Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi potete controllare il LOG di Hijack Opzioni
alfaalfa73
Inviato: Thursday, October 11, 2012 11:06:18 AM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Buongiorno.
Il mio PC portatile ha la CPU con utilizzo 90-100% sempre, la ventola lavora eccessivamente con temperatura elevatissima, tanto che a volte si spenge il portatile.
Potete verificarmi il LOG? Grazie.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.57.43, on 11/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\PDF Suite\PDFServiceEngine.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
C:\Program Files\google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Iomega StorCenter\sohoclient.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculator.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\microsoft office\Office12\OUTLOOK.EXE
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Windows\system32\WTClient.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fornito da MSN and Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Geom. Paolo Cecchini\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: CrossriderApp0004479 - {11111111-1111-1111-1111-110011441179} - C:\Program Files\Giant Savings\Giant Savings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O2 - BHO: MyHeritage New Tab - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4 - HKLM\..\Run: [PDFServiceEngine] C:\Program Files\PDF Suite\PDFServiceEngine.exe
O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files\Cobian Backup 10\cbInterface.exe" -service
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [SnaiCalculator] C:\Users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe /Login=true
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Facebook Messenger.lnk = Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Cobian Backup Boletus (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\Windows\System32\Drivers\WTSRV.EXE

--
End of file - 15111 bytes
Sponsor
Inviato: Thursday, October 11, 2012 11:06:18 AM

 
shapiro
Inviato: Thursday, October 11, 2012 11:21:47 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ciao hai delle infezioni dovute a toolbar installate , fai queste due scansioni

scarica adwcleaner clicca su delete e posta il log che rilascia a fine scansione

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
alfaalfa73
Inviato: Thursday, October 11, 2012 11:28:44 AM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Per prima cosa grazie per la velocità nella risposta.
Ho Ccleaner. E' lo stesso al posto di adwcleaner? Quello da te indicato non mi viene permesso il download.
shapiro
Inviato: Thursday, October 11, 2012 11:30:15 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


no non e' la stessa cosa

hai un firewall attivo per caso?
alfaalfa73
Inviato: Thursday, October 11, 2012 11:41:08 AM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Effettuata la scansione.
allego il LOG

# AdwCleaner v2.004 - Logfile creato il 11/10/2012 alle 11:37:18
# Aggiornamento 06/10/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Utente : Geom. Paolo Cecchini - GEOMCECCHINI
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Geom. Paolo Cecchini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0T3AQVL1\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****

Fermato & Eliminato : Application Updater
Fermato & Eliminato : Browser Manager

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\Application Updater
Cartella Eliminato : C:\Program Files\AVG Secure Search
Cartella Eliminato : C:\Program Files\Common Files\spigot
Cartella Eliminato : C:\Program Files\Complitly
Cartella Eliminato : C:\Program Files\Free Offers from Freeze.com
Cartella Eliminato : C:\Program Files\Funmoods
Cartella Eliminato : C:\Program Files\Giant Savings
Cartella Eliminato : C:\Program Files\Ilivid
Cartella Eliminato : C:\Program Files\OfferBox
Cartella Eliminato : C:\Program Files\pdfforge Toolbar
Cartella Eliminato : C:\Program Files\PriceGong
Cartella Eliminato : C:\Program Files\Searchqu Toolbar
Cartella Eliminato : C:\ProgramData\AVG Secure Search
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Local\AVG Secure Search
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Local\Giant Savings
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\AVG Secure Search
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\facemoods.com
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\pdfforge
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\Search Settings
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\searchquband
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\Searchqutoolbar
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\LocalLow\Toolbar4
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Roaming\Complitly
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Roaming\OfferBox
Cartella Eliminato : C:\Users\Geom. Paolo Cecchini\AppData\Roaming\OpenCandy
Eliminato al riavvio : C:\Program Files\Common Files\AVG Secure Search
Eliminato al riavvio : C:\ProgramData\Browser Manager
File Eliminato : C:\user.js
File Eliminato : C:\Windows\system32\conduitEngine.tmp

