Log HijackThis

[Pippof]

Avrei bisogno d'aiuto per verificare il risultato del log eseguito sul mio pc, atteso che sono comparsi strane segnalazioni mai viste prima! Chi mi darebbe una mano d'aiuto, indicandomi, passo passo, cosa fare? Grazie!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.05.48, on 20/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Labtec\WebCam10\WebCam10.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\APC\PowerChute Personal Edition\apcsystray.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Display] C:\Programmi\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Xvid] C:\Programmi\XviD\CheckUpdate.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Mozilla Firefox\firefox.exe http://www.symantec.com/techsupp/servle ... 9.000000bb
O4 - Global Startup: APC UPS Status.lnk = C:\Programmi\APC\PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Cerca nel web - C:\Programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Rilevamento dispositivi) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} (McciConnectedDevicesUSB Class) - http://77.238.10.103/velox/services/sta ... taller.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.it/Genoogle/Compo ... eQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6789574906
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://leganavcastell.dyndns.org:81/DvrOcx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: bw+0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw+0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: offline-8876480 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Programmi\USB Safely Remove\USBSRService.exe

--
End of file - 21092 bytes

[FrancescoFDAC]

Disinstalla tutte le toolbar installate.

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

[Pippof]

Fatto!
Ecco il risultato:

