Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Scansione con Hijack Opzioni
jambo21
Inviato: Sunday, June 23, 2013 8:56:08 PM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
Ciao,
avrei bisogno di una mano per risolvere alcuni problemi che riscontro nel mio pc molto probabilmente dovuti ad un trojan.
in particolare continua a venirmi fuori messaggi di nod32 che trova dei virus e mentre alcuni li cancella o li mette in quarantena, altri(in particolare un tipo di virus "Win64/patched.A.Gen trojan"), mi da errore quando prova ad eliminarli!! in più ho notato che quando cerco di accedere a google.it nella pagine mi viene il seguente messaggio di errore:
"Il certificato di sicurezza del server è stato revocato!
Hai tentato di accedere a www.google.it ma il server ha presentato un certificato revocato dall'autorità di certificazione. Ciò significa che le credenziali di sicurezza presentate dal server non sono assolutamente attendibili. Potresti avere stabilito una comunicazione con un utente malintenzionato.
Non puoi procedere perché l'operatore del sito web ha richiesto maggiore sicurezza per questo dominio.
Torna nell'area protetta
Ulteriori informazioni"
Dopo aver letto di questo programma (Hijack)sono entrato nel pc in modalità provvisoria e dopo averlo installato ho ottenuto il seguente output:



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:19, on 23/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (file missing)
O2 - BHO: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O3 - Toolbar: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Widget vodafone.lnk = C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {094db296-cccb-40e1-82c4-e6cfcdadc80a} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuestBrowse Service - Unknown owner - C:\ProgramData\QuestBrwSearch\questbrowse127.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19722 bytes



Grazie mille in anticipo per l'aiuto!!!
Sponsor
Inviato: Sunday, June 23, 2013 8:56:08 PM

 
cbbusto
Inviato: Sunday, June 23, 2013 11:36:41 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, nel pc vi sono un sacco di porcherie.
Fai questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina", non cliccare su Cerca.
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi rifai una scansione con HJT, la devi fare in mod. normale non in provvisoria, e posta il log. Speak to the hand
jambo21
Inviato: Monday, June 24, 2013 12:52:24 AM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
# AdwCleaner v2.303 - Logfile creato il 24/06/2013 alle 00:40:46
# Aggiornamento 08/06/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Utente - UTENTE-TOSH
# Modalità Avvio : Modalità Provvisoria con rete
# Eseguito da : C:\Users\Utente\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****

