PROBLEMA AIUTO HO PRESO UN VIRUS !!!

[alexp1971]

Ciao a tutti




[FONT=&amp]Mi sono appena iscritto e ho subito bisogno di aiuto per un attacco di un virus.[/FONT]
[FONT=&amp]Mi sono accorto che quando avvio Firefox di Mozilla mi apre in automatico il seguente browser LINK RIMOSSO**[/FONT]

[FONT=&amp]Pur avendo come predefinita la pagina ww.google.it in Firefox e anche in opzioni internet.[/FONT]
[FONT=&amp]Navigando ho scoperto di avere il QV06 virus che è un browser hijacker che apre pagine di siti in continuazione mentre per il resto il pc funziona normalmente (almeno fino ad ora).Ho cercato di ripristinare il pC ma i punti di ripristino erano solo del giorno prima (forse questo fatto è dovuto al virus) e allora ho utilizzato tutti i mezzi a mia disposizione senza ottenere niente. Ho avviato il pc in modalità provvisoria e ho scansionato con i seguenti programmi: Malwarbites, Super anti spyware, Spiware terminator e in modalità normale con Spibot e l’antivirus Avira. Infine ho utilizzato anche il programma Tweaking.com - Windows Repair che correggere gli errori di windows. Tutta la “robaccia” che hanno trovato i programmi è stata cancellata ma non è cambiato nulla. Prima di riavviare in modalità provvisoria ho cancellato i punti di ripristino come consigliato (tanto erano solo del 2 e 3 maggio tutti gli altri non c’erano più sul Pc). Per finire ho scansionato con Hijackthis e nel file log che mi ha dato solo 2 cose erano sospette (ho caricato il file log sul sito del programma) :[/FONT]
[FONT=&amp]1) [/FONT][FONT=&amp]O4 – HKLM\..\\RUN: POSSERVICE C:\USERS\PUBLIC\DOCUMENTS\APPDATA\POAPP\PLAUNCHER.EXE (CONSIDERATO PERICOLOSO)[/FONT]
[FONT=&amp]2) [/FONT][FONT=&amp]O4 – HKCU\..RUN: SSYNC “C:\USERS\ALESSANDRO|APPDATA\ROAMIN\SSYNC\SSYNC.EXE (SOSPETTO)[/FONT]

[FONT=&amp]Però non ho fatto nessuna azione perché non vorrei bloccare qualcosa di utile.[/FONT]
[FONT=&amp]Di più non so cosa potrei fare tranne la formattazione che mi costerebbe almeno 40-50 euro che io non vorrei fare. Se c’è qualcuno che mi può consigliare qualsiasi cosa ne sarei grato. Grazie[/FONT]

 

[tecnico24]

Benvenuto.
Utilizza adwcleaner con l'opzione elimina
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
conferma con OK il messaggio che ti appare
posta il log dopo il riavvio e verifica.

Seguiranno ulteriori istruzioni

 

[alexp1971]

Benvenuto.
Utilizza adwcleaner con l'opzione elimina
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
conferma con OK il messaggio che ti appare
posta il log dopo il riavvio e verifica.

Seguiranno ulteriori istruzioni

Ciao



Ho fatto come mi hai detto: ho scaricato adwcleaner, ho fatto la scansione e alla fine ho fatto elimina e sembra che adesso sia tutto a posto. Ho messo come pagina predefinita Google e la tiene senza problemi. Allora il negoziante che mi aveva detto che questo virus era grave mi ha detto una balla solo perchè voleva formattare il pc oppure io già lo avevo eliminato con tutte le scansioni fatte? sono curioso di sapere il motivo. Grazie
Qui sotto ho postato il file log, mi sa che c'erano un pò di porcherie vero?


