---- | C] () -- C:\Users\Utente\AppData\Local\Adobe Salva per Web e dispositivi 12.0 Prefs [2011/12/28 00:16:57 | 000,003,584 | ---- | C] () -- C:\Users\Utente\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/16 16:46:22 | 000,225,224 | ---- | C] () -- C:\Windows\hpwins26.dat [2011/12/12 23:26:11 | 000,000,092 | ---- | C] () -- C:\Windows\fnerr.dat [2011/11/12 10:27:23 | 001,638,424 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/11/08 16:57:14 | 000,039,544 | ---- | C] () -- C:\Windows\Ascd_log.ini [2011/11/08 16:56:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/11/08 16:56:23 | 000,027,470 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== LOP Check ========== [2012/03/23 17:42:01 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\.Tribler [2012/04/13 13:48:22 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Acitxi [2011/11/29 10:14:50 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Bitstream [2012/03/16 00:42:09 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Blender Foundation [2012/04/17 11:09:50 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/11/29 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2012/05/10 23:23:00 | 000,000,000 | -HSD | M] -- C:\Users\Utente\AppData\Roaming\Common [2012/06/02 17:27:32 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\DAZ 3D [2012/06/04 16:28:11 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\DisplayFusion [2012/02/12 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\e-on software [2012/07/13 18:01:30 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\FileZilla [2011/12/01 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\FireShot [2012/04/12 15:19:10 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\gizza [2012/04/13 13:48:25 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Iveb [2011/12/28 00:02:02 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Leadertech [2011/11/26 13:31:09 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\MAXON [2011/12/02 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Notepad++ [2012/04/02 22:12:12 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Otkaiw [2012/04/29 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\PACE Anti-Piracy [2012/04/15 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\SuperClearCookies [2012/04/27 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Thinstall [2012/07/10 23:46:07 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Unity [2012/07/14 10:32:21 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\uTorrent [2012/04/12 15:18:43 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Uxunac [2011/12/08 23:15:01 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\VitySoft [2012/04/26 11:00:47 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Weecast [2012/04/09 22:38:05 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\WNR [2012/04/18 23:08:57 | 000,000,000 | ---D | M] -- C:\Users\Utente\AppData\Roaming\Xilisoft [2011/11/09 10:25:19 | 000,000,004 | -HS- | M] () -- C:\Windows\Tasks\FOLDER.TSX [2012/06/26 10:07:24 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 965 bytes -> C:\ProgramData\Microsoft:Xii6onAXySV06JBeuQ7H61vB @Alternate Data Stream - 948 bytes -> C:\Users\Utente\AppData\Local\xGwTF3FA:xQzOeYxXzu6Mcll8pGY7wPg @Alternate Data Stream - 1056 bytes -> C:\Program Files\Common Files\Microsoft Shared:l8BLR32yvcAZb1b2n2t0pS @Alternate Data Stream - 1001 bytes -> C:\ProgramData\Microsoft:gLDtl7PbI3FOnotnYNGbyqtw < End of report >
  4. Done, I think it is right now has not detected anything more, however, remained in the list of search engines on firefox the link al the site ergative The final log Malwarebytes Anti-Malware (Prova) 1.62.0.1300 www.malwarebytes.org Versione database: v2012.07.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Utente :: UTENTE-PC [amministratore] Protezione: Attivata 19/07/2012 16:50:21 mbam-log-2012-07-19 (16-50-21).txt Tipo di scansione: Scansione veloce Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM Opzioni di scansione disattivate: P2P Elementi esaminati: 206598 Tempo impiegato: 24 secondi Processi rilevati in memoria: 0 (non sono stati rilevati elementi nocivi) Moduli di memoria rilevati: 0 (non sono stati rilevati elementi nocivi) Chiavi di registro rilevate: 0 (non sono stati rilevati elementi nocivi) Valori di registro rilevati: 0 (non sono stati rilevati elementi nocivi) Voci rilevate nei dati di registro: 0 (non sono stati rilevati elementi nocivi) Cartelle rilevate: 0 (non sono stati rilevati elementi nocivi) File rilevati: 0 (non sono stati rilevati elementi nocivi) (fine)