Fermato & Eliminato : QuestBrowse Service

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\DAEMON Tools Toolbar
Cartella Eliminato : C:\Program Files (x86)\HBLite
Cartella Eliminato : C:\Program Files (x86)\HomeTab
Cartella Eliminato : C:\Program Files (x86)\ShopperReports3
Cartella Eliminato : C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Cartella Eliminato : C:\ProgramData\HBLiteSA
Cartella Eliminato : C:\ProgramData\InstallMate
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
Cartella Eliminato : C:\ProgramData\Trymedia
Cartella Eliminato : C:\Users\Utente\AppData\Local\PackageAware
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\boost_interprocess
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\HomeTab
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\SimplyTech
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\HBLite
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\HomeTab
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\SendSpace
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\ShopperReports3
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\SimplyTech
File Eliminato : C:\END
File Eliminato : C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\3oc5p202.default\searchplugins\Web Search.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\ShopperReports3
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\hblitesa
Chiave Eliminata : HKCU\Software\HomeTab
Chiave Eliminata : HKCU\Software\Imesh
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Chiave Eliminata : HKCU\Software\ShopperReports3
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{7025E484-D4B0-441A-9F0B-69063BD679CE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{8258B35C-05B8-4C0E-9525-9BCCC70F8F2D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{A89256AD-EC17-4A83-BEF5-4B8BC4F39306}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BRNstIE.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\CmndFF.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\mozillaps.dll
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\Pltfrm.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Chiave Eliminata : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Chiave Eliminata : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chiave Eliminata : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\hbliteax.info
Chiave Eliminata : HKLM\SOFTWARE\Classes\hbliteax.info.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\hbliteax.userprofiles
Chiave Eliminata : HKLM\SOFTWARE\Classes\hbliteax.userprofiles.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.AsyncReporter.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Dwnldr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbAx
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbAx.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbGuru.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.HbInfoBand.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.IEButton
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.IEButton.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.IEButtonA.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.MozillaNvgtnTrpr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.MozillaPSExecuter.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.ReportData
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.ReportData.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Reporter
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Reporter.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.RprtCtrl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Scopes
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Scopes.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Stock
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.Stock.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiate.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerImmidiateOrRandomTS.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay
Chiave Eliminata : HKLM\SOFTWARE\Classes\ShopperReports.TriggerOnceInDay.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20}
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.Band
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.Band.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Chiave Eliminata : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Chiave Eliminata : HKLM\Software\HBLite
Chiave Eliminata : HKLM\Software\Imesh
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4D03-A0CF-8203604C3DA6}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483C-A137-731E8F113DD5}
Chiave Eliminata : HKLM\Software\QuestBrowse
Chiave Eliminata : HKLM\Software\ShopperReports3
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{09325003-167C-483D-A4BA-8B3122ABB432}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{396CFC12-932D-496B-A0A8-5D7201E105E1}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69d3f709-9de2-479f-980f-532d46895703}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6DD76B7B-6423-4DF0-9A07-84A6CAD973A0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{74C22317-5B90-471F-9AD2-FEC049870A16}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6CFB6A-9227-4BB8-B941-F2B067E76F51}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A16AD1E9-F69A-45AF-9462-B1C286708842}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AB0EE208-DF60-4FA7-A617-C4269760033E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C9CCBB35-D123-4A31-AFFC-9B2933132116}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E12AEAB6-7D12-4C07-8E36-5892EFB4DAFB}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E2F2C137-A782-4FB5-81AF-086156F5EB0A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3A32DF2-7413-4FB1-B575-1AC920A17B76}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cfd485f0-96bd-47cd-bb6d-cd7dda95f102}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Chiave Eliminata : HKLM\SOFTWARE\Software
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [hblite@hblite.com]
Valore Eliminata : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ShopperReports@ShopperReports.com]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Browser Internet] *****

-\\ Internet Explorer v10.0.9200.16611

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=46362&st=bs&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&q=%s --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=46362&st=bs&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&q=%s --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (it)

File : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\3oc5p202.default\prefs.js

Eliminata : user_pref("browser.search.defaultengine", "Web Search");
Eliminata : user_pref("browser.search.defaultenginename", "Web Search");
Eliminata : user_pref("browser.search.order.1", "Web Search");
Eliminata : user_pref("browser.search.selectedEngine", "Web Search");
Eliminata : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=137150442[...]

-\\ Google Chrome v28.0.1500.52

File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [26865 octets] - [24/06/2013 00:40:46]

########## EOF - C:\AdwCleaner[S1].txt - [26926 octets] ##########
jambo21
Inviato: Monday, June 24, 2013 1:00:54 AM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:19, on 23/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=46362&tid=3887&ver=3.2&ts=1371504424057&tguid=46362-3887-1371504424057-797C2386B6B2E834FAFD7A4121F1D2FD&st=chrome&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ShopperReports - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files (x86)\iMesh Applications\MediaBar\DataMngr\IEBHO.dll (file missing)
O2 - BHO: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O3 - Toolbar: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Widget vodafone.lnk = C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {094db296-cccb-40e1-82c4-e6cfcdadc80a} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files (x86)\ShopperReports3\bin\3.1.22.0\ShopperReports.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuestBrowse Service - Unknown owner - C:\ProgramData\QuestBrwSearch\questbrowse127.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19722 bytes
jambo21
Inviato: Monday, June 24, 2013 1:03:20 AM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
solo HJT prima di iniziare la scansione mi dice "for some reason your system denied write access to the hosts file. if any hijacked domains are in this file, hijackthis may NOT be able to fix this"
jambo21
Inviato: Monday, June 24, 2013 9:10:28 AM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
Riposto il log di HJT dopo averlo fatto partire come amministratore in modalità normale!! errore mio quello di prima