# AdwCleaner v2.300 - Logfile creato il 04/05/2013 alle 23:12:20
# Aggiornamento 28/04/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Alessandro - PC01
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Alessandro\Downloads\Installer AdwCleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****

Fermato & Eliminato : BrowserProtect
Fermato & Eliminato : eSafeSvc
Fermato & Eliminato : Offerbox update service

***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\ChatZum Toolbar
Cartella Eliminato : C:\Program Files (x86)\Common Files\337
Cartella Eliminato : C:\Program Files (x86)\Delta
Cartella Eliminato : C:\Program Files (x86)\Desk 365
Cartella Eliminato : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\Program Files (x86)\OfferBox
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\eSafe
Cartella Eliminato : C:\ProgramData\InstallMate
Cartella Eliminato : C:\Users\Alessandro\AppData\Local\Babylon
Cartella Eliminato : C:\Users\Alessandro\AppData\Local\Smartbar
Cartella Eliminato : C:\Users\Alessandro\AppData\LocalLow\searchresultstb
Cartella Eliminato : C:\Users\Alessandro\AppData\LocalLow\Smartbar
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\BabSolution
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\DataMgr
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\Desk 365
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\eIntaller
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\7jk7f92t.default-1367671061103\extensions\ffxtlbr@delta.com
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\Nosibay
Cartella Eliminato : C:\Users\Alessandro\AppData\Roaming\OfferBox
Eliminato al riavvio : C:\ProgramData\Browser Manager
Eliminato al riavvio : C:\ProgramData\BrowserProtect
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
File Désinfected : C:\Users\Alessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
File Désinfected : D:\NON CANCELLARE\Desktop\Internet Explorer.lnk
File Désinfected : D:\NON CANCELLARE\Desktop\Mozilla Firefox.lnk
File Eliminato : C:\END
File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Program Files (x86)\Mozilla FireFox\searchplugins\qvo6.xml
File Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Offerbox.lnk
File Eliminato : C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\7jk7f92t.default-1367671061103\searchplugins\delta.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\1ClickDownload
Chiave Eliminata : HKCU\Software\AppDataLow\SProtector
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\ChatZum Toolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\DataMngr_Toolbar
Chiave Eliminata : HKCU\Software\Delta
Chiave Eliminata : HKCU\Software\delta LTD
Chiave Eliminata : HKCU\Software\ilivid
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\InstallCore
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\53558f8ab26eed10
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\BabylonToolbar
Chiave Eliminata : HKLM\Software\ChatZum Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chiave Eliminata : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chiave Eliminata : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chiave Eliminata : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Chiave Eliminata : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\7E685771E24E83F4381D1DB5A45F7B41
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\7E685771E24E83F4381D1DB5A45F7B41
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Chiave Eliminata : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl
Chiave Eliminata : HKLM\SOFTWARE\Classes\OfferBoxUI.TheBoxCtrl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\Software\Delta
Chiave Eliminata : HKLM\Software\Desksvc
Chiave Eliminata : HKLM\Software\eSafeSecControl
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\Software\qvo6Software
Chiave Eliminata : HKLM\Software\SoftwareUpdater
Chiave Eliminata : HKLM\Software\SP Global
Chiave Eliminata : HKLM\Software\SProtector
Chiave Eliminata : HKLM\Software\V9
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\53558f8ab26eed10
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Offerbox
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\DataMngr
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Chiave Eliminata : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKU\S-1-5-21-2852367455-1021117880-3788102704-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Dato Eliminata : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll
Dato Eliminata : HKLM\...\StartMenuInternet\FIREFOX.EXE [(Default)] = C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236
Dato Eliminata : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valore Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Valore Eliminata : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16470

Sostituito : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236 --> hxxp://www.google.com
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=mlv&from=mlv&uid=ST2000DM001-1CH164_Z2F0JQJJXXXXZ2F0JQJJ&ts=1367430236 --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (it)

File : C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\7jk7f92t.default-1367671061103\prefs.js

C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Profiles\7jk7f92t.default-1367671061103\user.js ... Eliminato !

Eliminata : user_pref("browser.newtab.url", "hxxp://www2.delta-search.com/?affID=119585&tt=gc_&babsrc=NT_ss&mntr[...]
Eliminata : user_pref("browser.search.order.1", "Delta Search");
Eliminata : user_pref("browser.search.selectedEngine", "Delta Search");
Eliminata : user_pref("browser.startup.homepage", "hxxp://www2.delta-search.com/?affID=119585&tt=gc_&babsrc=HP_s[...]

*************************

AdwCleaner[R1].txt - [28557 octets] - [04/05/2013 23:11:49]
AdwCleaner[S1].txt - [27463 octets] - [04/05/2013 23:12:20]

########## EOF - C:\AdwCleaner[S1].txt - [27524 octets] ##########

 

[tecnico24]

Semplicemente non se ne intende , l'unica spiegazione plausibile.
Definire una sciocchezza del genere come "grave" non puo' definirsi competitivo in questo ambito.
Apri adwcleaner e clicca su "disinstalla" per rimuoverlo correttamente.

