Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » voci sospette

voci sospette Opzioni
Topic Precedente · Topic Sucessivo
tamagon
Inviato: Wednesday, December 19, 2012 6:17:10 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ciao,facendo un'analisi on line del log,risultano delle voci da eliminare e di indirizzi che non so cosa siano.mi potete aiutare grazie.malgrado tutto non riscontro problemi,ma il dubbio di un'analisi mi è venuto dopo che per 2 volte mi si è aperta una pagina web non richiesta.una volta di giochi online ed un'altra volta di banche.grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:11:50, on 19/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\AviraNotifyCloser\avNotifyCloser.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\utente\Desktop\file ricevuti\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: Avira Notify Closer.lnk = C:\Program Files (x86)\AviraNotifyCloser\avNotifyCloser.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9177BBC-9C77-40E1-9D3F-D5225BB144DE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\utente\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11589 bytes


ora faccio scansione con malwarebytes
Torna in alto
 
Sponsor
Inviato: Wednesday, December 19, 2012 6:17:10 PM

 
Torna in alto
 
r16
Inviato: Wednesday, December 19, 2012 6:31:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hola tamagon.
Elimina queste voci:
Commenta:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9177BBC-9C77-40E1-9D3F-D5225BB144DE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

Per eliminarle esegui HJT come Amministratore.
Se non si eliminano prova in Modalità provvisoria.

Poi serve una scansione con Combofix:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obbligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista o Seven: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
tamagon
Inviato: Wednesday, December 19, 2012 7:26:58 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ciao r16 grazie.ecco il log di combofix

