Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ciao MI controllereste il Log

Ciao MI controllereste il Log Opzioni
Topic Precedente · Topic Sucessivo
booble
Inviato: Friday, January 04, 2013 5:48:07 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
Ciao Raga , Augurandovi un Buon 2013 , potreste dirmi cosa dovrei eliminare nel log , pc lento e con problemi Grazie Mille

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:45:41, on 04/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Ra\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3175E301-1621-433C-BDD2-36A4DAB034EC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D20412B2-B079-4F45-BCD1-1827FCFD1347}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFE91344-5A2C-4D6D-9064-DDE2BBB710DB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3175E301-1621-433C-BDD2-36A4DAB034EC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{3175E301-1621-433C-BDD2-36A4DAB034EC}: NameServer = 176.31.229.24,176.31.229.25
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Ra\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ra\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9390 bytes
Torna in alto
 
Sponsor
Inviato: Friday, January 04, 2013 5:48:07 PM

 
Torna in alto
 
shapiro
Inviato: Friday, January 04, 2013 5:59:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



ciao fai queste scansione in quest'ordine


scarica adwcleaner clicca su delete/elimina e posta il log

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
Torna in alto
 
booble
Inviato: Friday, January 04, 2013 6:44:29 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
OK GRAZIE MILLE ECCO IL LOG

# AdwCleaner v2.104 - Logfile creato il 04/01/2013 alle 18:39:25
# Aggiornamento 29/12/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Ra - RA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Ra\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\FilesFrog Update Checker
Cartella Eliminato : C:\Program Files (x86)\SweetIM
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\ProgramData\SweetIM
Cartella Eliminato : C:\Users\Ra\AppData\LocalLow\SweetIM
Cartella Eliminato : C:\Users\Ra\AppData\Roaming\Microsoft\Windows\Start Menu\ProgRams\FilesFrog Update Checker
Cartella Eliminato : C:\Users\Ra\AppData\Roaming\Mozilla\Firefox\Profiles\61dcxpre.default\SweetPacksToolbarData
Cartella Eliminato : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
File Eliminato : C:\Users\Ra\AppData\Roaming\Mozilla\Firefox\Profiles\61dcxpre.default\searchplugins\SweetIm.xml
File Eliminato : C:\Users\Ra\Desktop\Check for Updates.lnk

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Somoto
Chiave Eliminata : HKCU\Software\SweetIM
Chiave Eliminata : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chiave Eliminata : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\sim-packages
Chiave Eliminata : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Chiave Eliminata : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Chiave Eliminata : HKLM\Software\PIP
Chiave Eliminata : HKLM\Software\SweetIM
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Mozilla Firefox v17.0.1 (it)

File : C:\Users\Ra\AppData\Roaming\Mozilla\Firefox\Profiles\61dcxpre.default\prefs.js

C:\Users\Ra\AppData\Roaming\Mozilla\Firefox\Profiles\61dcxpre.default\user.js ... Eliminato !

Eliminata : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10001&q=");
Eliminata : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Eliminata : user_pref("sweetim.toolbar.Visibility.enable", "true");
Eliminata : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Eliminata : user_pref("sweetim.toolbar.cargo", "3.1010000.10001");
Eliminata : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.ht[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Eliminata : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Eliminata : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Eliminata : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.mode.debug", "false");
Eliminata : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
Eliminata : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Eliminata : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Eliminata : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Eliminata : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Eliminata : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Eliminata : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Eliminata : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.2.callback", "");
Eliminata : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Eliminata : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Eliminata : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Eliminata : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Eliminata : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Eliminata : user_pref("sweetim.toolbar.search.history.capacity", "10");
Eliminata : user_pref("sweetim.toolbar.simapp_id", "{843620C5-220F-11E2-BA46-20CF30441FD1}");
Eliminata : user_pref("sweetim.toolbar.version", "1.6.0.3");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Ra\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [11028 octets] - [04/01/2013 18:39:25]

########## EOF - C:\AdwCleaner[S1].txt - [11089 octets] ##########
Torna in alto
 
booble
Inviato: Friday, January 04, 2013 7:07:11 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
http://wikisend.com/download/255286/OTL.Txt
http://wikisend.com/download/175854/Extras.Txt
Torna in alto
 
shapiro
Inviato: Friday, January 04, 2013 8:58:08 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
apri otl e copia sotto "Custom Scans\Fixes" questo codice ( non copiare Code:)