 

[alexp1971]

Ciao

Secondo me se ne intende perchè è molto considerato, il fatto è che ci ha provato. E pensare che mi aveva quasi convinto. Ma adesso con voi non avrò più problemi in futuro a meno di prendere virus molto più pericolosi. Scusa ma non ho capito una cosa: devo fare "disinstalla" cioè elimino il programma adwcleaner? poi se un giorno mi riserve lo reinstallo? ma in realtà io non lo trovo installato nei programmi e funzionalità, non è per caso un eseguibile? infatti ogni volta che ci clicco sembra che lo reinstallo di nuovo.Ringrazio molto per l'aiuto



Ciao

 

[tecnico24]

Si elimina adwcleaner , poi quando ti servirà lo scaricherai.
E' un tool standalone , non necessità di installazione.

 

[alexp1971]

grazie 1000

 

[Roberto74]

Salve avrei bisogno di aiuto per debellare questo Qvo6 maledetto le ho provate tutte ma senza risultato,sto seguendo la guida per ripulire il pc partendo da combofix.per adesso sono bloccato alla preparazione del report per il file log (già un ora che è fermo,tutto normale che ci voglia così tanto?),chiederei se gentilmente qualcuno si offrisse volontario ad esaminare i file log che posterò appena pronti..grazie in anticipo:)

 

[alexp1971]

Salve avrei bisogno di aiuto per debellare questo Qvo6 maledetto le ho provate tutte ma senza risultato,sto seguendo la guida per ripulire il pc partendo da combofix.per adesso sono bloccato alla preparazione del report per il file log (già un ora che è fermo,tutto normale che ci voglia così tanto?),chiederei se gentilmente qualcuno si offrisse volontario ad esaminare i file log che posterò appena pronti..grazie in anticipo:)

Ciao



Perchè non scarichi e usi il programma adwcleaner che hanno consigliato anche a me? a me ha risolto suvbito il problema dopo la scansione. ciao

 

[RunDLL]

Non definirei il tecnico uno che non se ne intende dal momento che con strumenti "tradizionali" per dire quelli più usati di solito ed è veramente rognoso. Mica tutti conoscono tutti i programmi in assoluto, tra cui AWD Cleaner.

 

[guns]

Ciao.
Allora da ieri nello scaricare un programma di cui non ricordo il nome si è installato anche questo virus.
Ovviamente la prima cosa evidente è stato il fatto che la pagina iniziale era qvo6.com ed anche se tentavi di modificarla rimaneva la stessa. Dopo aver provato, inutilmente, a cambiarla avevo deciso di lasciar perdere, ma oggi cercando su internet un modo per disinstallarla ho capito che era un virus.
Ho sempre usato Chrome, ma pensando che disinstallandolo il problema cessasse, attualmente sto utilizzando Internet Explorer.
Quando avevo notato questo problema avevo fatto la scansione con l'antivirus 'Avira' e con l'anti malware 'Malwarebytes', ma nonostante avessero trovato qualcosa ed in seguito l'avessero eliminato il problema c'era/c'è ancora.
Ho già utilizzato, come suggerito sopra, il programma 'AdwCleaner' ma nonostante ciò la pagina iniziale rimane sempre quella del virus. Cosa posso fare?

Questo è il file log

# AdwCleaner v3.002 - Report created 07/09/2013 at 14:12:19
# Updated 01/09/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Guarini - PC-FEDERICA
# Running from : C:\Users\Guarini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A91IO1WX\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : BrowserDefendert
***** [ Files / Folders ] *****
Folder Deleted : C:\Kreapixel
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Guarini\AppData\Local\cre
Folder Deleted : C:\Users\Guarini\AppData\Local\EoRezo
Folder Deleted : C:\Users\Guarini\AppData\Local\Wajam
Folder Deleted : C:\Users\Guarini\AppData\Local\Temp\eIntaller
Folder Deleted : C:\Users\Guarini\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Guarini\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Guarini\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Guarini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Guarini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\Guarini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
File Deleted : C:\END
File Deleted : C:\Users\Guarini\Desktop\cacaoweb.exe
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\EPUpdater
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Guarini\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Guarini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Guarini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Guarini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A46ECEE-B760-45B3-8607-46997AF62E34}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A46ECEE-B760-45B3-8607-46997AF62E34}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF8AC011-7923-44EC-91DE-B3AB083FFDA4}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF8AC011-7923-44EC-91DE-B3AB083FFDA4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\5c57dbdcb539e415
Key Deleted : HKLM\SOFTWARE\5c57dbdcb539e415
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{9937E55B-6331-4804-93EF-77E992F204BD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video downloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16502
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
*************************
AdwCleaner[R0].txt - [17576 octets] - [07/09/2013 14:11:32]
AdwCleaner[S0].txt - [16572 octets] - [07/09/2013 14:12:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16633 octets] ##########

