Ho eseguito le tue indicazioni.
Ti invio il log di Adwcleaner,mailware bit e HjickThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:56:22, on 12/04/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Softland\FBackup 4\fbaSched.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Cobian Backup 11\Cobian.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Qlock\qlock.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Cobian Backup 11] "C:\Program Files\Cobian Backup 11\Cobian.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: qlock.lnk = C:\Program Files\Qlock\qlock.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone:
http://www.redshift.maris.comO17 - HKLM\System\CCS\Services\Tcpip\..\{6BFF2772-B973-42E8-96AD-0627B6F96425}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBA7AA67-1238-429D-B2D0-DC15B899E155}: NameServer = 62.13.173.92 62.13.173.93
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 11 Servizio Volume Shadow Copy (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Chiavetta Internet E353 21.6. OUC (Chiavetta Internet E353 21.6. RunOuc) - Unknown owner - C:\Program Files\Chiavetta Internet E353 21.6\UpdateDog\ouc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 8739 bytes
# AdwCleaner v2.200 - Logfile creato il 11/04/2013 alle 21:33:20
# Aggiornamento 02/04/2013 by Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Utente : Utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : K:\New Download\adwcleaner.exe
# Opzioni [Elimina]
***** [Servizi] *****
***** [File / Cartelle] *****
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\OpenCandy
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\pw4lsdkf.default\searchplugins\Web Search.xml
***** [Registro] *****
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Search Settings
Chiave Eliminata : HKCU\Software\SmartBar
Chiave Eliminata : HKCU\Software\Softonic
***** [Browser Internet] *****
-\\ Internet Explorer v10.0.9200.16537
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IT&userid=e9cc420b-4c35-416e-b3fc-e6089b1fead3&searchtype=ds&q={searchTerms}&installDate=29/03/2013 --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IT&userid=e9cc420b-4c35-416e-b3fc-e6089b1fead3&searchtype=ds&q={searchTerms}&installDate=29/03/2013 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IT&userid=e9cc420b-4c35-416e-b3fc-e6089b1fead3&searchtype=ds&q={searchTerms}&installDate=29/03/2013 --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0 (it)
File : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\pw4lsdkf.default\prefs.js
Eliminata : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=IT&use[...]
Eliminata : user_pref("extensions.helperbar.SmartbarDisabled", false);
Eliminata : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences
Eliminata [l.677] : urls_to_restore_on_startup = [ "hxxp://it.search.yahoo.com/?type=198484&fr=spigot-yhp-ch", "h[...]
-\\ Opera v12.15.1748.0
File : C:\Users\Utente\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] File Pulito.
*************************
AdwCleaner[R1].txt - [21590 octets] - [20/02/2013 04:58:17]
AdwCleaner[R2].txt - [21651 octets] - [20/02/2013 05:51:57]
AdwCleaner[R3].txt - [22848 octets] - [27/02/2013 17:15:23]
AdwCleaner[S1].txt - [340 octets] - [20/02/2013 05:54:46]
AdwCleaner[S2].txt - [23363 octets] - [27/02/2013 17:16:17]
AdwCleaner[S3].txt - [1440 octets] - [28/02/2013 16:52:34]
AdwCleaner[S4].txt - [2779 octets] - [11/04/2013 21:33:20]
########## EOF - C:\AdwCleaner[S4].txt - [2839 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.orgVersione database: v2013.04.11.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
Utente :: UTENTE-PC [amministratore]
11/04/2013 21:42:59
mbam-log-2013-04-11 (21-42-59).txt
Tipo di scansione: Scansione completa (C:\|E:\|F:\|G:\|I:\|J:\|K:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 463342
Tempo impiegato: 3 ore, 30 minuti, 53 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
(fine)
Grazie
Ciao