***** [Registro] *****

Chiave Eliminato : HKCU\Software\AppDataLow\Software\Crossrider
Chiave Eliminato : HKCU\Software\AppDataLow\Software\Giant Savings
Chiave Eliminato : HKCU\Software\AppDataLow\Software\pdfforge
Chiave Eliminato : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminato : HKCU\Software\AppDataLow\Software\Search Settings
Chiave Eliminato : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Eliminato : HKCU\Software\AVG Secure Search
Chiave Eliminato : HKCU\Software\BrowserMngr
Chiave Eliminato : HKCU\Software\Complitly
Chiave Eliminato : HKCU\Software\Cr_Installer
Chiave Eliminato : HKCU\Software\DataMngr
Chiave Eliminato : HKCU\Software\DataMngr_Toolbar
Chiave Eliminato : HKCU\Software\Funmoods
Chiave Eliminato : HKCU\Software\ilivid
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminato : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Chiave Eliminato : HKCU\Software\Offerbox
Chiave Eliminato : HKCU\Software\pdfforge
Chiave Eliminato : HKCU\Software\Search Settings
Chiave Eliminato : HKCU\Software\Softonic
Chiave Eliminato : HKCU\Software\Surf Canyon
Chiave Eliminato : HKLM\Software\Application Updater
Chiave Eliminato : HKLM\Software\AVG Secure Search
Chiave Eliminato : HKLM\Software\Babylon
Chiave Eliminato : HKLM\Software\BrowserMngr
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Chiave Eliminato : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Chiave Eliminato : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Chiave Eliminato : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Chiave Eliminato : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441179}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Chiave Eliminato : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Chiave Eliminato : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.BHO.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.FBApi.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox
Chiave Eliminato : HKLM\SOFTWARE\Classes\CrossriderApp0004479.Sandbox.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Chiave Eliminato : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chiave Eliminato : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Chiave Eliminato : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Chiave Eliminato : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Chiave Eliminato : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Chiave Eliminato : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Chiave Eliminato : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444479}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Chiave Eliminato : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Chiave Eliminato : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Chiave Eliminato : HKLM\Software\DataMngr
Chiave Eliminato : HKLM\Software\Freeze.com
Chiave Eliminato : HKLM\Software\Funmoods
Chiave Eliminato : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Chiave Eliminato : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Chiave Eliminato : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Chiave Eliminato : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Chiave Eliminato : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Chiave Eliminato : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Chiave Eliminato : HKLM\Software\Offerbox
Chiave Eliminato : HKLM\Software\pdfforge
Chiave Eliminato : HKLM\Software\Search Settings
Chiave Eliminato : HKLM\Software\SearchquMediabarTb
Chiave Eliminato : HKLM\Software\VDownloader\OpenCandy
Chiave Eliminato : HKU\S-1-5-21-1452549065-585906151-3354605193-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Data Eliminato : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23787~1.43\{16cdf~1\browse~1.dll c:\progra~2\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Valore Eliminato : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminato : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Valore Eliminato : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Valore Eliminato : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valore Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16421

Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.babylon.com/?babsrc=NT_ss&mntrId=25d071f300000000000000190e019eb5 --> hxxp://www.google.com

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Geom. Paolo Cecchini\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminato [l.12] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/tab?cid={663DD21D-ECE0-4F34-BC7A-F017067BF0B9}&mid=dfad4744a60547d08747d15048e57746-5fb1ff62a4c4c5710c9b2423f848557ce64fbac3&lang=it&ds=od011&pr=sa&d=2012-03-17%2007:58:12&v=12.2.5.32&sap=nt" ]
Eliminato [l.1657] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/tab?cid={663DD21D-ECE0-4F34-BC7A-F017067BF0B9}&mid=dfad4744a60547d08747d15048e57746-5fb1ff62a4c4c5710c9b2423f848557ce64fbac3&lang=it&ds=od011&pr=sa&d=2012-03-17%2007:58:12&v=12.2.5.32&sap=nt" ]