 

[mlagom]

Benvenuto.
Utilizza adwcleaner con l'opzione elimina
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
conferma con OK il messaggio che ti appare
posta il log dopo il riavvio e verifica.

Seguiranno ulteriori istruzioni

ciao, ho provato a far girare adwcleaner, combofix e tanti altri programmi senza successo! qvo6 persiste sul mio pc, sono riuscito credo a bloccarlo ma non ad eliminarlo, cliccando col tasto destro sull'icona di crome ed explorer nella barra in basso, e poi accanto ai programmi piu utilizzati ho cliccato blocca ed effettivamente e' bloccato, ma c'e' ancora! il report di combofix e' il seguente: cosa me ne faccio di tutto cio?


ComboFix 13-09-17.01 - USER 17/09/2013 16:56:09.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1040.18.3946.2679 [GMT 2:00]
Running from: c:\users\USER\documenti personali\Desktop\abc.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 )))))))))))))))))))))))))))))))
.
.
2013-09-17 15:00 . 2013-09-17 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-17 15:00 . 2013-09-17 15:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-17 14:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41E39BF5-F9A2-4E8D-AE05-D105D518C71F}\mpengine.dll
2013-09-16 20:14 . 2013-09-16 20:14 -------- d-----w- c:\users\USER\AppData\Local\Wajam
2013-09-15 23:58 . 2013-09-15 23:58 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2013-09-15 23:58 . 2013-09-15 23:58 -------- d-----w- c:\programdata\Malwarebytes
2013-09-15 23:57 . 2013-09-15 23:57 -------- d-----w- c:\users\USER\AppData\Local\Programs
2013-09-15 23:40 . 2013-09-15 23:40 -------- d-----w- c:\program files\Enigma Software Group
2013-09-15 23:40 . 2013-09-16 19:59 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-15 23:40 . 2013-09-15 23:40 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-09-15 23:28 . 2013-09-15 23:28 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-09-15 23:18 . 2013-09-15 23:18 -------- d-----w- c:\users\USER\AppData\Local\BonanzaDealsLive
2013-09-15 23:18 . 2013-09-15 23:18 -------- d-----w- c:\programdata\BonanzaDealsLive
2013-09-15 23:18 . 2013-09-15 23:32 -------- d-----w- c:\program files (x86)\BonanzaDeals
2013-09-15 19:01 . 2013-09-15 19:03 -------- d-----w- c:\users\USER\AppData\Roaming\GetRightToGo
2013-09-15 18:30 . 2013-09-16 20:20 -------- d-----w- c:\programdata\eSafe
2013-09-12 23:38 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-12 23:38 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-09-12 23:38 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-12 23:38 . 2013-08-02 01:59 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-09-12 12:22 . 2013-09-12 12:22 -------- d-----w- c:\programdata\Promote Installer
2013-08-28 12:52 . 2013-08-28 12:58 -------- d-----w- c:\program files (x86)\Real
2013-08-28 12:51 . 2013-08-28 12:51 -------- d-----w- c:\users\USER\AppData\Local\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-15 16:35 . 2013-05-20 11:29 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 23:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-15 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 09:25 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 09:25 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 09:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-15 09:26 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-15 09:25 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-15 09:26 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-15 09:26 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-15 09:26 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-15 09:25 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-15 09:26 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-15 09:26 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 09:26 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-15 09:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 09:25 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-19 18:04 . 2013-06-19 18:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-19 18:04 . 2013-06-19 18:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-19 18:04 . 2013-06-19 18:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-19 18:04 . 2013-06-19 18:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-19 18:04 . 2013-06-19 18:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-19 18:04 . 2013-06-19 18:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-19 18:04 . 2013-06-19 18:04 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-19 18:04 . 2013-06-19 18:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-19 18:04 . 2013-06-19 18:04 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-19 18:04 . 2013-06-19 18:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-19 18:04 . 2013-06-19 18:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-19 18:04 . 2013-06-19 18:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-19 18:04 . 2013-06-19 18:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-19 18:04 . 2013-06-19 18:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-19 18:04 . 2013-06-19 18:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-19 18:04 . 2013-06-19 18:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-19 18:04 . 2013-06-19 18:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-19 18:04 . 2013-06-19 18:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-19 18:04 . 2013-06-19 18:04 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-19 18:04 . 2013-06-19 18:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-19 18:04 . 2013-06-19 18:04 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-19 18:04 . 2013-06-19 18:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-19 18:04 . 2013-06-19 18:04 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-19 18:04 . 2013-06-19 18:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-19 18:04 . 2013-06-19 18:04 441856 ----a-w- c:\windows\system32\html.iec
