Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Pagina che si apre da sola in internet exp.. controllo log Opzioni
soloferrari
Inviato: Tuesday, June 19, 2012 11:57:17 AM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
Pidue ho provato a cercare nella schermata di apertura "safe mode" ma non c'è... ci sono altri termini che potrei cercare?
Ho W7.....
soloferrari
Inviato: Tuesday, June 19, 2012 12:01:16 PM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
Ho scaricato il programmino che indica questo sito e neanche con quello si avvia in modalità provvisoria :-)
a.roselli
Inviato: Tuesday, June 19, 2012 1:03:02 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,056
Se il PC non si riavvia in modalità provvisoria significa che i file di sistema sono stati danneggiati, provvedi a fare le copie di riserva dei dati e reinstalla il sistema operativo.



alfonso_aiutamici@hotmail.it

r16
Inviato: Tuesday, June 19, 2012 7:10:35 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Salve.
Commenta:
premendo f8 all'avcvio appaiono tutta una serie di dati infinita in inglese

Perchè probabilmente hai sbagliato a cliccare f8
f8, lo devi "picchettare" alla seconda schermata dell'avvio, prima che carichi il Sistema Operativo. (Windows)
Sempre probabilmente, sei entrato nel Bios, invece della Modalità provvisoria.

Per eliminare le voci segnalate da cbbusto hai provato ad eseguire HijackThis come Amministratore?
Per eseguire HJT come amministratore:
Clicca con il tasto destro sopra l'icona di HijackThis, e scegli: Esegui come Amministratore.
Poi prova a eliminare quelle voci.

Poi per eliminare definitivamente l'infezione serve una scansione con Combofix.

Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obbligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista o Seven: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.






soloferrari
Inviato: Wednesday, June 20, 2012 12:07:16 AM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434