  5. Ok, I dragged the file onto ComboFix, it is updated, then run a scan, when the scan is finished reboot the PC, and this is the log ComboFix 12-07-19.02 - Utente 19/07/2012 16:03:10.5.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16361.14177 [GMT 2:00] Eseguito da: c:\users\Utente\Desktop\ComboFix.exe Opzioni usate :: c:\users\Utente\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\drivers\qgvqf.sys" "c:\windows\SysWow64\drivers\tcmvhit.sys" "c:\windows\SysWow64\drivers\wrczwsu.sys" . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\drivers\qgvqf.sys c:\windows\SysWow64\drivers\tcmvhit.sys c:\windows\SysWow64\drivers\wrczwsu.sys c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_aenen -------\Service_jcwqkjrv -------\Service_pgnmwbw . . ((((((((((((((((((((((((( Files Creati Da 2012-06-19 al 2012-07-19 ))))))))))))))))))))))))))))))))))) . . 2012-07-19 14:04 . 2012-07-19 14:04 -------- d-----w- c:\users\User\AppData\Local\temp 2012-07-19 14:04 . 2012-07-19 14:04 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-19 14:04 . 2012-07-19 14:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-18 14:10 . 2012-07-18 14:10 -------- d-----w- c:\programdata\Kaspersky Lab 2012-07-18 13:54 . 2012-07-18 13:54 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-18 09:28 . 2012-07-18 09:28 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 09:28 . 2012-07-18 09:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-18 09:28 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 08:37 . 2012-07-18 13:36 -------- d-----w- c:\program files (x86)\ClamWin 2012-07-17 21:41 . 2012-07-17 21:56 -------- d-----w- c:\programdata\Trend Micro 2012-07-17 21:41 . 2012-07-18 08:36 -------- d-----w- c:\program files\Trend Micro 2012-07-17 16:09 . 2012-07-17 16:09 -------- d-----w- c:\programdata\Comodo 2012-07-17 08:26 . 2012-07-17 16:09 -------- d-----w- c:\programdata\CPA_VA 2012-07-16 20:38 . 2012-07-16 20:38 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2012-07-16 20:37 . 2012-07-17 08:03 -------- d-----w- c:\program files (x86)\Spyware Terminator 2012-07-16 17:01 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-16 17:01 . 2012-07-16 17:01 -------- d-----w- c:\programdata\AVAST Software 2012-07-16 17:01 . 2012-07-16 17:01 -------- d-----w- c:\program files\AVAST Software 2012-07-14 21:24 . 2012-07-15 08:13 -------- d-----w- c:\programdata\clp 2012-07-14 08:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-14 08:33 . 2012-07-14 08:33 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-07-14 08:32 . 2012-07-14 08:32 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2012-07-14 08:31 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-14 08:26 . 2012-07-14 08:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-07-14 08:25 . 2012-07-14 08:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-14 08:24 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-07-14 08:24 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-07-14 08:24 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-07-14 08:24 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-07-14 08:24 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-07-14 08:24 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-07-14 08:24 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-07-13 16:50 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-13 16:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-07-13 16:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-07-13 16:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-07-13 16:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-07-13 16:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-13 16:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-13 16:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-13 16:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-13 16:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-13 16:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-13 16:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-13 16:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-13 16:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-12 20:15 . 2012-06-18 01:12 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D595D60A-15FF-41AD-BCC2-107A428C7E7E}\mpengine.dll 2012-07-11 08:41 . 2012-07-11 08:41 -------- d--h--w- c:\programdata\Common Files 2012-07-11 08:40 . 2012-07-11 13:22 -------- d-----w- c:\programdata\MFAData 2012-07-10 21:46 . 2012-07-10 21:46 -------- d-----w- c:\users\Utente\AppData\Roaming\Unity 2012-07-10 21:34 . 2012-07-18 13:34 -------- d-----w- c:\users\Utente\AppData\Local\Unity 2012-07-10 13:37 . 2012-07-10 13:37 -------- d-----w- c:\users\Utente\AppData\Roaming\SUPERAntiSpyware.com 2012-07-10 08:47 . 2012-07-10 08:54 -------- d-----w- c:\program files (x86)\Google Books Downloader 2012-07-04 15:05 . 2012-07-14 21:11 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-04 15:05 . 2012-07-14 21:11 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 15:05 . 2012-07-04 15:05 -------- d-----w- c:\program files\Java 2012-07-04 13:32 . 2012-07-04 13:32 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-06-29 21:28 . 2012-06-29 21:28 -------- d-----w- c:\users\Utente\AppData\Local\bitfreak.info 2012-06-29 13:35 . 2012-07-14 21:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 13:35 . 