2013-06-19 18:04 . 2013-06-19 18:04 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-19 18:04 . 2013-06-19 18:04 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-19 18:04 . 2013-06-19 18:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-19 18:04 . 2013-06-19 18:04 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-19 18:04 . 2013-06-19 18:04 235008 ----a-w- c:\windows\system32\url.dll
2013-06-19 18:04 . 2013-06-19 18:04 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-19 18:04 . 2013-06-19 18:04 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-19 18:04 . 2013-06-19 18:04 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-19 18:04 . 2013-06-19 18:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-19 18:04 . 2013-06-19 18:04 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-19 18:04 . 2013-06-19 18:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-19 18:04 . 2013-06-19 18:04 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-19 18:04 . 2013-06-19 18:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-19 18:04 . 2013-06-19 18:04 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-19 18:04 . 2013-06-19 18:04 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-19 18:04 . 2013-06-19 18:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-19 18:04 . 2013-06-19 18:04 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-19 18:04 . 2013-06-19 18:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-19 18:04 . 2013-06-19 18:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-19 18:04 . 2013-06-19 18:04 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-19 18:04 . 2013-06-19 18:04 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-19 18:04 . 2013-06-19 18:04 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-19 18:04 . 2013-06-19 18:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-19 18:04 . 2013-06-19 18:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-19 18:03 . 2013-06-19 18:03 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-19 18:03 . 2013-06-19 18:03 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-19 18:03 . 2013-06-19 18:03 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-19 18:03 . 2013-06-19 18:03 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-19 18:03 . 2013-06-19 18:03 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-19 18:03 . 2013-06-19 18:03 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-19 18:03 . 2013-06-19 18:03 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-19 18:03 . 2013-06-19 18:03 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-19 18:03 . 2013-06-19 18:03 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-19 18:03 . 2013-06-19 18:03 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-19 18:03 . 2013-06-19 18:03 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-19 18:03 . 2013-06-19 18:03 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-19 18:03 . 2013-06-19 18:03 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-19 18:03 . 2013-06-19 18:03 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-19 18:03 . 2013-06-19 18:03 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-06-19 18:03 . 2013-06-19 18:03 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-06-19 18:03 . 2013-06-19 18:03 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-06-19 18:03 . 2013-06-19 18:03 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Software updater"="c:\users\USER\AppData\Roaming\FreeSoftwareUpdater\updater.exe" [2013-05-21 52516]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-08-26 177448]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2012-9-5 723560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FFSOpzSvc;Sleep memory optimizer;c:\program files\Sleep Memory Optimizer\FFSService.exe;c:\program files\Sleep Memory Optimizer\FFSService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 08:18 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-06-16 16:43]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14 17:46]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-16 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-16 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-16 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-10 12666984]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-10 2275944]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-30 981664]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-30 799904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DenieD: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Completion time: 2013-09-17 17:01:45
ComboFix-quarantined-files.txt 2013-09-17 15:01
ComboFix2.txt 2013-09-16 20:45
.
Pre-Run: 161,456,713,728 byte disponibili
Post-Run: 161,401,286,656 byte disponibili
.
- - End Of File - - 19D10EF5B6656EAB262989DB2E969C81

 

[Marianna_83]

Allego il report di AdwCleaner. Grazie!

 

[matteocaparrini]

Ciao ragazzi!
Ho lo stesso problema con qvo6 degli altri sopra di me.
Help! please!