ComboFix 12-06-19.03 - Pierpaolo 19/06/2012 23:51:56.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8174.6582 [GMT 2:00]
Eseguito da: c:\users\Pierpaolo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\sqlite3.dll
c:\users\PIERPA~1\AppData\Local\Temp\{3555AB49-54B1-41FC-B158-CD88C5694B5D}\fpb.tmp
c:\users\Pierpaolo\AppData\Local\Temp\{3555AB49-54B1-41FC-B158-CD88C5694B5D}\fpb.tmp
c:\users\Pierpaolo\AppData\Local\unins000.exe
c:\users\Pierpaolo\AppData\Roaming\Microsoft\Windows\Recent\windspro.url
c:\users\Pierpaolo\AppData\Roaming\OfferBox
c:\users\Pierpaolo\AppData\Roaming\OfferBox\config.xml
c:\users\Pierpaolo\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Pierpaolo\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Pierpaolo\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Pierpaolo\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Pierpaolo\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-19 al 2012-06-19 )))))))))))))))))))))))))))))))))))
.
.
2012-06-19 21:55 . 2012-06-19 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 21:23 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75E0D99C-8C7B-4562-B7DB-47FBBAF8193F}\mpengine.dll
2012-06-18 16:35 . 2012-05-08 08:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 10:15 . 2012-06-15 10:15 -------- d-----w- c:\program files\Recuva
2012-06-15 08:21 . 2012-06-15 08:21 -------- d-----w- c:\program files\CCleaner
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 06:10 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 05:33 . 2012-06-14 05:33 16200 ----a-w- c:\windows\stinger.sys
2012-06-14 05:33 . 2012-06-14 06:09 -------- d-----w- c:\program files (x86)\stinger
2012-06-13 15:36 . 2012-06-13 15:36 388096 ----a-r- c:\users\Pierpaolo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 15:36 . 2012-06-13 15:36 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{262E38A7-2B50-4C4D-87E0-EBEB44F84D33}\gapaengine.dll
2012-06-12 20:06 . 2012-06-13 06:31 -------- d-----w- c:\programdata\Norton
2012-06-12 18:01 . 2012-06-12 18:02 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-12 10:30 . 2012-06-12 10:30 -------- d-----w- c:\users\Catia
2012-06-12 10:28 . 2012-06-12 10:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:25 . 2012-06-11 11:25 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Facebook
2012-06-03 11:21 . 2012-06-03 11:21 -------- d-----w- c:\programdata\TomTom
2012-06-03 11:20 . 2012-06-03 12:30 -------- d-----w- C:\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:43 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:20 -------- d-----w- c:\program files (x86)\TurboPOI
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Local\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-03 10:54 . 2012-06-03 11:17 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012 Demo
2012-05-29 10:51 . 2012-05-29 10:51 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-29 10:49 . 2012-06-09 17:39 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\HpUpdate
2012-05-29 10:49 . 2012-05-29 10:49 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-29 10:45 . 2012-05-29 18:51 -------- d-----w- c:\programdata\TrackMania
2012-05-29 10:38 . 2012-05-29 10:39 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-05-29 05:15 . 2012-06-19 06:16 -------- d-----w- c:\users\Pierpaolo\AppData\Local\ServUpdater
2012-05-29 05:15 . 2012-05-29 05:48 -------- d-----w- c:\users\Pierpaolo\AppData\Local\PosService
2012-05-29 05:15 . 2012-05-29 05:15 -------- d-----w- c:\users\Pierpaolo\AppData\Local\PowerOffer
2012-05-28 11:46 . 2012-05-28 11:46 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Need for Speed World
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Electronic_Arts_Inc
2012-05-28 11:16 . 2012-05-28 11:16 -------- d--h--w- c:\programdata\Common Files
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\programdata\Electronic Arts
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-05-28 06:04 . 2012-05-29 05:16 -------- d-----w- c:\users\Pierpaolo\AppData\Local\SoftwareUpdater
2012-05-28 05:55 . 2012-05-28 06:09 -------- d-----w- c:\program files (x86)\Tuto4PC
2012-05-28 05:55 . 2012-05-28 05:55 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Tuto4PC
2012-05-28 05:54 . 2012-05-28 05:57 -------- d-----w- c:\program files (x86)\Babylon
2012-05-28 05:54 . 2012-05-28 05:54 -------- d-----w- c:\program files\Babylon
2012-05-26 14:04 . 2012-05-28 11:12 108 ----a-w- C:\user.js
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\programdata\Synetic
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\program files (x86)\Ferrari Virtual Race
2012-05-26 09:17 . 2012-05-26 09:38 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Roblox
2012-05-24 11:49 . 2012-05-25 15:11 -------- d-----w- c:\program files (x86)\SweetIM