ComboFix 12-12-19.02 - utente 19/12/2012 19:09:48.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2813 [GMT 1:00]
Eseguito da: c:\users\utente\Desktop\file ricevuti\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\utente\AppData\Local\unins000.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-19 al 2012-12-19 )))))))))))))))))))))))))))))))))))
.
.
2012-12-18 16:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58754198-AC85-411B-BEF8-161CD053EEBC}\mpengine.dll
2012-12-17 19:03 . 2012-12-17 19:03 -------- d-----w- c:\users\utente\AppData\Local\ATI
2012-12-17 16:33 . 2012-12-18 16:45 -------- d-----w- c:\users\utente\AppData\Local\ServUpdater
2012-12-17 16:33 . 2012-12-17 16:35 -------- d-----w- c:\users\utente\AppData\Local\PosService
2012-12-17 16:33 . 2012-12-17 16:33 -------- d-----w- c:\users\utente\AppData\Local\PowerOffer
2012-12-17 10:55 . 2012-12-17 16:34 -------- d-----w- c:\users\utente\AppData\Local\SoftwareUpdater
2012-12-17 10:55 . 2012-12-17 10:55 -------- d-----w- c:\program files (x86)\MyPcCleaner
2012-12-17 10:23 . 2012-12-17 10:23 -------- d-----w- c:\users\utente\AppData\Roaming\Avira
2012-12-17 10:21 . 2012-12-17 16:56 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-17 10:21 . 2012-12-17 16:56 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 10:21 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-17 10:21 . 2012-12-17 10:21 -------- d-----w- c:\programdata\Avira
2012-12-17 10:21 . 2012-12-17 10:21 -------- d-----w- c:\program files (x86)\Avira
2012-12-12 12:41 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-22 16:14 . 2012-11-22 16:21 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-11-22 16:10 . 2012-11-23 15:46 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:32 . 2012-04-16 10:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 18:32 . 2011-06-06 05:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 12:47 . 2010-10-03 15:12 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-30 22:50 . 2012-11-15 16:41 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 10:05 . 2012-10-27 10:05 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-10-27 10:05 . 2012-10-27 10:05 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-10-27 10:05 . 2012-10-27 10:05 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-10-27 10:05 . 2012-10-27 10:05 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-10-27 10:05 . 2012-10-27 10:05 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-10-27 10:05 . 2012-10-27 10:05 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-10-27 10:05 . 2012-10-27 10:05 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-10-27 10:05 . 2012-10-27 10:05 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-10-27 10:05 . 2012-10-27 10:05 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-10-27 10:05 . 2012-10-27 10:05 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-10-27 10:05 . 2012-10-27 10:05 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-10-27 10:05 . 2012-10-27 10:05 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-10-27 10:05 . 2012-10-27 10:05 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-10-27 10:05 . 2012-10-27 10:05 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-10-27 10:05 . 2012-10-27 10:05 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-10-27 10:05 . 2012-10-27 10:05 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-10-27 10:05 . 2012-10-27 10:05 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-10-27 10:05 . 2012-10-27 10:05 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-10-27 10:05 . 2012-10-27 10:05 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-10-27 10:05 . 2012-10-27 10:05 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-10-27 10:05 . 2012-10-27 10:05 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-27 10:05 . 2012-10-27 10:05 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-27 10:05 . 2012-10-27 10:05 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-10-27 10:05 . 2012-10-27 10:05 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-10-27 10:05 . 2012-10-27 10:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-27 10:05 . 2012-10-27 10:05 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-27 10:05 . 2012-10-27 10:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-27 10:05 . 2012-10-27 10:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-27 10:05 . 2012-10-27 10:05 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-27 10:05 . 2012-10-27 10:05 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-27 10:05 . 2012-10-27 10:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-27 10:05 . 2012-10-27 10:05 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 10:05 . 2012-10-27 10:05 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-16 08:38 . 2012-11-27 21:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:58 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 18:09 . 2012-11-02 18:18 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-15 11:21 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 11:21 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 11:21 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 11:21 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 12:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 11:21 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 11:21 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 11:21 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 11:21 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 11:21 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 11:21 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 11:21 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 11:21 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 11:21 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 11:21 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 11:21 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 17:54 . 2012-01-11 06:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 11:21 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 11:21 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32 . 2012-06-25 19:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2010-09-28 06:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-28 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-17 384800]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
c:\users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Avira Notify Closer.lnk - c:\program files (x86)\AviraNotifyCloser\avNotifyCloser.exe [2011-10-12 613227]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 ServUpdater;Serv Updater;c:\users\utente\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-27 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-27 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-17 85280]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S2 PowerOffer Service;Pos Service;c:\users\utente\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
S2 SoftwareUpd;Software Upd;c:\users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-06-14 161280]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:32]
.
2012-12-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-05 11:45]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 11:17]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 11:17]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
TCP: Interfaces\{F9177BBC-9C77-40E1-9D3F-D5225BB144DE}: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\h9bwwli4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-21 16:36; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-09-30 18:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\utente\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7b,92,9a,e6,93,73,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,9d,69,7d,a2,38,89,4b,8d,37,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,9d,69,7d,a2,38,89,4b,8d,37,fb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-19 19:20:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-12-19 18:20
.
Pre-Run: 61.709.103.104 byte disponibili
Post-Run: 61.558.841.344 byte disponibili
.
- - End Of File - - D96B3CCEC5EF50F9064E46A06CC1A321




ed hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:51, on 19/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\utente\Desktop\file ricevuti\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')
O4 - Startup: Avira Notify Closer.lnk = C:\Program Files (x86)\AviraNotifyCloser\avNotifyCloser.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\utente\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9697 bytes
Torna in alto
 
tamagon
Inviato: Wednesday, December 19, 2012 7:33:29 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
r16 ci sentiamo domani ancora grazieApplause Speak to the hand

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.12.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
utente :: UTENTE-PC [amministratore]

19/12/2012 18:17:07
mbam-log-2012-12-19 (18-17-07).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 132258
Tempo impiegato: 33 minuti, 56 secondi [interrotto]

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\Program Files (x86)\Hotspot Shield\bin\fbw.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.