Ecco il log:

ComboFix 13-09-22.01 - Matteo 22/09/2013 21:19:28.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4061.2427 [GMT 2:00]
Eseguito da: c:\users\Matteo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\Sqlite3.dll
c:\program files (x86)\Funmoods\1.5.23.22\uninst.dat
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\genfix.exe
c:\program files (x86)\StartNow Toolbar\Reactivate.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\StartNow Toolbar\XBrowser.dll
c:\programdata\BBrroWse2seaveo
c:\programdata\BBrroWse2seaveo\51374945e86bc.dll
c:\programdata\BBrroWse2seaveo\51374945e86bc.tlb
c:\programdata\BBrroWse2seaveo\settings.ini
c:\programdata\BBrroWse2seaveo\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\BBrroWse2seaveo
c:\programdata\Microsoft\Windows\Start Menu\Programs\BBrroWse2seaveo\BBrroWse2seaveo.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\BBrroWse2seaveo\Uninstall.lnk
c:\users\Babbo\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Babbo\AppData\Roaming\Kywi
c:\users\Babbo\AppData\Roaming\Kywi\inuf.exe
c:\users\Babbo\AppData\Roaming\OfferBox
c:\users\Babbo\AppData\Roaming\OfferBox\config.dat
c:\users\Babbo\AppData\Roaming\OfferBox\config.xml
c:\users\Guest\AppData\Roaming\cacaoweb
c:\users\Guest\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Guest\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Guest\AppData\Roaming\cacaoweb\storage.db
c:\users\Guest\cacaoweb.exe
c:\users\Guest\Google_Chrome_Setup.exe
c:\users\Matteo\AppData\Local\DProtect
c:\users\Matteo\AppData\Local\DProtect\config.dat
c:\users\Matteo\AppData\Local\DProtect\DProtectSvc.exe
c:\users\Matteo\AppData\Local\DProtect\DPUninstall.exe
c:\users\Matteo\AppData\Local\DProtect\eBP.dll
c:\users\Matteo\AppData\Local\DProtect\eBPSD.dll
c:\users\Matteo\AppData\Local\DProtect\eDelayinfo.edb
c:\users\Matteo\AppData\Local\DProtect\eGdpSvc.exe
c:\users\Matteo\AppData\Local\DProtect\log\DProtectSvc.LOG
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\51374945e84708.94342796.js
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\background.html
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\content.js
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\lsdb.js
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\manifest.json
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgpbfmgacllblmgflefneokbpiaidcc\1\sqlite.js
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_odgpbfmgacllblmgflefneokbpiaidcc_0.localstorage-journal
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_odgpbfmgacllblmgflefneokbpiaidcc_0.localstorage
c:\users\Matteo\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Matteo\AppData\Local\lollipop
c:\users\Matteo\AppData\Local\lollipop\logo.ico
c:\users\Matteo\AppData\Local\lollipop\lollipop_08262026.bat
c:\users\Matteo\AppData\Local\lollipop\lollipop_08262026.exe
c:\users\Matteo\AppData\Local\lollipop\lollipop_08262026.lpd
c:\users\Matteo\AppData\Local\lollipop\lollipop_08262026_cfg.lpd
c:\users\Matteo\AppData\Local\lollipop\lollipop_08262026_ps.lpd
c:\users\Matteo\AppData\Roaming\BabMaint.exe
c:\users\Matteo\AppData\Roaming\cacaoweb
c:\users\Matteo\AppData\Roaming\cacaoweb\cacaoweb.crx
c:\users\Matteo\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Matteo\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Matteo\AppData\Roaming\cacaoweb\replicating8C8B1C793B0A50D9951BC2BBFFDE03BE.cacao
c:\users\Matteo\AppData\Roaming\cacaoweb\storage.db
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\chrome.manifest
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\install.rdf
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com\bootstrap.js
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com\chrome.manifest
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com\content\bg.js
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com\content\zy.xul
c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com\install.rdf
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DPService
-------\Service_Updater Service for StartNow Toolbar
-------\Service_DPService
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Creati Da 2013-08-22 al 2013-09-22 )))))))))))))))))))))))))))))))))))
.
.
2013-09-22 19:28 . 2013-09-22 19:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-22 19:28 . 2013-09-22 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-22 19:28 . 2013-09-22 19:28 -------- d-----w- c:\users\Babbo\AppData\Local\temp
2013-09-22 15:15 . 2013-09-22 15:15 -------- d-----w- c:\users\Matteo\AppData\Local\Macromedia
2013-09-22 15:14 . 2013-09-22 15:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-09-22 15:12 . 2013-09-22 15:12 -------- d-----w- c:\users\Matteo\AppData\Local\Wajam
2013-09-22 15:12 . 2013-09-22 15:13 -------- d-----w- c:\program files (x86)\Wajam
2013-09-22 15:12 . 2013-09-22 15:12 -------- d-----w- c:\users\Matteo\AppData\Local\BonanzaDealsLive
2013-09-22 15:12 . 2013-09-22 15:12 -------- d-----w- c:\programdata\BonanzaDealsLive
2013-09-22 15:12 . 2013-09-22 15:12 -------- d-----w- c:\program files (x86)\BonanzaDeals
2013-09-22 11:41 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F8E47692-4298-4446-BF76-E49A1E5AE813}\mpengine.dll