2012-05-23 17:10 . 2012-05-23 17:12 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Microsoft Games
2012-05-23 16:39 . 2012-05-29 10:41 -------- d-----w- c:\program files (x86)\SimBin
2012-05-23 15:48 . 2012-05-24 07:40 -------- d-----w- c:\program files (x86)\Iminent
2012-05-23 15:47 . 2012-05-23 17:02 -------- d-----w- c:\program files (x86)\Rigs of Rods 0.38
2012-05-22 14:08 . 2012-06-11 09:27 -------- d--h--w- c:\users\Pierpaolo\AppData\Roaming\TempMods
2012-05-22 10:08 . 2012-05-22 10:08 -------- d-----w- c:\programdata\HP Product Assistant
2012-05-22 10:07 . 2012-05-22 10:07 -------- d-----w- c:\windows\SysWow64\spool
2012-05-22 10:06 . 2012-05-22 10:06 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-05-21 11:39 . 2012-05-21 11:39 -------- d-----w- c:\windows\hpoj4500g510g-m
2012-05-21 09:20 . 2012-05-21 09:20 -------- d-----w- c:\programdata\NCH Software
2012-05-21 08:40 . 2012-05-21 08:40 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Canneverbe Limited
2012-05-21 08:40 . 2012-05-21 08:40 -------- d-----w- c:\programdata\Canneverbe Limited
2012-05-21 08:40 . 2012-05-21 08:40 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-05-21 06:55 . 2012-05-21 06:55 -------- d-----w- c:\programdata\WEBREG
2012-05-21 06:55 . 2012-05-21 11:11 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\HP
2012-05-21 06:55 . 2012-05-21 06:55 -------- d-----w- c:\users\Pierpaolo\AppData\Local\HP
2012-05-21 06:54 . 2009-06-08 23:48 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp092.dll
2012-05-21 06:52 . 2012-05-21 06:52 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Yahoo!
2012-05-21 06:52 . 2012-05-23 09:59 -------- d-----w- c:\program files (x86)\Yahoo!
2012-05-21 06:49 . 2012-05-21 06:49 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-05-21 06:49 . 2012-05-21 06:49 -------- d-----w- c:\windows\hpoj4500g510n-z
2012-05-21 06:48 . 2009-05-26 17:32 902656 ----a-w- c:\windows\system32\hpwwiax9.dll
2012-05-21 06:48 . 2009-05-26 17:32 742912 ----a-w- c:\windows\system32\hpwtscl5.dll
2012-05-21 06:48 . 2009-05-26 17:32 503296 ----a-w- c:\windows\system32\hpwvst01.dll
2012-05-21 06:48 . 2009-05-18 21:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-05-21 06:48 . 2009-05-21 13:14 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-05-21 06:48 . 2009-06-08 23:48 136704 ----a-w- c:\windows\system32\hpf3l092.dll
2012-05-21 06:47 . 2012-05-29 10:49 -------- d-----w- c:\program files (x86)\HP
2012-05-21 06:40 . 2012-05-22 10:08 -------- d-----w- c:\programdata\HP
2012-05-21 06:36 . 2012-05-21 06:36 -------- d-----w- c:\program files (x86)\Common Files\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 10:28 . 2012-03-23 22:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 11:09 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 15:52 . 2012-04-04 15:52 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-04-04 15:52 . 2012-04-04 15:52 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-25 20:53 . 2012-03-25 20:53 2785840 ----a-w- c:\windows\system32\auto_reactivate.exe
2012-03-24 07:43 . 2012-03-24 07:43 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-03-24 07:43 . 2012-03-23 22:56 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-03-24 07:43 . 2012-03-24 07:43 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-03-24 07:42 . 2012-03-24 07:42 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-03-23 22:37 . 2012-03-23 22:37 8192 ----a-w- c:\windows\SysWow64\srvany.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 ServUpdater;Serv Updater;c:\users\Pierpaolo\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-05-02 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Simraceway Update Service;Simraceway Update Service;c:\program files (x86)\SimracewayUpdater\SRWUpdate.exe [2012-06-04 925696]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-24 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 PowerOffer Service;Pos Service;c:\users\Pierpaolo\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
S2 SoftwareUpd;Software Upd;c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-10-14 395096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 1271552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E479AC3-EC1F-4970-9459-E63A528B5551}: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-Tutorials - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Pierpaolo\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-20 00:00:07 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-19 22:00
.
Pre-Run: 457.302.392.832 byte disponibili
Post-Run: 457.084.719.104 byte disponibili
.
- - End Of File - - 87BD36E081485D1585E684EC0AD4D4BB
r16
Inviato: Wednesday, June 20, 2012 7:30:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