*************************

AdwCleaner[S1].txt - [20601 octets] - [11/10/2012 11:37:18]

########## EOF - C:\AdwCleaner[S1].txt - [20662 octets] ##########
alfaalfa73
Inviato: Thursday, October 11, 2012 11:43:06 AM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Faccio anche la scansione con ComboFix o attendo una tua risposta?
shapiro
Inviato: Thursday, October 11, 2012 11:44:48 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

fai la scansione con combofix dovrebbe trovare ancora altro
alfaalfa73
Inviato: Thursday, October 11, 2012 12:19:41 PM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Direi che di roba ne ha trovata.
Anche la ventola gira meno.
Allego il risultato di combofix

ComboFix 12-10-11.01 - Geom. Paolo Cecchini 11/10/2012 11.54.53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.2047.864 [GMT 2:00]
Eseguito da: c:\users\Geom. Paolo Cecchini\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\SPL32A8.tmp
c:\programdata\SPL3E42.tmp
c:\programdata\SPLAF12.tmp
c:\programdata\SPLD8F0.tmp
c:\programdata\SPLDADF.tmp
c:\programdata\SPLE8DC.tmp
c:\programdata\SPLF067.tmp
c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
c:\windows\IsUn0410.exe
c:\windows\system32\dbcdbf32.dll
c:\windows\unin0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-11 al 2012-10-11 )))))))))))))))))))))))))))))))))))
.
.
2012-10-11 10:08 . 2012-10-11 10:15 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\GEOM~1~PAO\AppData\Local\temp
2012-10-11 10:08 . 2012-10-11 10:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-11 09:50 . 2012-10-11 09:50 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\MpKslf76a1a65.sys
2012-10-11 08:35 . 2012-10-11 08:35 388096 ----a-r- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-11 08:35 . 2012-10-11 08:35 -------- d-----w- c:\program files\Trend Micro
2012-10-11 06:35 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\mpengine.dll
2012-10-10 12:45 . 2012-05-08 11:19 18496 ----a-w- c:\windows\system32\Kara_mx.dll
2012-10-10 12:45 . 2012-03-24 14:13 16448 ----a-w- c:\windows\system32\Kara__E.dll
2012-10-10 12:45 . 2011-09-30 22:14 29784 ----a-w- c:\windows\system32\Kara_K5.dll
2012-10-10 12:45 . 2011-05-12 12:16 19008 ----a-w- c:\windows\system32\Kara_C.dll
2012-10-10 12:45 . 2009-10-20 14:34 15936 ----a-w- c:\windows\system32\Kara_ww.dll
2012-10-10 12:45 . 2009-10-20 14:32 14456 ----a-w- c:\windows\system32\Kara_v.dll
2012-10-10 12:45 . 2006-10-03 13:33 462848 ----a-w- c:\windows\system32\lame_enc.dll
2012-10-10 12:45 . 2012-10-10 15:20 -------- d-----w- C:\Edic
2012-10-10 12:44 . 2012-10-10 14:48 -------- d-----w- c:\program files\Karaoke5
2012-10-10 07:43 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 07:03 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:03 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-09 06:37 . 2012-10-09 06:37 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-07 19:01 . 2012-10-02 09:16 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13230FCC-9D4D-4A54-9304-E2147EDCBE9A}\gapaengine.dll
2012-10-03 09:49 . 2012-10-03 09:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Malwarebytes
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\programdata\Malwarebytes
2012-10-01 12:25 . 2012-10-01 12:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-01 12:25 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 20:22 . 2012-09-30 20:22 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\com.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1
2012-09-30 20:22 . 2012-09-30 20:22 -------- d-----w- c:\program files\my Picturetown
2012-09-28 10:35 . 2009-10-07 13:40 69632 ----a-w- c:\windows\system32\temp.018
2012-09-28 10:35 . 2009-10-07 13:40 266293 ----a-w- c:\windows\system32\temp.016
2012-09-28 10:35 . 2009-10-07 13:39 77878 ----a-w- c:\windows\system32\temp.017
2012-09-28 10:23 . 2012-09-28 10:23 -------- d-----w- c:\windows\system32\searchplugins
2012-09-28 10:23 . 2012-09-28 10:23 -------- d-----w- c:\windows\system32\Extensions