ComboFix 12-05-20.01 - Giuseppe 20/05/2012 10.44.18.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2347 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox\config.dat
c:\documents and settings\Giuseppe\Dati applicazioni\OfferBox\config.xml
c:\documents and settings\Giuseppe\Dati applicazioni\Toolbar4
c:\documents and settings\Giuseppe\en_res.dll
c:\documents and settings\Giuseppe\es_res.dll
c:\documents and settings\Giuseppe\fr_res.dll
c:\documents and settings\Giuseppe\grm_res.dll
c:\documents and settings\Giuseppe\it_res.dll
c:\documents and settings\Giuseppe\jp_res.dll
c:\documents and settings\Giuseppe\mfc80u.dll
c:\documents and settings\Giuseppe\msvcr80.dll
c:\documents and settings\Giuseppe\PCPE Setup.exe
c:\documents and settings\Giuseppe\pt_res.dll
c:\documents and settings\Giuseppe\ResourceReader.dll
c:\documents and settings\Giuseppe\ru_res.dll
c:\documents and settings\Giuseppe\WINDOWS
c:\documents and settings\Giuseppe\zh_res.dll
c:\windows\system32\bacdccb7_d.dll
c:\windows\system32\drivers\uqqxggfcmfqn.sys
c:\windows\system32\SET212.tmp
c:\windows\system32\SET217.tmp
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_uqqxggfcmfqn
-------\Service_uqqxggfcmfqn
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-20 al 2012-05-20 )))))))))))))))))))))))))))))))))))
.
.
2012-05-20 07:40 . 2012-05-20 07:40 388096 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 07:29 . 2012-05-20 07:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2012-05-20 07:20 . 2012-05-20 07:20 -------- d-----w- c:\programmi\HitmanPro
2012-05-19 01:09 . 2012-05-19 01:09 -------- d-----w- C:\AMD
2012-05-10 23:49 . 2012-05-20 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2012-04-25 15:52 . 2012-04-25 15:52 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-04-25 15:51 . 2012-04-25 15:51 157352 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 15:51 . 2012-04-25 15:51 129976 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice.exe
2012-04-20 16:46 . 2012-04-20 16:49 -------- d-----w- c:\programmi\Toolbar Cleaner
2012-04-20 16:38 . 2012-05-20 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SweetIM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 00:28 . 2012-03-30 03:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 00:28 . 2011-05-16 02:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:08 . 2012-02-07 06:43 13338112 ----a-w- c:\documents and settings\Giuseppe\PCPE_3.0.1.msi
2012-05-04 05:30 . 2011-12-16 11:14 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 05:30 . 2010-12-24 16:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 05:30 . 2010-04-15 15:56 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:51 . 2004-08-19 15:34 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2007-04-04 08:36 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2004-08-19 14:34 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-05 23:10 . 2009-03-30 15:30 564632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-05 23:09 . 2009-03-30 15:20 19352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 13:56 . 2012-04-10 12:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00 . 2004-08-19 14:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 14:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 14:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-19 14:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-19 14:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-19 14:26 385024 ----a-w- c:\windows\system32\html.iec
2012-04-25 15:51 . 2011-03-24 17:07 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\programmi\XviD\CheckUpdate.exe" [2011-01-17 8192]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2012-04-28 2042368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2002-08-29 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2002-08-29 332288]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\programmi\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^desktop.ini]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
backup=c:\windows\pss\desktop.iniStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Giuseppe\\Documenti\\EMM\\eXtreme Movie Manager 7\\eXtreme Movie Manager.exe"=
"c:\\Programmi\\eMule0.50a\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 15.32.56 64288]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [06/12/2008 18.08.24 971584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13.23.20 11352]