N.B:
Non copiare la parola code.


Code:
KillAll::
Driver::
2;
PowerOffer Service
Folder::
c:\programdata\Norton
c:\users\Pierpaolo\AppData\Local\ServUpdater
c:\users\Pierpaolo\AppData\Local\PosService
c:\users\Pierpaolo\AppData\Local\PowerOffer
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater
c:\program files (x86)\Tuto4PC
c:\users\Pierpaolo\AppData\Local\Tuto4PC
c:\program files (x86)\SweetIM


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Vedi se il problema è risolto.
soloferrari
Inviato: Thursday, June 21, 2012 9:58:56 AM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
File ortograficamente non corretto :-(
r16
Inviato: Thursday, June 21, 2012 7:50:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Lo script è corretto.
Sicuro di avere eseguito le indicazioni correttamente?

Per creare il file di testo fai così:
Start\Esegui\digita notepad.exe e clicca Ok
Ti appare un foglio Block Note sul desktop.

Copia-incolla lo script.
Salvalo con il nome CFScript.txt
Clicca sulla X in alto per chiudere il file.

Adesso, trovi il file sul desktop.
Trascinalo sull'icona di Combofix (quella a forma di testa di leone).
Parte la scansione che eliminerà il resto dell'infezione.
soloferrari
Inviato: Friday, June 22, 2012 5:56:55 PM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
ComboFix 12-06-19.03 - Pierpaolo 22/06/2012 17:43:44.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8174.6476 [GMT 2:00]
Eseguito da: c:\users\Pierpaolo\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Pierpaolo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SweetIM
c:\program files (x86)\Tuto4PC
c:\programdata\Norton
c:\programdata\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
c:\programdata\Norton\00000082\0000011a\00000582\cltLMS1.dat
c:\programdata\Norton\00000082\0000011a\00000582\cltLMS2.dat
c:\programdata\Norton\00000082\0000011a\cltupgrade.dat
c:\users\Pierpaolo\AppData\Local\PosService
c:\users\Pierpaolo\AppData\Local\PosService\7z.dll
c:\users\Pierpaolo\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Pierpaolo\AppData\Local\PosService\Pos.exe
c:\users\Pierpaolo\AppData\Local\PosService\Pos.InstallLog
c:\users\Pierpaolo\AppData\Local\PosService\Pos.InstallState
c:\users\Pierpaolo\AppData\Local\PosService\settings.ini
c:\users\Pierpaolo\AppData\Local\PosService\settings\settings.ini
c:\users\Pierpaolo\AppData\Local\PowerOffer
c:\users\Pierpaolo\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\Pierpaolo\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\Pierpaolo\AppData\Local\ServUpdater
c:\users\Pierpaolo\AppData\Local\ServUpdater\7z.dll
c:\users\Pierpaolo\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Pierpaolo\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Pierpaolo\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Pierpaolo\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Pierpaolo\AppData\Local\ServUpdater\settings.ini
c:\users\Pierpaolo\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Pierpaolo\AppData\Local\ServUpdater\upd.exe
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\settings.ini
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\settings\settings.ini
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\users\Pierpaolo\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallState
c:\users\Pierpaolo\AppData\Local\Tuto4PC
c:\users\Pierpaolo\AppData\Local\Tuto4PC\Tutorials\Tuto4PC_confMedia.cyp
c:\users\Pierpaolo\AppData\Local\Tuto4PC\Tutorials\user.cyp
c:\users\Pierpaolo\AppData\Local\Tuto4PC\Tutorials\user_profil.cyp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-22 al 2012-06-22 )))))))))))))))))))))))))))))))))))
.
.
2012-06-22 15:47 . 2012-06-22 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 10:15 . 2012-06-15 10:15 -------- d-----w- c:\program files\Recuva
2012-06-15 08:21 . 2012-06-15 08:21 -------- d-----w- c:\program files\CCleaner
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 06:10 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 05:33 . 2012-06-14 05:33 16200 ----a-w- c:\windows\stinger.sys
2012-06-14 05:33 . 2012-06-14 06:09 -------- d-----w- c:\program files (x86)\stinger
2012-06-13 15:36 . 2012-06-13 15:36 388096 ----a-r- c:\users\Pierpaolo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 15:36 . 2012-06-13 15:36 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{262E38A7-2B50-4C4D-87E0-EBEB44F84D33}\gapaengine.dll
2012-06-12 20:06 . 2012-06-12 20:06 -------- d-----w- c:\programdata\NortonInstaller
2012-06-12 18:01 . 2012-06-12 18:02 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-12 10:30 . 2012-06-12 10:30 -------- d-----w- c:\users\Catia
2012-06-12 10:28 . 2012-06-12 10:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:25 . 2012-06-11 11:25 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Facebook
2012-06-03 11:21 . 2012-06-03 11:21 -------- d-----w- c:\programdata\TomTom
2012-06-03 11:20 . 2012-06-03 12:30 -------- d-----w- C:\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:43 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:20 -------- d-----w- c:\program files (x86)\TurboPOI
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Local\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-03 10:54 . 2012-06-03 11:17 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012 Demo