2012-07-14 21:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\programdata\Innovative Solutions 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\users\Utente\AppData\Local\Innovative Solutions 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions 2012-06-29 13:13 . 2009-11-05 11:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\program files (x86)\Innovative Solutions 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll 2012-06-26 20:35 . 2012-06-26 20:35 -------- d-----w- c:\program files\Microsoft Silverlight 2012-06-26 20:35 . 2012-06-26 20:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-16 07:58 . 2012-04-13 11:40 82424 ----a-w- c:\windows\SysWow64\drivers\viragtlt.sys 2012-07-04 13:32 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-07-04 13:32 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-07-03 01:19 . 2011-11-09 08:28 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-22 09:36 . 2012-04-24 08:56 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-04-27 11:27 . 2012-03-15 08:36 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-04-27 11:27 . 2012-03-15 08:36 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-04-27 11:27 . 2012-03-01 23:06 962880 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-04-27 11:27 . 2012-03-01 23:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll 2012-04-27 11:27 . 2012-03-01 23:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll 2012-04-27 11:27 . 2011-11-08 15:53 9749312 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-04-27 11:27 . 2011-11-08 15:53 2685760 ----a-w- c:\windows\system32\nvapi64.dll 2012-04-27 09:51 . 2011-11-08 15:53 6103360 ----a-w- c:\windows\system32\nvcpl.dll 2012-04-27 09:49 . 2011-11-08 15:53 3092800 ----a-w- c:\windows\system32\nvsvc64.dll 2012-04-27 09:49 . 2012-03-01 23:06 2603089 ----a-w- c:\windows\system32\nvcoproc.bin 2012-04-27 09:49 . 2011-11-08 15:53 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-04-27 09:49 . 2011-11-08 15:53 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-04-27 09:49 . 2011-11-08 15:53 850752 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-04-27 09:49 . 2011-11-08 15:53 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-04-27 09:49 . 2011-11-08 15:53 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-04-27 09:49 . 2011-11-08 15:53 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-27 01:33 . 2012-04-27 01:33 417600 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-07-19_13.11.44 ))))))))))))))))))))))))))))))))))))))))) . - 2012-07-19 07:50 . 2012-07-19 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-19 14:05 . 2012-07-19 14:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-19 14:05 . 2009-10-07 00:46 131608 c:\windows\temp\logishrd\LVPrcInj02.dll + 2009-07-14 05:01 . 2012-07-19 14:05 346796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-18 21:52 346796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-11-09 16:35 . 2012-07-19 14:05 30111588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3415623699-1113118810-3251386990-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-31 4480456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-04 296096] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-07-12 162408] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-09 1255736] R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-27 382272] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-04-27 1694016] "SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [bU] "SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [bU] "combofix"="c:\combofix\CF28584.3XE" [2010-11-21 345088] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local;*.local IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\gb19pc3y.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2477282&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 4001 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 4001 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 4001 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 4001 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 4001 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - CHIAVI ORFANE RIMOSSE - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:42,df,09,b8,0d,da,15,87,ec,89,31,39,9b,21,86,b7,71,c4,28,59,35, 0f,88,4c,ec,f1,7b,8f,50,1a,60,88,83,95,f9,f5,55,a2,39,7f,d3,02,5c,58,df,41,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Ora fine scansione: 2012-07-19 16:07:01 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-07-19 14:07 ComboFix2.txt 2012-07-19 13:12 . Pre-Run: 182.646.525.952 byte disponibili Post-Run: 182.046.056.448 byte disponibili . - - End Of File - - AB661BA7BF7E20FEAB40F5581090498A