R2 APC Data Service;APC Data Service;c:\programmi\APC\PowerChute Personal Edition\dataserv.exe [24/01/2012 16.21.22 21880]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/10/2010 16.37.47 12184]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [10/04/2012 14.04.07 654408]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [18/12/2008 2.40.10 1004888]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [03/04/2012 7.54.19 38608]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18.34.46 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/04/2012 14.04.06 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [05/04/2012 11.37.38 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 5.16.25 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/01/2011 8.19.16 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 17.52.03 129976]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:28]
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-05-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2012-05-20 c:\windows\Tasks\User_Feed_Synchronization-{7AA169F3-ED11-4235-A0F7-04CFAA16432D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
TCP: Interfaces\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} - hxxp://77.238.10.103/velox/services/sta ... taller.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.it/Genoogle/Compo ... eQuery.dll
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://leganavcastell.dyndns.org:81/DvrOcx.cab
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\5g8uwzs9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?sr ... 0002002&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8nTf ... 26&search=
FF - user.js: extensions.incredibar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.incredibar_i.instlDay - 15424
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8nTfwDoP
FF - user.js: extensions.incredibar_i.upn2n - 92824074812577647
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-PoService - (no file)
SafeBoot-aawservice
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD5A1DE6-3F85-08CE-B7C9-C8C8EB0B0C8B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"naibieeggcmdikdkkmdiepiogncp"=hex:6a,61,65,68,6d,64,6e,6b,65,6c,63,6c,6c,65,
61,6e,68,6e,6f,63,00,fa
"macpgcahekfbimeaflaeighjnd"=hex:69,61,64,68,6d,6d,64,66,6b,6f,69,64,61,69,6a,
70,6c,68,00,00
"naebaoobaiobgcoldkjhiobhciff"=hex:62,61,6f,67,00,8f
"abebaphjkjgbnfkcnhpnnmolpjpdmdapai"=hex:61,61,00,00
"mafbmfkamolfmceimbichofgad"=hex:61,61,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="33B2004865E08CA8D0144217DFCB979398FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67941254F44A2643D69DBD4BAA3ED5250B64FACBE16B738B1BE3E72AF98D3CD88D8F31EA5C0E0286ABD90E3A866E4EB0F06F137D5AD1E0A6C683D3F0C30E731592ABD058ADC8D63C0CC839B9C53155B575FEFAAE923EEECA0B43A342D583655AD77792DE420F8BD24F0F74CD7F6376B3BACF1A437EF470A77599148221BAC5A9F8BE27042757D93CB973863C7C4690AD54436EE3469E07F2089FF85A49681E8885F6D6921FFDCE6E0AE24E123D7CD52CCC5D897C4448AB64B814B63827A1CA810036FD191FC04DE56E6CB91CF38ECEB91F498FBC8865293972584A4DC6617DA05F380BE8D0440AA00DC44FEF856B5467BDD03C1956C920B19272BE8DE985BA780F5A809791908F21FA4325E28EDF16478E66D9C9262F83136B0CB8B204D0D99EEDA0F680F28E3BED47E3E7115DA396F2E79F4B4BA2B39C26C273ECB93FE988AD4E3219C13A11BF91EFC6D85A724C2C8499B3065D2C5705B6D19BA7E4F55A49C1F8D9A63DE149A01BE9B04BDF8658831CE301128354812E96C718C438B9116D7D2705711996CDBA9D9C07290B04A719DCF9888E8665795A98C62438FCCEE02186884863BFB91C39AE64D8EC8487FCC0EE07ED2B73D86DA317E39E08BFAE805F06405AF4DE61131F699153A7BD658321FEA6F9AD19DE70736DA9084ED28488F829659437E7D675416CE74C7C69A3C535BBEB9BEF0CDA740B7D9685B9CB317913A20378CC92976BCAD91FB9A57DFCB44B57D9E1DEA46455FDAB1CE28B024AB3262817A66C58D47FB85A64B9ED35DFA4870CE982FAFEC7D034DF208D9A14177F00721667E277F4A1DD96D58BB611ED4E5E1409D55AFB8387E8867C16516314853F40E6250EF111255E3D891273D37E4E9C2F995927BDCA7D2B1300B32E137356DBD1646F628DF641B40206D5AC839C246022EE2D1DAE069E61F56CC0438D18629B6EDC7766D5A6922E1BC7037FEC85341B32D3180D79D0B6402B78B936809A819C5F93153497D7166E433FE81A9DAC47962D82805E8E7BF7D42E4DC1C2DCC7ECCFF0BFC37E6573B068B7D0FB42E9398AEA62AF74882207F67FFE889DB557A04378750DA20516952BE73E525350E8040D8725FC261B2DAC2E74233C39F169598732431A722142912E8A9A122CB0759C44304D0667346AD7F93923EF9F6D4F5B9F67B3F81D3D48ECCAC199CFE5E2AEC588FA35D5B48ADAA81C2B8B1C04338BC156592432AA594CDE74D208BE837B777515D13E6EA76843F0B9F96D2FBDE0635D599DF6404C8833D701D7B887AD2276568BF4CB448329AA39DCA9DB0C44A85EB2BB1D9111"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(4916)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\APC\PowerChute Personal Edition\mainserv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Logi_MwX.Exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
c:\programmi\APC\PowerChute Personal Edition\apcsystray.exe
c:\programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-05-20 11:04:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-05-20 09:04
.
Pre-Run: 445.113.634.816 byte disponibili
Post-Run: 444.980.887.552 byte disponibili
.
- - End Of File - - A35E70B6A685AA743DD6CA19226537B7