2012-05-29 10:51 . 2012-05-29 10:51 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-29 10:49 . 2012-06-09 17:39 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\HpUpdate
2012-05-29 10:49 . 2012-05-29 10:49 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-29 10:45 . 2012-05-29 18:51 -------- d-----w- c:\programdata\TrackMania
2012-05-29 10:38 . 2012-05-29 10:39 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-05-28 11:46 . 2012-05-28 11:46 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Need for Speed World
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Electronic_Arts_Inc
2012-05-28 11:16 . 2012-05-28 11:16 -------- d--h--w- c:\programdata\Common Files
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\programdata\Electronic Arts
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-05-28 05:54 . 2012-05-28 05:57 -------- d-----w- c:\program files (x86)\Babylon
2012-05-28 05:54 . 2012-05-28 05:54 -------- d-----w- c:\program files\Babylon
2012-05-26 14:04 . 2012-05-28 11:12 108 ----a-w- C:\user.js
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\programdata\Synetic
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\program files (x86)\Ferrari Virtual Race
2012-05-26 09:17 . 2012-05-26 09:38 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Roblox
2012-05-23 17:10 . 2012-05-23 17:12 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Microsoft Games
2012-05-23 16:39 . 2012-05-29 10:41 -------- d-----w- c:\program files (x86)\SimBin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 10:28 . 2012-03-23 22:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 11:09 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 15:52 . 2012-04-04 15:52 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-04-04 15:52 . 2012-04-04 15:52 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-25 20:53 . 2012-03-25 20:53 2785840 ----a-w- c:\windows\system32\auto_reactivate.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_21.57.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-22 11:40 36512 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 11:40 33922 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-23 16:26 . 2012-06-22 11:40 10212 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2553868927-4223844580-1372812127-1000_UserData.bin
- 2012-03-23 16:28 . 2012-06-19 14:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-23 16:28 . 2012-06-22 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-23 16:28 . 2012-06-19 14:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-23 16:28 . 2012-06-22 14:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-22 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-19 14:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-22 15:48 . 2012-06-22 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 21:56 . 2012-06-19 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-22 15:48 . 2012-06-22 15:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-19 21:56 . 2012-06-19 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-23 18:07 . 2012-06-21 12:14 262954 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-04-12 10:49 . 2012-06-22 11:44 740616 c:\windows\system32\perfh010.dat
- 2011-04-12 10:49 . 2012-06-19 13:47 740616 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-06-19 13:47 653550 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 11:44 653550 c:\windows\system32\perfh009.dat
- 2011-04-12 10:49 . 2012-06-19 13:47 146588 c:\windows\system32\perfc010.dat
+ 2011-04-12 10:49 . 2012-06-22 11:44 146588 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-06-22 11:44 121382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-19 13:47 121382 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-22 15:47 469620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-19 21:55 469620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-23 17:31 . 2012-06-19 21:55 2293344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-23 17:31 . 2012-06-22 15:47 2293344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-23 23:25 . 2012-06-22 15:47 9328484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2553868927-4223844580-1372812127-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-05-02 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Simraceway Update Service;Simraceway Update Service;c:\program files (x86)\SimracewayUpdater\SRWUpdate.exe [2012-06-04 925696]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-24 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-10-14 395096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 1271552]
"combofix"="c:\combofix\CF32388.3XE" [2010-11-21 345088]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E479AC3-EC1F-4970-9459-E63A528B5551}: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-22 17:51:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-22 15:51
.
Pre-Run: 454.687.948.800 byte disponibili
Post-Run: 454.375.882.752 byte disponibili
.
- - End Of File - - 5A032BF00CBCF8E10CA2DDB9574A8386
r16
Inviato: Friday, June 22, 2012 6:20:55 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ri-Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::
File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
Folder::
c:\users\Public\Documents\AppData\PoApp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