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:08:56, on 24/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\ProgramData\GameXN\GameXNGO.exe
C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
C:\Users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)
O3 - Toolbar: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll (file missing)
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Widget vodafone.lnk = C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {094db296-cccb-40e1-82c4-e6cfcdadc80a} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17124 bytes
cbbusto
Inviato: Monday, June 24, 2013 11:00:05 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Chiudi tutti i programmi e disconnesso lanci HJT in modalità normale e come amministratore, poi clicca sul secondo pulsante: Do a system scan only metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

O2 - BHO: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll (file missing)

O2 - BHO: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)

O3 - Toolbar: MediaBar - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll (file missing)

O3 - Toolbar: HomeTab - {695032fe-7b89-4440-8d2c-e5a86b756674} - C:\Users\Utente\AppData\Roaming\HomeTab\HomeTab.dll (file missing)

O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

O4 - HKCU\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

O4 - HKCU\..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup

O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Utente\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')

O4 - Startup: Widget vodafone.lnk = C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe

Tutte le voci 04 sono sw in avvio automatico, inutili, i programmi non vengono toccati ma viene disattivato solo l'avvio.

PS- Se non conosci questi 2 programmi ci sarebbero i 2 servizi da disabilitare:
Sentinel HASP License Manager (hasplms) - hasplms.exe
SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

Per disabilitare i servizi: “Start“, si digita “services.msc“, invio, scorri la lista e cerca queste voci:
hasplms.exe e SpyHunter 4 Service SH4SER~1.EXE, fai doppio clic su ogni voce e poi in Tipo di avvio metti Disabilitato, ok esci.
Poi fai una pulizia con Ccleaner, QUI scegli la prima voce Win.exe 32/64 bit, polisci anche il Registro, per il registro spunta tutte le voci.
Fammi sapere se tutto a posto, il pc dovrebbe essere più veloce. Ciao
jambo21
Inviato: Monday, June 24, 2013 11:17:34 AM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
Ok, ho fatto quello che mi hai detto! solo continua a darmi avvisi di file infettati e messi in quarantena o eliminati! l'unico mio dubbio è relativo al file services.exe che credo sia un file di sistema e che quindi nod32 non riesce ad eliminare/riparare!
cbbusto
Inviato: Monday, June 24, 2013 11:40:47 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
jambo21 ha scritto:
Ok, ho fatto quello che mi hai detto! solo continua a darmi avvisi di file infettati e messi in quarantena o eliminati! l'unico mio dubbio è relativo al file services.exe che credo sia un file di sistema e che quindi nod32 non riesce ad eliminare/riparare!


Potrebbe trattarsi di una variante del rootkit zeroAccess , fai così:

Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop. (è obligatorio)
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.
Doppio click su combofix.exe (se usi Vista o win 7: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Ciao

