Buongiorno.
Il mio PC portatile ha la CPU con utilizzo 90-100% sempre, la ventola lavora eccessivamente con temperatura elevatissima, tanto che a volte si spenge il portatile.
Potete verificarmi il LOG? Grazie.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.57.43, on 11/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\PDF Suite\PDFServiceEngine.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
C:\Program Files\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Iomega StorCenter\sohoclient.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculator.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\WTClient.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da MSN and Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Geom. Paolo Cecchini\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: CrossriderApp0004479 - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [PDFServiceEngine] C:\Program Files\PDF Suite\PDFServiceEngine.exe
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SnaiCalculator] C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe /Login=true
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Facebook Messenger.lnk = Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Cobian Backup Boletus (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

--
End of file - 15111 bytes

ciao hai delle infezioni dovute a toolbar installate , fai queste due scansioni

scarica adwcleaner clicca su delete e posta il log che rilascia a fine scansione

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

no non e' la stessa cosa

hai un firewall attivo per caso?

Faccio anche la scansione con ComboFix o attendo una tua risposta?

Direi che di roba ne ha trovata.
Anche la ventola gira meno.
Allego il risultato di combofix

ComboFix 12-10-11.01 - Geom. Paolo Cecchini 11/10/2012 11.54.53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2047.864 [GMT 2:00]
Eseguito da: c:\users\Geom. Paolo Cecchini\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPL32A8.tmp
c:\programdata\SPL3E42.tmp
c:\programdata\SPLAF12.tmp
c:\programdata\SPLD8F0.tmp
c:\programdata\SPLDADF.tmp
c:\programdata\SPLE8DC.tmp
c:\programdata\SPLF067.tmp
c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
c:\windows\IsUn0410.exe
c:\windows\system32\dbcdbf32.dll
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-11 al 2012-10-11 )))))))))))))))))))))))))))))))))))
.
.
2012-10-11 10:08 . 2012-10-11 10:15 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\GEOM~1~PAO\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 09:50 . 2012-10-11 09:50 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\MpKslf76a1a65.sys
2012-10-11 08:35 . 2012-10-11 08:35 388096 ----a-r- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-11 08:35 . 2012-10-11 08:35 -------- d-----w- c:\program files\Trend Micro
2012-10-11 06:35 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\mpengine.dll
2012-10-10 12:45 . 2012-05-08 11:19 18496 ----a-w- c:\windows\system32\Kara_mx.dll
2012-10-10 12:45 . 2012-03-24 14:13 16448 ----a-w- c:\windows\system32\Kara__E.dll
2012-10-10 12:45 . 2011-09-30 22:14 29784 ----a-w- c:\windows\system32\Kara_K5.dll
2012-10-10 12:45 . 2011-05-12 12:16 19008 ----a-w- c:\windows\system32\Kara_C.dll
2012-10-10 12:45 . 2009-10-20 14:34 15936 ----a-w- c:\windows\system32\Kara_ww.dll
2012-10-10 12:45 . 2009-10-20 14:32 14456 ----a-w- c:\windows\system32\Kara_v.dll
2012-10-10 12:45 . 2006-10-03 13:33 462848 ----a-w- c:\windows\system32\lame_enc.dll
2012-10-10 12:45 . 2012-10-10 15:20 -------- d-----w- C:\Edic
2012-10-10 12:44 . 2012-10-10 14:48 -------- d-----w- c:\program files\Karaoke5
2012-10-10 07:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 07:03 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:03 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 06:37 . 2012-10-09 06:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-07 19:01 . 2012-10-02 09:16 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13230FCC-9D4D-4A54-9304-E2147EDCBE9A}\gapaengine.dll
2012-10-03 09:49 . 2012-10-03 09:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Malwarebytes
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 12:25 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 20:22 . 2012-09-30 20:22 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1
2012-09-30 20:22 . 2012-09-30 20:22 -------- d-----w- c:\program files\my Picturetown
2012-09-28 10:35 . 2009-10-07 13:40 69632 ----a-w- c:\windows\system32\temp.018
2012-09-28 10:35 . 2009-10-07 13:40 266293 ----a-w- c:\windows\system32\temp.016
2012-09-28 10:35 . 2009-10-07 13:39 77878 ----a-w- c:\windows\system32\temp.017
2012-09-28 10:23 . 2012-09-28 10:23 -------- d-----w- c:\windows\system32\searchplugins
2012-09-28 10:23 . 2012-09-28 10:23 -------- d-----w- c:\windows\system32\Extensions
2012-09-28 10:22 . 2012-10-11 09:40 -------- d-----w- c:\programdata\Browser Manager
2012-09-27 20:17 . 2012-09-27 20:17 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\it.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2012-09-27 20:16 . 2012-09-27 20:17 -------- d-----w- c:\program files\myphotobook.it
2012-09-26 12:48 . 2011-03-11 08:50 401608 ----a-w- c:\windows\system32\crylic52.ocx
2012-09-26 12:48 . 2004-02-22 21:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL
2012-09-26 12:48 . 1999-03-24 09:10 102400 ----a-w- c:\windows\system32\nslock15vb6.ocx
2012-09-26 12:48 . 1999-02-23 19:49 91648 ----a-w- c:\windows\system32\nslock15vb5.ocx
2012-09-26 12:48 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-09-26 12:48 . 2010-06-05 16:19 7647232 ----a-w- c:\windows\system32\reportman.ocx
2012-09-26 12:48 . 2004-03-08 21:00 275216 ----a-w- c:\windows\system32\MSDATGRD.OCX
2012-09-26 12:48 . 1999-12-22 22:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2012-09-26 12:48 . 2012-09-26 13:13 -------- d-----w- C:\UNIVAL_1_5