soloferrari
Inviato: Friday, June 22, 2012 7:31:41 PM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
ComboFix 12-06-19.03 - Pierpaolo 22/06/2012 19:21:12.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.8174.7038 [GMT 2:00]
Eseguito da: c:\users\Pierpaolo\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Pierpaolo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-22 al 2012-06-22 )))))))))))))))))))))))))))))))))))
.
.
2012-06-22 17:24 . 2012-06-22 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-15 10:15 . 2012-06-15 10:15 -------- d-----w- c:\program files\Recuva
2012-06-15 08:21 . 2012-06-15 08:21 -------- d-----w- c:\program files\CCleaner
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 06:10 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 05:33 . 2012-06-14 05:33 16200 ----a-w- c:\windows\stinger.sys
2012-06-14 05:33 . 2012-06-14 06:09 -------- d-----w- c:\program files (x86)\stinger
2012-06-13 15:36 . 2012-06-13 15:36 388096 ----a-r- c:\users\Pierpaolo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-13 15:36 . 2012-06-13 15:36 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 06:33 . 2012-05-20 10:34 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{262E38A7-2B50-4C4D-87E0-EBEB44F84D33}\gapaengine.dll
2012-06-12 20:06 . 2012-06-12 20:06 -------- d-----w- c:\programdata\NortonInstaller
2012-06-12 18:01 . 2012-06-12 18:02 -------- d-----w- c:\windows\SysWow64\Adobe
2012-06-12 10:30 . 2012-06-12 10:30 -------- d-----w- c:\users\Catia
2012-06-12 10:28 . 2012-06-12 10:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 11:25 . 2012-06-11 11:25 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Facebook
2012-06-03 11:21 . 2012-06-03 11:21 -------- d-----w- c:\programdata\TomTom
2012-06-03 11:20 . 2012-06-03 12:30 -------- d-----w- C:\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:43 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TurboPOI
2012-06-03 11:20 . 2012-06-03 11:20 -------- d-----w- c:\program files (x86)\TurboPOI
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\users\Pierpaolo\AppData\Local\TomTom
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom International B.V
2012-06-03 11:19 . 2012-06-03 11:19 -------- d-----w- c:\program files (x86)\TomTom HOME 2
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-06-03 10:55 . 2012-06-03 10:55 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-03 10:54 . 2012-06-03 11:17 -------- d-----w- c:\program files (x86)\Agrar Simulator 2012 Demo
2012-05-29 10:51 . 2012-05-29 10:51 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-29 10:49 . 2012-06-09 17:39 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\HpUpdate
2012-05-29 10:49 . 2012-05-29 10:49 -------- d-----w- c:\windows\Hewlett-Packard
2012-05-29 10:45 . 2012-05-29 18:51 -------- d-----w- c:\programdata\TrackMania
2012-05-29 10:38 . 2012-05-29 10:39 -------- d-----w- c:\program files (x86)\TmNationsForever
2012-05-28 11:46 . 2012-05-28 11:46 -------- d-----w- c:\users\Pierpaolo\AppData\Roaming\Need for Speed World
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Electronic_Arts_Inc
2012-05-28 11:16 . 2012-05-28 11:16 -------- d--h--w- c:\programdata\Common Files
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\programdata\Electronic Arts
2012-05-28 11:16 . 2012-05-28 11:16 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-05-28 05:54 . 2012-05-28 05:57 -------- d-----w- c:\program files (x86)\Babylon
2012-05-28 05:54 . 2012-05-28 05:54 -------- d-----w- c:\program files\Babylon
2012-05-26 14:04 . 2012-05-28 11:12 108 ----a-w- C:\user.js
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\programdata\Synetic
2012-05-26 14:03 . 2012-05-26 14:03 -------- d-----w- c:\program files (x86)\Ferrari Virtual Race
2012-05-26 09:17 . 2012-05-26 09:38 -------- d-----w- c:\users\Pierpaolo\AppData\Local\Roblox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 10:28 . 2012-03-23 22:55 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-20 11:09 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-04 15:52 . 2012-04-04 15:52 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-04-04 15:52 . 2012-04-04 15:52 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-25 20:53 . 2012-03-25 20:53 2785840 ----a-w- c:\windows\system32\auto_reactivate.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_21.57.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-22 15:57 36552 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-22 15:57 33946 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-23 16:26 . 2012-06-22 15:57 10308 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2553868927-4223844580-1372812127-1000_UserData.bin
- 2012-03-23 16:28 . 2012-06-19 14:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-23 16:28 . 2012-06-22 16:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-03-23 16:28 . 2012-06-19 14:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-23 16:28 . 2012-06-22 16:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-22 16:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-19 14:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-22 17:25 . 2012-06-22 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 21:56 . 2012-06-19 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-22 17:25 . 2012-06-22 17:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-19 21:56 . 2012-06-19 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-23 18:07 . 2012-06-22 17:16 263184 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-04-12 10:49 . 2012-06-22 16:00 740616 c:\windows\system32\perfh010.dat
- 2011-04-12 10:49 . 2012-06-19 13:47 740616 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-06-19 13:47 653550 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 16:00 653550 c:\windows\system32\perfh009.dat
- 2011-04-12 10:49 . 2012-06-19 13:47 146588 c:\windows\system32\perfc010.dat
+ 2011-04-12 10:49 . 2012-06-22 16:00 146588 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-06-22 16:00 121382 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-19 13:47 121382 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-22 17:24 469620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-19 21:55 469620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-03-23 17:31 . 2012-06-19 21:55 2293344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-23 17:31 . 2012-06-22 17:24 2293344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-03-23 23:25 . 2012-06-22 17:24 9328484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2553868927-4223844580-1372812127-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate c:\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-05-02 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Simraceway Update Service;Simraceway Update Service;c:\program files (x86)\SimracewayUpdater\SRWUpdate.exe [2012-06-04 925696]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-03-24 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-11 11:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000Core.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2553868927-4223844580-1372812127-1000UA.job
- c:\users\Pierpaolo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-18 11:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Servizio Acronis Scheduler2"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-10-14 395096]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 1271552]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6E479AC3-EC1F-4970-9459-E63A528B5551}: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-22 19:27:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-22 17:27
.
Pre-Run: 454.443.577.344 byte disponibili
Post-Run: 454.382.899.200 byte disponibili
.
- - End Of File - - 362E38640A65D2C5A02A9F066CEA3FA1
r16
Inviato: Friday, June 22, 2012 7:46:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il pc è pulito.
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Clicca su Cleanup.