(fine)
Torna in alto
 
r16
Inviato: Wednesday, December 19, 2012 8:54:42 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt


Code:
KillAll::

Driver::
ServUpdater
PowerOffer Service
SoftwareUpd
File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
Folder::
c:\users\utente\AppData\Local\ServUpdater
c:\users\utente\AppData\Local\PosService
c:\users\utente\AppData\Local\PowerOffer
c:\users\utente\AppData\Local\SoftwareUpdater
c:\users\Public\Documents\AppData\PoApp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-



e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Poi:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
N.B:
Hai Avira come antivirus, e detto software utilizza ASK Toolbar come parte della sua sicurezza nel web.
Se eliminata, AntiVir WebGuard potrebbe non funzionare più correttamente.
Per cui:
Apri Adwcleaner e clicca sul ? in alto a sinistra.
Clicca su opzioni.
Metti la spunta su :
DisableAskDetection
Clicca OK.
Clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Torna in alto
 
tamagon
Inviato: Thursday, December 20, 2012 1:04:00 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ecco i log e grazie ancora

ComboFix 12-12-19.02 - utente 20/12/2012 12:50:42.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4095.2972 [GMT 1:00]
Eseguito da: c:\users\utente\Desktop\file ricevuti\ComboFix.exe
Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\users\utente\AppData\Local\PosService
c:\users\utente\AppData\Local\PosService\7z.dll
c:\users\utente\AppData\Local\PosService\AppLib.Zip.dll
c:\users\utente\AppData\Local\PosService\Pos.exe
c:\users\utente\AppData\Local\PosService\Pos.InstallLog
c:\users\utente\AppData\Local\PosService\Pos.InstallState
c:\users\utente\AppData\Local\PosService\settings.ini
c:\users\utente\AppData\Local\PosService\settings\settings.ini
c:\users\utente\AppData\Local\PowerOffer
c:\users\utente\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\utente\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\utente\AppData\Local\PowerOffer\Wait.exe
c:\users\utente\AppData\Local\ServUpdater
c:\users\utente\AppData\Local\ServUpdater\7z.dll
c:\users\utente\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\utente\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\utente\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\utente\AppData\Local\ServUpdater\settings.ini
c:\users\utente\AppData\Local\ServUpdater\settings\settings.ini
c:\users\utente\AppData\Local\SoftwareUpdater
c:\users\utente\AppData\Local\SoftwareUpdater\settings.ini
c:\users\utente\AppData\Local\SoftwareUpdater\settings\settings.ini
c:\users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallState
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-20 al 2012-12-20 )))))))))))))))))))))))))))))))))))
.
.
2012-12-20 11:54 . 2012-12-20 11:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 16:50 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58754198-AC85-411B-BEF8-161CD053EEBC}\mpengine.dll
2012-12-17 19:03 . 2012-12-17 19:03 -------- d-----w- c:\users\utente\AppData\Local\ATI
2012-12-17 10:55 . 2012-12-17 10:55 -------- d-----w- c:\program files (x86)\MyPcCleaner
2012-12-17 10:23 . 2012-12-17 10:23 -------- d-----w- c:\users\utente\AppData\Roaming\Avira
2012-12-17 10:21 . 2012-12-17 16:56 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-17 10:21 . 2012-12-17 16:56 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 10:21 . 2012-11-16 19:17 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-17 10:21 . 2012-12-17 10:21 -------- d-----w- c:\programdata\Avira
2012-12-17 10:21 . 2012-12-17 10:21 -------- d-----w- c:\program files (x86)\Avira
2012-12-12 12:41 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-22 16:14 . 2012-11-22 16:21 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-11-22 16:10 . 2012-11-23 15:46 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 18:32 . 2012-04-16 10:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-12 18:32 . 2011-06-06 05:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 12:47 . 2010-10-03 15:12 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-30 22:50 . 2012-11-15 16:41 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 10:05 . 2012-10-27 10:05 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-10-27 10:05 . 2012-10-27 10:05 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-10-27 10:05 . 2012-10-27 10:05 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-10-27 10:05 . 2012-10-27 10:05 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-10-27 10:05 . 2012-10-27 10:05 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-10-27 10:05 . 2012-10-27 10:05 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-10-27 10:05 . 2012-10-27 10:05 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-10-27 10:05 . 2012-10-27 10:05 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-10-27 10:05 . 2012-10-27 10:05 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-10-27 10:05 . 2012-10-27 10:05 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-10-27 10:05 . 2012-10-27 10:05 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-10-27 10:05 . 2012-10-27 10:05 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-10-27 10:05 . 2012-10-27 10:05 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-10-27 10:05 . 2012-10-27 10:05 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-10-27 10:05 . 