[FrancescoFDAC]

Molto bene.

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


KillAll::
Folder::
c:\documents and settings\All Users\Dati applicazioni\SweetIM

RegNull::
[HKEY_USERS\S-1-5-21-1547161642-1390067357-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD5A1DE6-3F85-08CE-B7C9-C8C8EB0B0C8B}*]




● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.



Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script



Hai installato Lavasoft Ad Aware? Disinstallalo.

[Pippof]

Fatto!
Lavasoft Ad Aware l'ho disinstallato tempo fa!

Ecco il report nuovo:

ComboFix 12-05-20.01 - Giuseppe 20/05/2012 11.26.43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2488 [GMT 2:00]
Eseguito da: c:\documents and settings\Giuseppe\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\Giuseppe\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\SweetIM
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-20 al 2012-05-20 )))))))))))))))))))))))))))))))))))
.
.
2012-05-20 07:40 . 2012-05-20 07:40 388096 ----a-r- c:\documents and settings\Giuseppe\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 07:29 . 2012-05-20 07:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SecTaskMan
2012-05-20 07:20 . 2012-05-20 07:20 -------- d-----w- c:\programmi\HitmanPro
2012-05-19 01:09 . 2012-05-19 01:09 -------- d-----w- C:\AMD
2012-05-10 23:49 . 2012-05-20 07:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\boost_interprocess
2012-04-25 15:52 . 2012-04-25 15:52 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2012-04-25 15:51 . 2012-04-25 15:51 157352 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-25 15:51 . 2012-04-25 15:51 129976 ----a-w- c:\programmi\Mozilla Firefox\maintenanceservice.exe
2012-04-20 16:46 . 2012-04-20 16:49 -------- d-----w- c:\programmi\Toolbar Cleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 00:28 . 2012-03-30 03:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-19 00:28 . 2011-05-16 02:45 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:08 . 2012-02-07 06:43 13338112 ----a-w- c:\documents and settings\Giuseppe\PCPE_3.0.1.msi
2012-05-04 05:30 . 2011-12-16 11:14 772552 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 05:30 . 2010-12-24 16:14 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-04 05:30 . 2010-04-15 15:56 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:51 . 2004-08-19 15:34 2030080 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2007-04-04 08:36 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:51 . 2004-08-19 14:34 2151936 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-05 23:10 . 2009-03-30 15:30 564632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\wlidui.dll
2012-04-05 23:09 . 2009-03-30 15:20 19352 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 13:56 . 2012-04-10 12:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:00 . 2004-08-19 14:39 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-19 14:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:00 . 2004-08-19 14:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2004-08-19 14:39 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-19 14:39 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-19 14:26 385024 ----a-w- c:\windows\system32\html.iec
2012-04-25 15:51 . 2011-03-24 17:07 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\programmi\XviD\CheckUpdate.exe" [2011-01-17 8192]
"USB Safely Remove"="c:\programmi\USB Safely Remove\USBSafelyRemove.exe" [2012-04-28 2042368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\programmi\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 20992]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2002-08-29 155648]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"CloneCDTray"="c:\programmi\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"MemoREX"="c:\programmi\MemoRex\MemoRexStart.exe" [2002-08-29 332288]
"Adobe Acrobat Speed Launcher"="c:\programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RTHDCPL"="RTHDCPL.EXE" [2010-12-30 19972712]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\programmi\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
APC UPS Status.lnk - c:\programmi\APC\PowerChute Personal Edition\Display.exe [2012-1-24 271736]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Giuseppe^Menu Avvio^Programmi^Esecuzione automatica^desktop.ini]
path=c:\documents and settings\Giuseppe\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
backup=c:\windows\pss\desktop.iniStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Giuseppe\\Documenti\\EMM\\eXtreme Movie Manager 7\\eXtreme Movie Manager.exe"=
"c:\\Programmi\\eMule0.50a\\emule.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/12/2009 15.32.56 64288]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\system32\drivers\tdrpm147.sys [06/12/2008 18.08.24 971584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13.23.20 11352]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [10/10/2010 16.37.47 12184]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [03/04/2012 7.54.19 38608]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18.34.46 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20.27.24 19472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/04/2012 14.04.06 22344]