2013-09-14 23:05 . 2013-09-14 23:05 -------- d-----w- c:\users\Matteo\AppData\Local\avgchrome
2013-09-14 09:47 . 2013-09-14 09:47 -------- d-----w- c:\programdata\BitGuard
2013-09-12 22:39 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-09-12 22:39 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-08-29 17:46 . 2013-08-29 17:46 -------- d-----w- c:\users\Guest\AppData\Local\Diagnostics
2013-08-29 17:41 . 2013-08-29 17:41 -------- d-----w- c:\users\Guest\AppData\Local\Opera Software
2013-08-29 17:41 . 2013-08-29 17:41 -------- d-----w- c:\users\Guest\AppData\Roaming\Opera Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 19:32 . 2012-10-24 17:20 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-09-21 16:28 . 2012-04-15 10:57 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-21 16:28 . 2011-05-14 11:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 05:32 . 2012-12-03 14:26 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-02 01:48 . 2013-09-12 22:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 05:35 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 05:35 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 05:37 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 05:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 05:39 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 05:35 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 05:39 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 05:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 05:39 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 05:35 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 05:39 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 05:39 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 05:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 05:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 05:34 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0e9c9453-038b-4c2d-999d-21e0d2aa7ce5}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\MAX_IT_Atube\tbMAX_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24 247704 ----a-w- c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-06-03 16:24 2736736 ----a-w- c:\program files (x86)\Softonic-IT\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-05-16 18:37 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{fe063412-bea4-4d76-8ed3-183be6220d17}]
2013-08-21 17:36 100336 ----a-w- c:\program files (x86)\BonanzaDeals\BonanzaDealsIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files (x86)\Softonic-IT\tbSoft.dll" [2010-06-03 2736736]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
"{0e9c9453-038b-4c2d-999d-21e0d2aa7ce5}"= "c:\program files (x86)\MAX_IT_Atube\tbMAX_.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{0e9c9453-038b-4c2d-999d-21e0d2aa7ce5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Matteo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-16 138096]
"Spotify Web Helper"="c:\users\Matteo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-09 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files (x86)\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-16 50472]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"4StoryPrePatch"="c:\program files (x86)\Gameforge4D\4Story\PrePatch.exe" [2010-08-31 319488]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-10-09 20:58 72248 ----a-w- c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-10-09 20:58 3054136 ----a-w- c:\windows\AsScrPro.exe
.
R2 bonanzadealslive;Servizio BonanzaDealsLive (bonanzadealslive);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 bonanzadealslivem;Servizio BonanzaDealsLive (bonanzadealslivem);c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe;c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 BitGuard;BitGuard;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe;c:\programdata\BitGuard\2.6.1673.238\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [x]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys;c:\windows\SYSNATIVE\DRIVERS\activhidsermini.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys;c:\windows\SYSNATIVE\DRIVERS\activmouse.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21 16:28]
.
2013-09-22 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
- c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-22 15:12]
.
2013-09-22 c:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
- c:\program files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-09-22 15:12]
.
2013-09-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1000Core.job
- c:\users\Matteo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 08:41]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1000UA.job
- c:\users\Matteo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 08:41]
.
2013-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1003Core.job
- c:\users\Babbo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-23 22:35]
.
2013-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1003UA.job
- c:\users\Babbo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-23 22:35]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1000Core.job