2012-10-27 10:05 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-10-27 10:05 . 2012-10-27 10:05 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-10-27 10:05 . 2012-10-27 10:05 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-10-27 10:05 . 2012-10-27 10:05 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-10-27 10:05 . 2012-10-27 10:05 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-10-27 10:05 . 2012-10-27 10:05 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-10-27 10:05 . 2012-10-27 10:05 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-10-27 10:05 . 2012-10-27 10:05 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-10-27 10:05 . 2012-10-27 10:05 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-10-27 10:05 . 2012-10-27 10:05 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-10-27 10:05 . 2012-10-27 10:05 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-10-27 10:05 . 2012-10-27 10:05 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-27 10:05 . 2012-10-27 10:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-10-27 10:05 . 2012-10-27 10:05 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-27 10:05 . 2012-10-27 10:05 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-10-27 10:05 . 2012-10-27 10:05 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-10-27 10:05 . 2012-10-27 10:05 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-10-27 10:05 . 2012-10-27 10:05 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-27 10:05 . 2012-10-27 10:05 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-16 08:38 . 2012-11-27 21:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:58 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-12 18:09 . 2012-11-02 18:18 25472 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-09 18:17 . 2012-11-15 11:21 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 11:21 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 11:21 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 11:21 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 12:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 11:21 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 11:21 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 11:21 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 11:21 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 11:21 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 11:21 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 11:21 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 11:21 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 11:21 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 11:21 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 11:21 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-29 17:54 . 2012-01-11 06:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 22:47 . 2012-11-15 11:21 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 11:21 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-24 13:32 . 2012-06-25 19:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2010-09-28 06:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-28 39408]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-10 98304]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-17 384800]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]
.
c:\users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Avira Notify Closer.lnk - c:\program files (x86)\AviraNotifyCloser\avNotifyCloser.exe [2011-10-12 613227]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative64
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-03-26 542040]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-27 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-27 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-30 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-08 140672]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-11 202752]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-17 85280]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-03-26 329544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-08-17 1235968]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 18:32]
.
2012-12-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2010-10-05 11:45]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 11:17]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 11:17]
.
.
--------- X64 Entries -----------
.
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 83.103.25.250 62.101.93.101
TCP: Interfaces\{F9177BBC-9C77-40E1-9D3F-D5225BB144DE}: DhcpNameServer = 83.103.25.250 62.101.93.101
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\h9bwwli4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=685749&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-21 16:36; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-09-30 18:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\utente\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:7b,92,9a,e6,93,73,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,9d,69,7d,a2,38,89,4b,8d,37,fb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,9d,69,7d,a2,38,89,4b,8d,37,fb,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-20 13:00:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-12-20 12:00
ComboFix2.txt 2012-12-19 18:20
.
Pre-Run: 61.632.237.568 byte disponibili
Post-Run: 61.256.192.000 byte disponibili
.
- - End Of File - - E6BCDAD448A2B8CAB94A83ADB5E9138C