Di disistallerà correttamente sia Combofix che lo stesso OTL.

Il pc ti chiederà di riavviare, acconsenti

Fai una pulizia con CCleaner. (registro compreso)

Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Riavvia il pc, riattiva il ripristino configurazione di sistema.
soloferrari
Inviato: Friday, June 22, 2012 8:13:15 PM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
R16 quì mi dici di disattivare e riattivare il ripristino conf sistema.
ho W7, è lo stesso?
Cleaner mi trova sul registro un bel po di file da riparare o eliminare, quale delle 2 opzioni?
GRAZIEEEEE
r16
Inviato: Saturday, June 23, 2012 12:08:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
R16 quì mi dici di disattivare e riattivare il ripristino conf sistema.
ho W7, è lo stesso?

Ecco le istruzioni per Win 7.
http://windows.microsoft.com/it-IT/windows7/Turn-System-Restore-on-or-off

Commenta:
Cleaner mi trova sul registro un bel po di file da riparare o eliminare, quale delle 2 opzioni?

Prima fai il backup delle chiavi, poi le elimini.
Se dopo 3-4 giorni, non riscontri problemi, elimina anche i backup.
soloferrari
Inviato: Tuesday, June 26, 2012 8:02:38 AM
Rank: AiutAmico

Iscritto dal : 9/3/2003
Posts: 434
Buongiorno!!
non voglio dirlo forte ma sta pagina che si apre da sola mo non si apre più :-)
posso stare tranquillo così o ci sono altri suggerimenti?
GRAZIE!!
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.