- c:\users\Matteo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-15 16:16]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1000UA.job
- c:\users\Matteo\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-15 16:16]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1003Core.job
- c:\users\Babbo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 11:42]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3815279068-2318928426-3713527259-1003UA.job
- c:\users\Babbo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-20 11:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2x64.exe" [2009-04-03 1237504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9500325AS_5VE4KYZWXXXX5VE4KYZW&ts=1379877212
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9500325AS_5VE4KYZWXXXX5VE4KYZW&ts=1379877212
mStart Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9500325AS_5VE4KYZWXXXX5VE4KYZW&ts=1379877212
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = ${URL_SEARCHPAGE}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\
FF - prefs.js: browser.search.selectedEngine - qvo6
FF - prefs.js: browser.startup.homepage - hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=ST9500325AS_5VE4KYZWXXXX5VE4KYZW&ts=1379862855
FF - ExtSQL: 2013-08-02 17:20; ffxtlbr@babylon.com; c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\ffxtlbr@babylon.com
FF - ExtSQL: 2013-09-22 17:12; {f9d03c26-0575-497e-821d-f7956d23e0ca}; c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
FF - ExtSQL: 2013-09-22 17:12; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF - ExtSQL: !HIDDEN! 2013-03-06 14:50; psydmu-aq@ayia-ywvip.com; c:\users\Matteo\AppData\Roaming\Mozilla\Firefox\Profiles\c7xf2w88.default\extensions\psydmu-aq@ayia-ywvip.com
FF - ExtSQL: !HIDDEN! 2013-05-02 21:21; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - user.js: extensions.BabylonToolbar_i.id - 7883a1c20000000000001a4bd635998d
FF - user.js: extensions.BabylonToolbar_i.hardId - 7883a1c20000000000001a4bd635998d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15310
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101293
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0Ezy0Azz0F0AtC0CtBtN0D0Tzu0CtAtCyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1916319824
FF - user.js: extensions.funmoods.dfltSrch - false
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0Ezy0Azz0F0AtC0CtBtN0D0Tzu0CtAtCyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1916319824
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=stonicrio&chnl=stonicrio&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AyC0Ezy0Azz0F0AtC0CtBtN0D0Tzu0CtAtCyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1916319824&q=
FF - user.js: extensions.funmoods.id - 90E6BA6E9A8FA1C2
FF - user.js: extensions.funmoods.instlDay - 15656
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:25
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - stonicrio
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - stonicrio
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 7883a1c20000000000001a4bd635998d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15790
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.018:22
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
BHO-{DAF4D811-9561-09B8-6EA6-3380BF31925F} - c:\programdata\BBrroWse2seaveo\51374945e86bc.dll
Toolbar-Locked - (no file)
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
Wow6432Node-HKCU-Run-PoService - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\Matteo\AppData\Roaming\cacaoweb\cacaoweb.exe
Wow6432Node-HKCU-Run-lollipop_08262026 - c:\users\matteo\appdata\local\lollipop\lollipop_08262026.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\Matteo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Matteo\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-CLMLServer - c:\program files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{0E9C9453-038B-4C2D-999D-21E0D2AA7CE5} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
AddRemove-1ClickDownloader - c:\users\Matteo\Desktop\uninst.exe
AddRemove-DProtect - c:\users\Matteo\AppData\Local\DProtect\DPUninstall.exe
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\BBrroWse2seaveo\uninstall.exe
AddRemove-GeoGebra 4 - c:\windows\system32\javaws.exe
AddRemove-lollipop_08262026 - c:\users\matteo\appdata\local\lollipop\lollipop_08262026.bat
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files\Activ Software\Activdriver\activmgr.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Ora fine scansione: 2013-09-22 21:38:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-09-22 19:38
.
Pre-Run: 81.021.419.520 byte disponibili
Post-Run: 82.628.284.416 byte disponibili
.
- - End Of File - - 9D9CE1AE39DA08BCB8728FA9055413E9
5C616939100B85E558DA92B899A0FC36

 

[abby_84_]

Ciao Ragazzi,
sono caduta anche io nei tranelli del QVO6, e non riesco ad eliminarlo. Ho provato a fare le scansioni con avira, con ccleaner e con adwcleaner ma quella maledettissima pagina rimane ancora, nonostante abbia modificato più di una volta le preferenze del browser?
Cosa mi manca, cos'altro devo fare?