# AdwCleaner v2.101 - Logfile creato il 20/12/2012 alle 13:04:36
# Aggiornamento 16/12/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\utente\Desktop\file ricevuti\adwcleaner(1).exe
# Opzioni [Elimina]
# Commutatori utilizzati : /DisableAskDetection


***** [Servizi] *****


***** [File / Cartelle] *****


***** [Registro] *****

Chiave Eliminata : HKCU\Software\Softonic

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Mozilla Firefox v10.0 (it)

Nome Profilo : default
File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\h9bwwli4.default\prefs.js

C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\h9bwwli4.default\user.js ... Eliminato !

[OK] File Pulito.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v [Impossibile rilevare la versione]

File : C:\Users\utente\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [1169 octets] - [24/09/2012 23:28:39]
AdwCleaner[R2].txt - [1229 octets] - [25/09/2012 09:12:54]
AdwCleaner[S1].txt - [3789 octets] - [24/09/2012 23:23:33]
AdwCleaner[S2].txt - [1348 octets] - [25/09/2012 09:13:09]
AdwCleaner[S3].txt - [1446 octets] - [14/10/2012 15:57:24]
AdwCleaner[S4].txt - [1506 octets] - [20/12/2012 13:04:36]

########## EOF - C:\AdwCleaner[S4].txt - [1566 octets] ##########
Torna in alto
 
r16
Inviato: Thursday, December 20, 2012 5:54:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Facciamo un controllo generale per vedere se tutto è a posto.
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

P.S:
Conosci questo programma?:
Hotspot
Torna in alto
 
tamagon
Inviato: Thursday, December 20, 2012 6:08:38 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ciao grazie ecco i link

http://wikisend.com/download/506872/Extras.Txt

http://wikisend.com/download/357204/OTL.Txt

Hotspot non lo conosco
Torna in alto
 
r16
Inviato: Thursday, December 20, 2012 6:52:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sicuro di non conoscerlo? (Hotspot)
http://hotspot-shield.softonic.it/

C'è ancora qualcosina da togliere:

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
[2012/06/27 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[start explorer]
[Reboot]

Clicca sul pulsante [color=red]RUN FIX[/color].
Lascia fare la scansione senza interferire.

Posta il log.

Dimmi come funziona il pc, o se riscontri problemi.
Torna in alto
 
tamagon
Inviato: Thursday, December 20, 2012 7:03:34 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
ho scaricato avira in italiano da softonic ultimamente.ciao

All processes killed
========== OTL ==========
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120707T214611.609241PID4484 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120707T085425.389102PID2764 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120706T092204.379520PID3708 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120705T161452.244513PID3756 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120704T145613.601331PID2428 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120702T140915.915836PID1756 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120701T143109.951417PID360 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120630T150203.833301PID1616 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120630T102541.027446PID3216 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120629T151951.484634PID1300 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120628T161335.606828PID2760 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T195418.781243PID3876 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T194936.192645PID3112 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T182038.304018PID2768 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs\20120627T181328.713691PID2324 folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\utente\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\utente\Desktop\cmd.bat deleted successfully.
C:\Users\utente\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: utente
->Temp folder emptied: 1678268 bytes
->Temporary Internet Files folder emptied: 5362767 bytes
->Java cache emptied: 15215 bytes
->FireFox cache emptied: 394196240 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 10662 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9969 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67941 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 383,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: utente
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

OTL by OldTimer - Version 3.2.69.0 log created on 12202012_185622

Files\Folders moved on Reboot...
C:\Users\utente\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O9MK1EBA\ADSAdClient31[1].htm not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


edit.

il pc sembra andare bene grazie
Torna in alto
 
r16
Inviato: Thursday, December 20, 2012 7:12:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
ho scaricato avira in italiano da softonic ultimamente.ciao

Male.
I programmi si devono sempre scaricare dai siti ufficiali. (o Aiutamici)
Quel Hotspot non sò nemmeno io se eliminarlo.
Ha a che fare con la connessione, e non vorrei che la sua eliminazione crei problemi.
In ogni caso non può essersi installato da solo.
Lo devi aver installato tu.
Torna in alto
 
tamagon
Inviato: Thursday, December 20, 2012 7:13:49 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
r16 ha scritto:
Commenta:
ho scaricato avira in italiano da softonic ultimamente.ciao

Male.
I programmi si devono sempre scaricare dai siti ufficiali. (o Aiutamici)
Quel Hotspot non sò nemmeno io se eliminarlo.
Ha a che fare con la connessione, e non vorrei che la sua eliminazione crei problemi.
In ogni caso non può essersi installato da solo.
Lo devi aver installato tu.




eppure ero sicuro di non avere installato nulla toolbar conprese.se non è pericoloso lo lascio.ciao

trovato questo link

http://www.topdownload.it/Hotspot%20Shield/download.html
Torna in alto
 
r16
Inviato: Thursday, December 20, 2012 7:23:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri Adwcleaner e clicca su "Disistalla".

Apri OTL e clicca su Cleanup.
Si disistallerà sia Combofix che lo stesso OTL.
Ti chiederà il riavvio del pc: acconsenti.
Disattiva e poi riattiva il Ripristino configurazione sistema.
Crea anche un punto di ripristino.
Se non riscontri problemi abbiamo concluso.
Torna in alto
 
tamagon
Inviato: Thursday, December 20, 2012 7:28:50 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
grazie r16 in caso di problemi ti faccio sapere ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » voci sospette


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.