S2 APC Data Service;APC Data Service;c:\programmi\APC\PowerChute Personal Edition\dataserv.exe [24/01/2012 16.21.22 21880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [10/04/2012 14.04.07 654408]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [05/04/2012 11.37.38 158856]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\programmi\USB Safely Remove\USBSRService.exe [18/12/2008 2.40.10 1004888]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 5.16.25 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/01/2011 8.19.16 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 17.52.03 129976]
S3 Pcouffin;Low level access layer for CD devices; [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:28]
.
2012-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-05-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2012-05-20 c:\windows\Tasks\User_Feed_Synchronization-{7AA169F3-ED11-4235-A0F7-04CFAA16432D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi ad Anti-Banner - c:\programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Aggiungi destinazione link a PDF esistente - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Cerca nel web - c:\programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Converti destinazione link in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Crawler Search
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
TCP: Interfaces\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} - hxxp://77.238.10.103/velox/services/sta ... taller.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.it/Genoogle/Compo ... eQuery.dll
DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} - hxxp://leganavcastell.dyndns.org:81/DvrOcx.cab
FF - ProfilePath - c:\documents and settings\Giuseppe\Dati applicazioni\Mozilla\Firefox\Profiles\5g8uwzs9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?sr ... 0002002&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100789
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.hardId - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8nTf ... 26&search=
FF - user.js: extensions.incredibar_i.id - a0ff8ef70000000000000013d417eb2f
FF - user.js: extensions.incredibar_i.instlDay - 15424
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:34
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8nTfwDoP
FF - user.js: extensions.incredibar_i.upn2n - 92824074812577647
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10589
FF - user.js: extensions.incredibar_i.ppd -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 15:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="33B2004865E08CA8D0144217DFCB979398FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555BA7FD869164D67941254F44A2643D69DBD4BAA3ED5250B64FACBE16B738B1BE3E72AF98D3CD88D8F31EA5C0E0286ABD90E3A866E4EB0F06F137D5AD1E0A6C683D3F0C30E731592ABD058ADC8D63C0CC839B9C53155B575FEFAAE923EEECA0B43A342D583655AD77792DE420F8BD24F0F74CD7F6376B3BACF1A437EF470A77599148221BAC5A9F8BE27042757D93CB973863C7C4690AD54436EE3469E07F2089FF85A49681E8885F6D6921FFDCE6E0AE24E123D7CD52CCC5D897C4448AB64B814B63827A1CA810036FD191FC04DE56E6CB91CF38ECEB91F498FBC8865293972584A4DC6617DA05F380BE8D0440AA00DC44FEF856B5467BDD03C1956C920B19272BE8DE985BA780F5A809791908F21FA4325E28EDF16478E66D9C9262F83136B0CB8B204D0D99EEDA0F680F28E3BED47E3E7115DA396F2E79F4B4BA2B39C26C273ECB93FE988AD4E3219C13A11BF91EFC6D85A724C2C8499B3065D2C5705B6D19BA7E4F55A49C1F8D9A63DE149A01BE9B04BDF8658831CE301128354812E96C718C438B9116D7D2705711996CDBA9D9C07290B04A719DCF9888E8665795A98C62438FCCEE02186884863BFB91C39AE64D8EC8487FCC0EE07ED2B73D86DA317E39E08BFAE805F06405AF4DE61131F699153A7BD658321FEA6F9AD19DE70736DA9084ED28488F829659437E7D675416CE74C7C69A3C535BBEB9BEF0CDA740B7D9685B9CB317913A20378CC92976BCAD91FB9A57DFCB44B57D9E1DEA46455FDAB1CE28B024AB3262817A66C58D47FB85A64B9ED35DFA4870CE982FAFEC7D034DF208D9A14177F00721667E277F4A1DD96D58BB611ED4E5E1409D55AFB8387E8867C16516314853F40E6250EF111255E3D891273D37E4E9C2F995927BDCA7D2B1300B32E137356DBD1646F628DF641B40206D5AC839C246022EE2D1DAE069E61F56CC0438D18629B6EDC7766D5A6922E1BC7037FEC85341B32D3180D79D0B6402B78B936809A819C5F93153497D7166E433FE81A9DAC47962D82805E8E7BF7D42E4DC1C2DCC7ECCFF0BFC37E6573B068B7D0FB42E9398AEA62AF74882207F67FFE889DB557A04378750DA20516952BE73E525350E8040D8725FC261B2DAC2E74233C39F169598732431A722142912E8A9A122CB0759C44304D0667346AD7F93923EF9F6D4F5B9F67B3F81D3D48ECCAC199CFE5E2AEC588FA35D5B48ADAA81C2B8B1C04338BC156592432AA594CDE74D208BE837B777515D13E6EA76843F0B9F96D2FBDE0635D599DF6404C8833D701D7B887AD2276568BF4CB448329AA39DCA9DB0C44A85EB2BB1D9111"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\programmi\Logitech\iTouch\iTchHk.dll
c:\programmi\File comuni\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmi\File comuni\Adobe\Acrobat\ActiveX\PDFShell.ITA
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\APC\PowerChute Personal Edition\mainserv.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Common Files\Motive\McciCMService.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CDBurnerXP\NMSAccessU.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\Logi_MwX.Exe
c:\windows\RTHDCPL.EXE
c:\programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
c:\programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
c:\programmi\APC\PowerChute Personal Edition\apcsystray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2012-05-20 15:46:43 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-05-20 13:46
ComboFix2.txt 2012-05-20 09:04
.
Pre-Run: 444.996.734.976 byte disponibili
Post-Run: 444.799.234.048 byte disponibili
.
- - End Of File - - 8A49A17B2D0F0907D727CDA9EEB613F5