2012-09-25 19:21 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 23:15 . 2012-09-24 23:15 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\Kesemoholdings_Limited
2012-09-24 23:12 . 2012-09-24 23:12 -------- d-----w- c:\programdata\SnaiCalculator
2012-09-24 23:11 . 2012-10-11 10:08 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator
2012-09-24 12:41 . 2012-09-24 13:02 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\MyHeritage
2012-09-24 12:41 . 2012-09-24 12:44 -------- d-----w- c:\programdata\MyHeritage
2012-09-24 12:41 . 2003-07-06 11:07 372736 ----a-w- c:\windows\system32\ijl15.dll
2012-09-24 12:41 . 2002-03-06 22:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2012-09-24 12:41 . 2012-09-24 12:41 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\The Complete Genealogy Reporter - FTB
2012-09-24 12:40 . 2012-09-24 12:40 -------- d-----w- c:\program files\MyHeritage
2012-09-17 16:08 . 2012-09-17 16:09 -------- d-----w- c:\program files\Google Apps Directory Sync
2012-09-15 07:59 . 2012-09-15 07:59 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\MAGIX_AG
2012-09-12 15:33 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:33 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:33 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:33 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:33 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:49 . 2012-09-12 13:49 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Thunderbird
2012-09-12 13:49 . 2012-09-12 13:49 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\Thunderbird
2012-09-12 13:49 . 2012-09-17 08:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-09-11 16:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:54 . 2012-04-02 14:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 06:54 . 2011-05-19 06:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 09:49 . 2012-07-09 15:34 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-02 09:16 . 2011-03-25 22:45 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-04 07:18 . 2012-09-04 07:18 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 18:24 . 2010-10-04 21:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-07-18 17:47 . 2012-08-15 07:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 10:50 . 2010-11-14 14:53 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"Facebook Update"="c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Akamai NetSession Interface"="c:\users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"PDFServiceEngine"="c:\program files\PDF Suite\PDFServiceEngine.exe" [2008-06-25 393216]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Geom. Paolo Cecchini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Google Calendar Sync.lnk - c:\program files\google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2010-11-9 1877328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 SQTECH913D;913D Camera;c:\windows\system32\Drivers\Capt913D.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\Drivers\TEUSBMU.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 MpKslf76a1a65;MpKslf76a1a65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\MpKslf76a1a65.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 CobianBackup10;Cobian Backup Boletus;c:\program files\Cobian Backup 10\cbService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:54]
.
2012-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1452549065-585906151-3354605193-1000Core.job
- c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:41]
.
2012-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1452549065-585906151-3354605193-1000UA.job
- c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:41]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 21:36]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 21:36]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
------- Associazioni dei file -------
.
.scr=DWGTrueViewScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
HKCU-Run-SnaiCalculator - c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Voltura 1.0 - c:\windows\IsUn0410.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d7,ba,d1,24,86,18,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-1452549065-585906151-3354605193-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,16,
2e,9c,12,8c,07,98,e4,c7,c8,3d,cb,d5,0c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,6a,a1,
89,4a,da,9a,0f,ad,6e,34,28,4f,d8,72,26
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,3b,1b,fc,6d,d4,
b8,ab,bb,a5,0e,ba,ff,d2,18,c2,b9,de,e6
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,4e,
b6,e8,57,fa,09,9f,3e,88,50,52,3f,33,e2
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,0e,
3f,50,1f,bf,55,87,15,47,d0,22,ee,8d,5a
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,3b,1b,15,cb,34,
a5,26,3b,40,0e,b2,84,4f,e0,35,91,04,17
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,3b,
51,8b,3f,11,03,8c,f8,ba,9b,00,7e,39,60
"{11111111-1111-1111-1111-110011441179}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0e,07,
0d,24,47,7a,55,0d,1c,56,40,14,0f,51,6c
"{D0F4A166-B8D4-48B8-9D63-80849FE137CB}"=hex:51,66,7a,6c,4c,1d,3b,1b,76,be,e2,
cc,e1,ee,d3,0c,81,6e,c7,c4,9a,aa,77,de
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,9e,
84,18,12,b6,0d,85,da,9b,c6,6e,a3,3d,a9
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5656)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WTClient.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-11 12:21:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-11 10:21
ComboFix2.txt 2010-02-25 10:12
.
Pre-Run: 11.794.923.520 byte disponibili
Post-Run: 12.274.020.352 byte disponibili
.
- - End Of File - - EC9379FF20A8503EB789B16B57AB44D9