jambo21
Inviato: Monday, June 24, 2013 4:06:42 PM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
ComboFix 13-06-24.01 - Utente 24/06/2013 15:15:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3959.2067 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\L\00000004.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\L\201d3dde
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\L\6715e287
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\L\76603ac3
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\00000004.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\00000008.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\000000cb.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\80000000.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\80000032.@
c:\windows\Installer\{cd4b62bd-9b28-897e-3087-ce648ee390e2}\U\80000064.@
.
La copia infetta di c:\windows\system32\services.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-05-24 al 2013-06-24 )))))))))))))))))))))))))))))))))))
.
.
2013-06-24 09:37 . 2013-06-24 09:37 -------- d-----w- c:\program files\CCleaner
2013-06-23 22:59 . 2013-06-23 22:59 388096 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-23 18:47 . 2013-06-23 18:47 -------- d-----w- c:\program files (x86)\Trend Micro
2013-06-23 10:26 . 2012-06-22 10:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-06-23 10:26 . 2013-06-23 10:26 -------- d-----w- C:\sh4ldr
2013-06-23 10:26 . 2013-06-23 10:26 110080 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconF7A21AF7.exe
2013-06-23 10:26 . 2013-06-23 10:26 110080 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\IconD7F16134.exe
2013-06-23 10:26 . 2013-06-23 10:26 110080 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{BCD55450-77AC-4347-B24F-654B1189F8D4}\Icon1226A4C5.exe
2013-06-23 10:26 . 2013-06-23 10:26 -------- d-----w- c:\program files\Enigma Software Group
2013-06-23 10:26 . 2013-06-23 10:26 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-22 14:09 . 2013-06-22 14:09 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-06-21 07:28 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{489CF59D-6AE3-46EA-9880-76C62F8E5182}\mpengine.dll
2013-06-17 21:50 . 2013-06-17 21:50 -------- d-----w- c:\programdata\StarApp
2013-06-17 21:27 . 2013-06-13 03:58 31816 ----a-w- c:\windows\Launcher.exe
2013-06-17 21:16 . 2013-06-20 13:46 -------- d-----w- c:\program files (x86)\BlueStacks
2013-06-17 21:14 . 2013-06-17 21:16 -------- d-----w- c:\programdata\BlueStacks
2013-06-13 08:09 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-13 08:08 . 2013-06-13 08:08 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-12 11:23 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 11:23 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 11:23 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-06-12 11:23 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 11:23 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-12 11:23 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-12 11:23 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 11:22 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 11:22 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-12 11:22 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 11:22 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 11:22 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 11:22 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 11:22 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-06-12 11:22 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-12 11:22 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-12 11:22 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-06-12 11:22 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 11:22 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-05 09:14 . 2013-06-05 09:14 -------- d-----w- c:\users\Utente\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 08:10 . 2011-07-05 20:59 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-13 08:08 . 2013-01-13 19:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 08:08 . 2013-01-13 19:18 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 01:39 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-11 15:27 . 2013-05-11 15:27 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-11 15:27 . 2013-05-11 15:27 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-11 15:27 . 2013-05-11 15:27 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-11 15:27 . 2013-05-11 15:27 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-11 15:27 . 2013-05-11 15:27 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-11 15:27 . 2013-05-11 15:27 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-11 15:27 . 2013-05-11 15:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-11 15:27 . 2013-05-11 15:27 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-11 15:27 . 2013-05-11 15:27 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-11 15:27 . 2013-05-11 15:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-11 15:27 . 2013-05-11 15:27 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-11 15:27 . 2013-05-11 15:27 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-11 15:27 . 2013-05-11 15:27 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-11 15:27 . 2013-05-11 15:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-11 15:27 . 2013-05-11 15:27 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-11 15:27 . 2013-05-11 15:27 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-11 15:27 . 2013-05-11 15:27 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-11 15:27 . 2013-05-11 15:27 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-11 15:27 . 2013-05-11 15:27 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-11 15:27 . 2013-05-11 15:27 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-11 15:27 . 2013-05-11 15:27 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-11 15:27 . 2013-05-11 15:27 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-11 15:27 . 2013-05-11 15:27 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-11 15:27 . 2013-05-11 15:27 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-11 15:27 . 2013-05-11 15:27 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-11 15:27 . 2013-05-11 15:27 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-11 15:27 . 2013-05-11 15:27 441856 ----a-w- c:\windows\system32\html.iec
2013-05-11 15:27 . 2013-05-11 15:27 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-11 15:27 . 2013-05-11 15:27 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-11 15:27 . 2013-05-11 15:27 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-11 15:27 . 2013-05-11 15:27 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-11 15:27 . 2013-05-11 15:27 235008 ----a-w- c:\windows\system32\url.dll