2012-09-28 10:22 . 2012-10-11 09:40 -------- d-----w- c:\programdata\Browser Manager
2012-09-27 20:17 . 2012-09-27 20:17 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\it.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
2012-09-27 20:16 . 2012-09-27 20:17 -------- d-----w- c:\program files\myphotobook.it
2012-09-26 12:48 . 2011-03-11 08:50 401608 ----a-w- c:\windows\system32\crylic52.ocx
2012-09-26 12:48 . 2004-02-22 21:00 78848 ----a-w- c:\windows\system32\MSBIND.DLL
2012-09-26 12:48 . 1999-03-24 09:10 102400 ----a-w- c:\windows\system32\nslock15vb6.ocx
2012-09-26 12:48 . 1999-02-23 19:49 91648 ----a-w- c:\windows\system32\nslock15vb5.ocx
2012-09-26 12:48 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-09-26 12:48 . 2010-06-05 16:19 7647232 ----a-w- c:\windows\system32\reportman.ocx
2012-09-26 12:48 . 2004-03-08 21:00 275216 ----a-w- c:\windows\system32\MSDATGRD.OCX
2012-09-26 12:48 . 1999-12-22 22:00 1355776 ----a-w- c:\windows\system32\MSVBVM50.dll
2012-09-26 12:48 . 2012-09-26 13:13 -------- d-----w- C:\UNIVAL_1_5
2012-09-25 19:21 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 23:15 . 2012-09-24 23:15 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\Kesemoholdings_Limited
2012-09-24 23:12 . 2012-09-24 23:12 -------- d-----w- c:\programdata\SnaiCalculator
2012-09-24 23:11 . 2012-10-11 10:08 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator
2012-09-24 12:41 . 2012-09-24 13:02 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\MyHeritage
2012-09-24 12:41 . 2012-09-24 12:44 -------- d-----w- c:\programdata\MyHeritage
2012-09-24 12:41 . 2003-07-06 11:07 372736 ----a-w- c:\windows\system32\ijl15.dll
2012-09-24 12:41 . 2002-03-06 22:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2012-09-24 12:41 . 2012-09-24 12:41 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\The Complete Genealogy Reporter - FTB
2012-09-24 12:40 . 2012-09-24 12:40 -------- d-----w- c:\program files\MyHeritage
2012-09-17 16:08 . 2012-09-17 16:09 -------- d-----w- c:\program files\Google Apps Directory Sync
2012-09-15 07:59 . 2012-09-15 07:59 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\MAGIX_AG
2012-09-12 15:33 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:33 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:33 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:33 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:33 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 15:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:49 . 2012-09-12 13:49 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Roaming\Thunderbird
2012-09-12 13:49 . 2012-09-12 13:49 -------- d-----w- c:\users\Geom. Paolo Cecchini\AppData\Local\Thunderbird
2012-09-12 13:49 . 2012-09-17 08:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-09-11 16:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 06:54 . 2012-04-02 14:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 06:54 . 2011-05-19 06:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-03 09:49 . 2012-07-09 15:34 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-10-02 09:16 . 2011-03-25 22:45 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-04 07:18 . 2012-09-04 07:18 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 13:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-28 18:24 . 2010-10-04 21:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-07-18 17:47 . 2012-08-15 07:43 2345984 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 10:50 . 2010-11-14 14:53 3056008 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Family Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
2010-02-18 07:37 221184 ----a-w- c:\program files\Family Toolbar\mhxpcomi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
"Facebook Update"="c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"Akamai NetSession Interface"="c:\users\Geom. Paolo Cecchini\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-10-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"PDFServiceEngine"="c:\program files\PDF Suite\PDFServiceEngine.exe" [2008-06-25 393216]