  6. Thanks MrCharlie, I performed the steps and here is the ComboFix log ComboFix 12-07-19.01 - Utente 19/07/2012 15:09:46.4.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16361.14604 [GMT 2:00] Eseguito da: c:\users\Utente\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\listcmd.bin . . ((((((((((((((((((((((((( Files Creati Da 2012-06-19 al 2012-07-19 ))))))))))))))))))))))))))))))))))) . . 2012-07-19 13:11 . 2012-07-19 13:11 -------- d-----w- c:\users\User\AppData\Local\temp 2012-07-19 13:11 . 2012-07-19 13:11 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-19 13:11 . 2012-07-19 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-18 14:10 . 2012-07-18 14:10 -------- d-----w- c:\programdata\Kaspersky Lab 2012-07-18 13:54 . 2012-07-18 13:54 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-18 09:28 . 2012-07-18 09:28 -------- d-----w- c:\programdata\Malwarebytes 2012-07-18 09:28 . 2012-07-18 09:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-18 09:28 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-18 08:37 . 2012-07-18 13:36 -------- d-----w- c:\program files (x86)\ClamWin 2012-07-17 21:41 . 2012-07-17 21:56 -------- d-----w- c:\programdata\Trend Micro 2012-07-17 21:41 . 2012-07-18 08:36 -------- d-----w- c:\program files\Trend Micro 2012-07-17 16:09 . 2012-07-17 16:09 -------- d-----w- c:\programdata\Comodo 2012-07-17 08:26 . 2012-07-17 16:09 -------- d-----w- c:\programdata\CPA_VA 2012-07-16 20:38 . 2012-07-16 20:38 51496 ----a-w- c:\windows\system32\drivers\stflt.sys 2012-07-16 20:37 . 2012-07-17 08:03 -------- d-----w- c:\program files (x86)\Spyware Terminator 2012-07-16 17:01 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-16 17:01 . 2012-07-16 17:01 -------- d-----w- c:\programdata\AVAST Software 2012-07-16 17:01 . 2012-07-16 17:01 -------- d-----w- c:\program files\AVAST Software 2012-07-16 13:39 . 2012-07-16 13:39 61440 ----a-w- c:\windows\SysWow64\drivers\wrczwsu.sys 2012-07-16 13:36 . 2012-07-16 13:36 61440 ----a-w- c:\windows\SysWow64\drivers\tcmvhit.sys 2012-07-16 13:24 . 2012-07-16 13:24 61440 ----a-w- c:\windows\SysWow64\drivers\qgvqf.sys 2012-07-14 21:24 . 2012-07-15 08:13 -------- d-----w- c:\programdata\clp 2012-07-14 08:37 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-14 08:33 . 2012-07-14 08:33 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-07-14 08:32 . 2012-07-14 08:32 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2012-07-14 08:31 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2012-07-14 08:26 . 2012-07-14 08:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-07-14 08:25 . 2012-07-14 08:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-14 08:24 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-07-14 08:24 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-07-14 08:24 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-07-14 08:24 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-07-14 08:24 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-07-14 08:24 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-07-14 08:24 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-07-13 16:50 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-13 16:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-07-13 16:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-07-13 16:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-07-13 16:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-07-13 16:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-07-13 16:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-07-13 16:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-07-13 16:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-07-13 16:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-07-13 16:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-07-13 16:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-07-13 16:38 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-07-13 16:38 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-07-12 20:15 . 2012-06-18 01:12 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D595D60A-15FF-41AD-BCC2-107A428C7E7E}\mpengine.dll 2012-07-11 08:41 . 2012-07-11 08:41 -------- d--h--w- c:\programdata\Common Files 2012-07-11 08:40 . 2012-07-11 13:22 -------- d-----w- c:\programdata\MFAData 2012-07-10 21:46 . 2012-07-10 21:46 -------- d-----w- c:\users\Utente\AppData\Roaming\Unity 2012-07-10 21:34 . 2012-07-18 13:34 -------- d-----w- c:\users\Utente\AppData\Local\Unity 2012-07-10 13:37 . 2012-07-10 13:37 -------- d-----w- c:\users\Utente\AppData\Roaming\SUPERAntiSpyware.com 2012-07-10 08:47 . 2012-07-10 08:54 -------- d-----w- c:\program files (x86)\Google Books Downloader 2012-07-04 15:05 . 2012-07-14 21:11 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-04 15:05 . 2012-07-14 21:11 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 15:05 . 2012-07-04 15:05 -------- d-----w- c:\program files\Java 2012-07-04 13:32 . 2012-07-04 13:32 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2012-06-29 21:28 . 2012-06-29 21:28 -------- d-----w- c:\users\Utente\AppData\Local\bitfreak.info 2012-06-29 13:35 . 2012-07-14 21:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-29 13:35 . 