[FrancescoFDAC]

Allega un nuovo log di Hijackthis.
Comunica come va il PC.
Scarica Security Check: http://screen317.spywareinfoforum.org/SecurityCheck.exe
● salva il tool sul Desktop
● esegui il programma e premi un tasto qualsiasi
● attendi la fine della scansione
● allega il log che si aprirà automaticamente

[Pippof]

ecco i log che vengono fuori:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.56.25, on 20/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Labtec\WebCam10\WebCam10.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\APC\PowerChute Personal Edition\apcsystray.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Xvid] C:\Programmi\XviD\CheckUpdate.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - Global Startup: APC UPS Status.lnk = C:\Programmi\APC\PowerChute Personal Edition\Display.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Cerca nel web - C:\Programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Rilevamento dispositivi) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} (McciConnectedDevicesUSB Class) - http://77.238.10.103/velox/services/sta ... taller.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.it/Genoogle/Compo ... eQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6789574906
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://leganavcastell.dyndns.org:81/DvrOcx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: bw+0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw+0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: offline-8876480 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Programmi\USB Safely Remove\USBSRService.exe

--
End of file - 18105 bytes


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Kaspersky Internet Security 2012
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
RegSupreme Pro
HijackThis 2.0.2
CCleaner
Toolbar Cleaner 1.0
Java(TM) 6 Update 26
Java(TM) 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (for..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
Kaspersky Lab Kaspersky Internet Security 2012 klwtblfs.exe
``````````End of Log````````````

[FrancescoFDAC]

Disinstalla i seguenti programmi:
Adobe Reader 8
Toolbar Cleaner 1.0
Java(TM) 6 Update 26
Java(TM) 7 Update 4
RegSupreme Pro
HijackThis 2.0.2



Installa Adobe Reader da qui: http://get.adobe.com/it/reader/?promoid=HRZAC
Installa Java da qui: http://www.java.com/it/download/
E hijackthis da qui: http://www.trendmicro.com/ftp/products/ ... ckThis.msi


Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
● a sinistra, metti la spunta accanto ad ogni singola voce che ti indicherò sotto (non spuntare tutte le voce , solo quelle riportate sotto, mi raccomando)
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su Sì
Queste sono le voci da fixare:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/extrememoviemanager7/{88AEF572-2293-4CE6-80A2-93B0E9D4087C}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programmi\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Xvid] C:\Programmi\XviD\CheckUpdate.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Programmi\APC\PowerChute Personal Edition\Display.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Rilevamento dispositivi) - http://www.logitech.com/devicedetector/ ... tion32.cab
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} (McciConnectedDevicesUSB Class) - http://77.238.10.103/velox/services/sta ... taller.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.it/Genoogle/Compo ... eQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6789574906
O16 - DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} (DvrOcx Control) - http://leganavcastell.dyndns.org:81/DvrOcx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://aiuto.alice.it/ata/static/instal ... _4-1-4.cab
O18 - Protocol: bw+0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw+0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw-0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw00s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw10s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw20s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw30s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw40s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw50s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw60s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw70s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw80s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bw90s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwa0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwb0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwc0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwd0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwe0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwf0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwg0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwh0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwi0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwj0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwk0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwl0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwm0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwn0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwo0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwp0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwq0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwr0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bws0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwt0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwu0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwv0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bww0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwx0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwy0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: bwz0s - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)