Code:
:OTL
SRV - (PowerOffer Service) -- C:\Users\Ra\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\Ra\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
CHR - homepage: http://search.findeer.com/
CHR - homepage: http://search.findeer.com/
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3175E301-1621-433C-BDD2-36A4DAB034EC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D20412B2-B079-4F45-BCD1-1827FCFD1347}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFE91344-5A2C-4D6D-9064-DDE2BBB710DB}: NameServer = 176.31.229.24,176.31.229.25
[2013/01/02 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\ServUpdater
[2013/01/02 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\PowerOffer
[2013/01/02 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ra\AppData\Local\PosService

:files
C:\Users\Ra\AppData\Roaming\Wobeo
C:\Users\Ra\AppData\Roaming\Ocmy
C:\Users\Ra\AppData\Roaming\Cixi
C:\Users\Ra\AppData\Roaming\xWeasel
ipconfig /flushdns /c

:commands
[purity]
[Reboot]





premi run fix e allega il log che rilascia


queste cartelle in grassetto controllale se non le conosci eliminale

C:\Users\Ra\AppData\Roaming\Easypano Panoweaver

C:\Users\Ra\AppData\Roaming\.ptbt0

C:\Users\Ra\AppData\Local\SID_Finder



fai anche questa scansione


Scarica Combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
Torna in alto
 
booble
Inviato: Saturday, January 05, 2013 11:39:56 AM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
Grazie ancora ora va bene , ti allego il rapporto del combofix , quello del otl non sono riuscito a trovarlo ma ho eseguito il registro che mi hai dato
ComboFix 13-01-05.01 - Ra 05/01/2013 11:30:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3884.2249 [GMT 1:00]
Eseguito da: c:\users\Ra\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
D:\ucnh.pif
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-05 al 2013-01-05 )))))))))))))))))))))))))))))))))))
.
.
2013-01-05 10:36 . 2013-01-05 10:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-05 10:36 . 2013-01-05 10:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 10:21 . 2013-01-05 10:21 -------- d-----w- C:\_OTL
2013-01-04 17:36 . 2013-01-04 17:36 -------- d-----w- c:\program files (x86)\DsNET Corp
2013-01-04 17:26 . 2013-01-04 18:11 -------- d-----w- C:\WII 4.3
2013-01-02 22:31 . 2013-01-02 22:31 -------- d-----w- C:\file per sdwii1
2013-01-02 14:36 . 2013-01-02 14:40 -------- d-----w- C:\Downloads
2013-01-02 14:36 . 2013-01-03 10:42 -------- d-----w- c:\program files (x86)\UltraTorrent
2013-01-01 18:22 . 2013-01-01 18:22 -------- d-----w- C:\THM
2013-01-01 18:22 . 2013-01-01 18:25 -------- d-----w- c:\program files (x86)\Winnydows
2013-01-01 18:13 . 2013-01-01 18:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-12-21 21:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-11 21:35 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-11 21:34 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-11 21:34 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 20:30 . 2012-09-10 19:20 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-12-21 21:28 . 2012-09-10 19:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-21 21:28 . 2012-09-10 19:29 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 21:51 . 2012-09-11 15:12 67413224 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-8-25 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-8-25 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 CH341SER_A64;CH341SER_A64;c:\windows\system32\Drivers\CH341S64.SYS [2011-11-04 58368]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-11 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-12 24680]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-06-05 27760]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-02 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 21:28]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 20:20]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-25 20:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ra\AppData\Roaming\Mozilla\Firefox\Profiles\61dcxpre.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.ftp - 212.138.84.62
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 212.138.84.62
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 212.138.84.62
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 212.138.84.62
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
AddRemove-mIRC - c:\users\Ra\Desktop\miracleB.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Ra\AppData\Local\PowerOffer\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-01-05 11:38:30
ComboFix-quarantined-files.txt 2013-01-05 10:38
.
Pre-Run: 118.386.581.504 byte disponibili
Post-Run: 118.707.535.872 byte disponibili
.
- - End Of File - - D7A52BAA0689F194048E96129C90216B
Torna in alto
 
booble
Inviato: Saturday, January 05, 2013 8:21:08 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
GRAZIE DI CUORE SAPHIRO ! BUON PROSEGUIMENTO CIAOO
Torna in alto
 
enziko
Inviato: Tuesday, January 15, 2013 10:09:19 PM
Rank: Newbie

Iscritto dal : 1/15/2013
Posts: 2
ciao Saphiro ho lo stesso problema di Booble e ho tentato di seguire la stessa procedura che gli hai suggerito, ma temo di non essere abbastanza esperto... mi blocco al salvare il file txt su link
Torna in alto
 
enziko
Inviato: Tuesday, January 15, 2013 10:11:41 PM
Rank: Newbie

Iscritto dal : 1/15/2013
Posts: 2
scusa intendevo dire che mi bloccavo al salvataggio su wikisend... perché non so cosa sia
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Ciao MI controllereste il Log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.