2012-07-14 21:09 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\programdata\Innovative Solutions 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\users\Utente\AppData\Local\Innovative Solutions 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\program files (x86)\Common Files\Innovative Solutions 2012-06-29 13:13 . 2009-11-05 11:24 42496 ----a-w- c:\windows\SysWow64\AdvUninstCPL.cpl 2012-06-29 13:13 . 2012-06-29 13:13 -------- d-----w- c:\program files (x86)\Innovative Solutions 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll 2012-06-26 20:36 . 2012-06-26 20:36 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll 2012-06-26 20:35 . 2012-06-26 20:35 -------- d-----w- c:\program files\Microsoft Silverlight 2012-06-26 20:35 . 2012-06-26 20:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-16 07:58 . 2012-04-13 11:40 82424 ----a-w- c:\windows\SysWow64\drivers\viragtlt.sys 2012-07-04 13:32 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-07-04 13:32 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-07-03 01:19 . 2011-11-09 08:28 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-22 09:36 . 2012-04-24 08:56 34688 ----a-w- c:\windows\system32\LMIport.dll 2012-04-27 11:27 . 2012-03-15 08:36 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-04-27 11:27 . 2012-03-15 08:36 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-04-27 11:27 . 2012-03-01 23:06 962880 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-04-27 11:27 . 2012-03-01 23:06 1737536 ----a-w- c:\windows\system32\nvdispco64.dll 2012-04-27 11:27 . 2012-03-01 23:06 1466176 ----a-w- c:\windows\system32\nvgenco64.dll 2012-04-27 11:27 . 2011-11-08 15:53 9749312 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-04-27 11:27 . 2011-11-08 15:53 2685760 ----a-w- c:\windows\system32\nvapi64.dll 2012-04-27 09:51 . 2011-11-08 15:53 6103360 ----a-w- c:\windows\system32\nvcpl.dll 2012-04-27 09:49 . 2011-11-08 15:53 3092800 ----a-w- c:\windows\system32\nvsvc64.dll 2012-04-27 09:49 . 2012-03-01 23:06 2603089 ----a-w- c:\windows\system32\nvcoproc.bin 2012-04-27 09:49 . 2011-11-08 15:53 889664 ----a-w- c:\windows\system32\nvvsvc.exe 2012-04-27 09:49 . 2011-11-08 15:53 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-04-27 09:49 . 2011-11-08 15:53 850752 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-04-27 09:49 . 2011-11-08 15:53 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-04-27 09:49 . 2011-11-08 15:53 2561856 ----a-w- c:\windows\system32\nvsvcr.dll 2012-04-27 09:49 . 2011-11-08 15:53 118080 ----a-w- c:\windows\system32\nvmctray.dll 2012-04-27 01:33 . 2012-04-27 01:33 417600 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2012-05-31 4480456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-04 296096] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-07-12 162408] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R0 aenen;aenen;c:\windows\system32\drivers\qgvqf.sys [x] R0 jcwqkjrv;jcwqkjrv;c:\windows\system32\drivers\tcmvhit.sys [x] R0 pgnmwbw;pgnmwbw;c:\windows\system32\drivers\wrczwsu.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-09 1255736] R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-11-22 303408] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-04-27 382272] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704] S3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-04-27 1694016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = local;*.local IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\gb19pc3y.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2477282&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/ FF - prefs.js: network.proxy.ftp - 127.0.0.1 FF - prefs.js: network.proxy.ftp_port - 4001 FF - prefs.js: network.proxy.gopher - 127.0.0.1 FF - prefs.js: network.proxy.gopher_port - 4001 FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 4001 FF - prefs.js: network.proxy.socks - 127.0.0.1 FF - prefs.js: network.proxy.socks_port - 4001 FF - prefs.js: network.proxy.ssl - 127.0.0.1 FF - prefs.js: network.proxy.ssl_port - 4001 FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - CHIAVI ORFANE RIMOSSE - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:42,df,09,b8,0d,da,15,87,ec,89,31,39,9b,21,86,b7,71,c4,28,59,35, 0f,88,4c,ec,f1,7b,8f,50,1a,60,88,83,95,f9,f5,55,a2,39,7f,d3,02,5c,58,df,41,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2012-07-19 15:12:44 ComboFix-quarantined-files.txt 2012-07-19 13:12 . Pre-Run: 182.231.306.240 byte disponibili Post-Run: 182.855.012.352 byte disponibili . - - End Of File - - 287FA558AC321674FFD5EB9F2138C165
  7. Hello MrCharlie, thanks for your help. here is the report RKreport1.txt
  8. With the quick scan I found this HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|56226 and C:\PROGRA~3\LOCALS~1\Temp\msmekh.exe but after the reboot is still there, both firefox and IE, which had as the home page ergative-dot-com I attach the logs (sorry for my bad English) DDS.txt Attach.txt mbam-log-2012-07-18 (23-13-28).txt thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.