2013-05-11 15:27 . 2013-05-11 15:27 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-11 15:27 . 2013-05-11 15:27 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-11 15:27 . 2013-05-11 15:27 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-11 15:27 . 2013-05-11 15:27 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-11 15:27 . 2013-05-11 15:27 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-11 15:27 . 2013-05-11 15:27 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-11 15:27 . 2013-05-11 15:27 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-11 15:27 . 2013-05-11 15:27 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-11 15:27 . 2013-05-11 15:27 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-11 15:27 . 2013-05-11 15:27 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-11 15:27 . 2013-05-11 15:27 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-11 15:27 . 2013-05-11 15:27 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-11 15:27 . 2013-05-11 15:27 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-11 15:27 . 2013-05-11 15:27 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-11 15:27 . 2013-05-11 15:27 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-11 15:27 . 2013-05-11 15:27 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-11 15:27 . 2013-05-11 15:27 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-02 00:06 . 2011-01-16 19:23 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 18:55 . 2013-04-14 18:55 108848 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{32df31d2-9751-425f-ab51-eec25cf7296a}\ARPPRODUCTICON.exe
2013-04-13 05:49 . 2013-05-15 13:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 13:03 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 13:03 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 13:03 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
.
c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Utente\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys;c:\windows\SYSNATIVE\DRIVERS\epfwtdir.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys;c:\windows\SYSNATIVE\drivers\CHDMI64.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-13 08:08]
.
2013-06-24 c:\windows\Tasks\dsmonitor.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-22 13:47]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 17:13]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 17:13]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771324008-2948422553-4049216058-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 18:23]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771324008-2948422553-4049216058-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-15 18:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Utente\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1923640]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = about:newtab
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{094db296-cccb-40e1-82c4-e6cfcdadc80a} - {695032fe-7b89-4440-8d2c-e5a86b756674} -
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\3oc5p202.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-06-18 12:08; {5bc65ab3-ddbf-4441-87e4-19ab3453124d}; c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\3oc5p202.default\extensions\{5bc65ab3-ddbf-4441-87e4-19ab3453124d}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-Dishonored_is1 - c:\program files (x86)\Bethesda Softworks\Dishonored\unins000.exe
AddRemove-Hitman Absolution_is1 - c:\games\Hitman Absolution\unins000.exe
AddRemove-iMesh MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\UnwiseLauncher.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{675DD1E6-637A-4F0E-B6DE-26F45CC26092}_is1 - c:\program files (x86)\Ubisoft\Assassin's Creed II\unins000.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
AddRemove-{D42A4C46-79BD-F547-8636-2612E31DF411} - c:\progra~3\INSTAL~1\{E1BA3~1\Setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*p*3*[æe1\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*,Øås]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*m*,Øås\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Óq9]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*Óq9\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\Tears For Fears - Laid So Low (Tears Roll Down).mp3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\Tears For Fears - Laid So Low (Tears Roll Down).mp3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\The Asteroids Galaxy Tour - Around the Bend.flac*p3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\The Asteroids Galaxy Tour - Around the Bend.flac*p3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\The Asteroids Galaxy Tour - The Golden Age.flac]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€«ding a new MRL to recent ones: c:\users\Utente\Desktop\Music 2.0\Music\The Asteroids Galaxy Tour - The Golden Age.flac\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€Ê$0]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2771324008-2948422553-4049216058-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**€Ê$0\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\BlueStacks\HD-Service.exe
c:\program files (x86)\BlueStacks\HD-Network.exe
c:\program files (x86)\BlueStacks\HD-BlockDevice.exe
c:\program files (x86)\BlueStacks\HD-SharedFolder.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Ora fine scansione: 2013-06-24 15:59:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-06-24 13:59
.
Pre-Run: 81.393.430.528 byte disponibili
Post-Run: 80.899.026.944 byte disponibili
.
- - End Of File - - F97FC9CE36014B004E20AD79EAEDC022
D41D8CD98F00B204E9800998ECF8427E




Invece Grazie mille per il tuo aiuto!!:)
cbbusto
Inviato: Monday, June 24, 2013 4:23:47 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
L'infezione service.exe è stata eliminata, il pc dovrebbe essere a posto.
Per rimuovere Combofix:
Scarica OTC by OldTimer http://oldtimer.geekstogo.com/OTC.exe scaricalo sul desktop, eseguilo, Clicca su CleanUp.
Alla richiesta di riavvio clicca SI
Poi vai in C ed elimina la cartella qoobox.

Per eliminare ADW apri il programma e clicca su disinstalla.
Ciao
jambo21
Inviato: Monday, June 24, 2013 4:28:41 PM
Rank: Newbie

Iscritto dal : 6/23/2013
Posts: 8
Sto usando il PC da un'oretta e fatto partire una scansione con nod32 (che non si sa mai) e in effetti non mi da più avvisi di virus o altro!! dovrebbe essere tutto risolto!:)
Grazie davvero per l'aiuto e la disponibilità!!
Ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.