O18 - Protocol: offline-8876480 - {40A280B9-292C-4F5D-A824-C4BCF8BE59C0} - (no file)


Allega il nuovo log di Hijackthis.

[Pippof]

fatto! ecco il nuovo log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.02.54, on 20/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\LVComSX.exe
C:\Programmi\APC\PowerChute Personal Edition\apcsystray.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Cerca nel web - C:\Programmi\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Programmi\USB Safely Remove\USBSRService.exe

--
End of file - 8210 bytes

[FrancescoFDAC]

Esegui la procedura descritta, rigorosamente nel suo ordine, al fine di:
● guadagnare spazio su disco
● ottimizzare le prestazioni del sistema
● mantenere il corretto funzionamento di Windows

Ottimizzazione - post rimozione malware

Il mio consiglio è quello di stampare questa procedura, perché tornerà senz'altro utile in futuro, a te ed ai tuoi conoscenti: condividila pure con loro, non ha controindicazioni di alcun genere ed andrebbe eseguita dopo aver rimosso tutte le infezione presenti nel sistema.
Queste operazioni infatti, andrebbero eseguite almeno una volta al mese (per utilizzatori di Computer assidui il tempo è ridotto a due settimane, eccetto per lo Scandisk, punto 13. della procedura).

Tieni presente che la maggior parte delle chiavi di registro corrotte e danneggiate non si possono ripristinare e riparare correttamente, e l'installazione e la disinstallazione continua dei programmi può causare crash di sistema e fastidiose schermate blu.

Una formattazione consente di ottenere dei massimi benefici, in termini di velocità, stabilità e prestazioni: questa procedura si avvicina maggiormente ai risultati ottenuti tramite una formattazione del disco fisso.


2. Disinstalla i programmi inutilizzati, e tutte le Toolbar

Procedura per Windows XP:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Installazione applicazioni
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Rimuovi: partirà la procedura di disinstallazione

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Programmi, e su Programmi e funzionalità
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Disinstalla: partirà la procedura di disinstallazione

******************************

3. Disinstalla dal Pannello di controllo, in particolare, le seguenti applicazioni:
● Adobe Flash Player
● Adobe Reader
● Java (tutte le versioni installate)

Scarica ed installa, dai siti proposti, le versioni aggiornate dei programmi appena disinstallati:
● Adobe Flash Player: http://get.adobe.com/it/flashplayer
● Adobe Reader : http://get.adobe.com/it/reader
● Java: http://java.com/it/download/index.jsp

Note - riguardo alla procedura:
● non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce
● alternativamente ad Abobe Reader, software pesante e soprattutto soggetto a vulnerabilità sfruttabili dai malware presenti nella rete per infettare il sistema, puoi scaricare il veloce e leggerissimo Sumatra PDF Reader, che nulla ha da invidiare al prodotto di casa Adobe: http://blog.kowalczyk.info/software/sum ... eader.html

******************************

4. Disattiva il Ripristino Configurazione di Sistema

Procedura per Windows XP:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Risorse del computer
● seleziona, dal menù a tendina, la voce Proprietà
● apri la scheda Ripristino configurazione di sistema
● metti la spunta alla voce Disattiva Ripristino configurazione di sistema su tutte le unità
● conferma la modifica, con Applica e OK

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Computer
● seleziona, dal menù a tendina, la voce Proprietà
● clicca, nel menù a sinistra, su Protezione sistema; compare un avviso relativo al Controllo Account Utente: clicca su Continua
● deseleziona la casella di controllo visualizzata accanto al Disco Locale C:
● clicca sul pulsante OK
● conferma la modifica apportata, cliccando sul pulsante Applica e OK

******************************

5. Svuota del suo contenuto la cartella Prefetch

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
● elimina tutte le voci conservate al suo interno, tranne il file Layout.ini: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Prefetch contiene i file che il sistema operativo esegue; un'operazione di prefetch consiste nel rendere immediatamente disponibili, nella memoria cache, i file utilizzati più spesso e quelli necessari per il processo di avvio del personal computer.
Il riavvio successivo sarà un po' lento, ma quelli seguenti saranno senza dubbio più veloci

******************************

6. Svuota del suo contenuto la cartella Download

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
● elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Download contiene i file di installazione degli aggiornamenti di Windows, che possono essere eliminati senza problemi per recuperare spazio su disco e risolvere fastidiosi problemi di aggiornamenti

******************************

7. Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
● termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
● scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota: per eseguire correttamente TFC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

8. Scarica ed installa CCleaner: http://www.piriform.com/ccleaner/download
Nota - durante l'installazione: non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato ed avviato, esegui queste operazioni:
● nel menù di sinistra, clicca su Opzioni
● nella finestra successiva, clicca su Impostazioni
● spunta la voce Tipo cancellazione: Sicura (lenta) e nel menù a tendina seleziona la voce DOD 5220.22-M (3 passaggi)
● clicca su Avanzate
● togli la spunta alla voce Cancella file in Windows Temp solo se più vecchi di 24 ore e alla voce Chiedi se salvare un backup dei problemi del registro
● clicca, nel menù a sinistra, su Pulizia: nella sezione Avanzate, metti la spunta alle voci Vecchi dati Prefetch, Disinstallatori Aggiornamenti di Windows e File Log IIS