"Cobian Backup 10 Interface"="c:\program files\Cobian Backup 10\cbInterface.exe" [2010-09-23 3154432]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Geom. Paolo Cecchini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-10-2 795936]
Google Calendar Sync.lnk - c:\program files\google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2010-11-9 1877328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 eusk3usb;SmartKey 3 USB;c:\windows\system32\Drivers\eusk3usb.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [x]
R3 SQTECH913D;913D Camera;c:\windows\system32\Drivers\Capt913D.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TEUSBMU;Panasonic Analog PBX USB Main Unit driver;c:\windows\system32\Drivers\TEUSBMU.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 MpKslf76a1a65;MpKslf76a1a65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CC8D91F-E6B0-4065-9F0A-FE6D4F62D5ED}\MpKslf76a1a65.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 CobianBackup10;Cobian Backup Boletus;c:\program files\Cobian Backup 10\cbService.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:54]
.
2012-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1452549065-585906151-3354605193-1000Core.job
- c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:41]
.
2012-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1452549065-585906151-3354605193-1000UA.job
- c:\users\Geom. Paolo Cecchini\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-27 07:41]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 21:36]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 21:36]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\Family Toolbar\mhxpcomi.dll
.
.
------- Associazioni dei file -------
.
.scr=DWGTrueViewScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
HKCU-Run-SnaiCalculator - c:\users\Geom. Paolo Cecchini\AppData\Local\SnaiCalculator\SnaiCalculatorLauncher.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-Voltura 1.0 - c:\windows\IsUn0410.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d7,ba,d1,24,86,18,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_USERS\S-1-5-21-1452549065-585906151-3354605193-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,54,16,
2e,9c,12,8c,07,98,e4,c7,c8,3d,cb,d5,0c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,3b,1b,8c,6a,a1,
89,4a,da,9a,0f,ad,6e,34,28,4f,d8,72,26
"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,3b,1b,fc,6d,d4,
b8,ab,bb,a5,0e,ba,ff,d2,18,c2,b9,de,e6
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f2,4e,
b6,e8,57,fa,09,9f,3e,88,50,52,3f,33,e2
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,dd,0e,
3f,50,1f,bf,55,87,15,47,d0,22,ee,8d,5a
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=hex:51,66,7a,6c,4c,1d,3b,1b,15,cb,34,
a5,26,3b,40,0e,b2,84,4f,e0,35,91,04,17
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,24,3b,
51,8b,3f,11,03,8c,f8,ba,9b,00,7e,39,60
"{11111111-1111-1111-1111-110011441179}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0e,07,
0d,24,47,7a,55,0d,1c,56,40,14,0f,51,6c
"{D0F4A166-B8D4-48B8-9D63-80849FE137CB}"=hex:51,66,7a,6c,4c,1d,3b,1b,76,be,e2,
cc,e1,ee,d3,0c,81,6e,c7,c4,9a,aa,77,de
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,87,9e,
84,18,12,b6,0d,85,da,9b,c6,6e,a3,3d,a9
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5656)
c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WTClient.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-11 12:21:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-11 10:21
ComboFix2.txt 2010-02-25 10:12
.
Pre-Run: 11.794.923.520 byte disponibili
Post-Run: 12.274.020.352 byte disponibili
.
- - End Of File - - EC9379FF20A8503EB789B16B57AB44D9
alfaalfa73
Inviato: Thursday, October 11, 2012 6:51:15 PM
Rank: Newbie

Iscritto dal : 10/11/2012
Posts: 6
Direi che il problema sembra risolto.
Grazie della disponibilità.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.