● apri, in alto, il tab Applicazioni: spunta tutte le voci presenti
● termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul bottone Analizza, per cercare i file temporanei
● clicca, in basso a destra, sul bottone Avvia Pulizia, per avviare la pulizia dei file temporanei
● nella finestra che compare, metti la spunta alla voce Non mostrare più questo messaggio, e conferma cliccando sul pulsante OK
● terminata la pulizia, nel menù a sinistra, clicca sulla voce Registro
● clicca sul bottone Trova Problemi, per avviare la ricerca delle voci di registro corrotte e danneggiate
● clicca sul bottone Ripara selezionati... e prosegui con la riparazione: la pulizia del registro ripetila più volte, fino a quando non verranno più rilevati problemi da correggere
● una volta terminate le operazioni, chiudi il programma

Nota: in Windows Seven, manca la voce Disinstallatori Aggiornamenti di Windows, e la voce Tipo cancellazione: Sicura (lenta) DOD 5220.22-M (3 passaggi) è stata sostituita dalla dicitura Sovrascrittura avanzata 83 passaggi

******************************

9. Lancia Hijackthis e pulisci gli ADS (esclusivamente su partizioni formattate in NTFS):
● clicca sulla voce Open the Misc Tools section
● clicca su Open ADS Spy..., nel tab System tools
● in alto, togli la spunta alla voce Quick scan (Windows base folder only)
● clicca, in basso, sul pulsante Scan
● attendi pazientemente il termine della scansione
● se venissero rilevati molti ADS, clicca con il tasto destro sulla prima casellina, e scegli la voce Select all
● clicca, in basso, sul pulsante Remove selected: conferma con Sì
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
● in caso avessi un sistema operativo a 64 Bit, tralascia la procedura. Fai click qui per scoprire se il tuo sistema operativo è a 32 o 64 Bit: http://support.microsoft.com/kb/827218/it

******************************

10. Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Note - riguardo al programma:
● OTC by OldTimer va eseguito solamente nel caso tu abbia utilizzato in precedenza particolari programmi che richiedono una particolare procedura di disinstallazione, come ComboFix, FindAWF, GMER, RSIT e TDSS Killer.
● per eseguire correttamente OTC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

11. Riabilita il Ripristino Configurazione di Sistema, seguendo la procedura inversa al punto 4

******************************

12. Scarica ed installa Defraggler: http://www.piriform.com/defraggler/download

Nota - durante l'installazione:
● non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato, esegui queste operazioni:
● avvia il programma con un doppio click
● seleziona con il tasto sinistro del mouse l'unità Disco Locale C:
● clicca, in basso a sinistra, sul bottone Deframmenta
● attendi pazientemente il termine delle operazioni

******************************

13. Controlla l'Hard Disk per eventuali errori


Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Esegui
● nello spazio bianco, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni
● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

Procedura per Windows Vista e Windows Seven:


● clicca sul pulsante Start
● scegli la voce Tutti i programmi
● clicca su Accessori
● clicca con il tasto destro sull'icona Prompt dei comandi, e scegli la voce Esegui come amministratore
● nello spazio nero, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni; digita ora exit, sempre nello spazio nero, per uscire dal Prompt dei comandi, e quindi premi il pulsante Invio
● una finestra DOS vuota potrebbe aprirsi sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

******************************

Note - al termine della procedura:
● riavvia il sistema
● allega un nuovo log di HijackThis
● comunica come funziona il sistema, e quali problemi riscontri attualmente

[Pippof]

Il sistema apparentemente funziona!

Accludo il log nuovo:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.39.37, on 20/05/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\USB Safely Remove\USBSafelyRemove.exe
C:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Programmi\USB Safely Remove\USBSafelyRemove.exe /startup
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8064CBE-3CAA-4D22-8722-8DC42D0785CF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Programmi\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Crystal Rich Ltd - C:\Programmi\USB Safely Remove\USBSRService.exe

--
End of file - 9485 bytes

ed il log di checkhd:

Il file system Š di tipo NTFS.
L'etichetta del volume Š WIN XP.

Avvertenza! Parametro F non specificato
CHKDSK eseguito in modalit… sola lettura.

Verifica dei file in corso (fase 1 di 3)...
Verifica degli indici in corso (fase 2 di 3)...
CHKDSK sta recuperando i file perduti.
Recupero del file orfano JETAFC1.tmp (2028) nel file di directory 249175.
Recupero del file orfano ENERGY~1.LDB (2137) nel file di directory 168133.
Recupero del file orfano EnergyLog.ldb (2137) nel file di directory 168133.
Verifica dei descrittori di protezione in corso (fase 3 di 3)...
CHKDSK sta verificando il diario USN...
Verifica del diario USN completata.
CHKDSK ha rilevato spazio libero su disco contrassegnato come allocato
nella bitmap della Tabella file master (MFT).
Correzione errori nella bitmap del volume.
Nessun problema rilevato nel file system.
Eseguire CHKDSK con l'opzione /F per le correzioni.

488384502 KB di spazio totale su disco.
47912632 KB in 219081 file.
113400 KB in 20182 indici.
0 KB in settori danneggiati.
450370 KB in uso dal sistema.
65536 KB occupati dal file registro.
439908100 KB disponibili su disco.

4096 byte in ogni unit… di allocazione.
122096125 unit… totali di allocazione su disco.
109977025 unit… di allocazione disponibili su disco.

[FrancescoFDAC]

Fixa questa voce ancora:
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

Se non riscontri problemi abbiamo finito.
Francesco

[Pippof]

Trovato qualche problemino!

[FrancescoFDAC]

Ti ho detto,
dimmi se ancora riscontri problemi, quali esattamente?

Francesco