aiuto urgentissimo.........login fallito su tutti i siti(anche posta eletronica)

Pubblicità
PC Gamer Ownage, ti ho scritto tutto nella guida di ComboFix.
Se hai un problema del genere, visto che il PC è infetto al 1000%, io cercherei di risolverlo prima senza formattare, e l'unica strada per fare piazza pulita dei fetecchioni che hai installato su quel PC è eseguire ComboFix, allegare il Report, aspettare che io lo analizzi e incrociare le dita.
Basta che segui, alla lettera, tutte le indicazioni!

Francesco
 
fatto ecco cosa è uscito tramite blocco note:

---------- Post added at 18:18 ---------- Previous post was at 18:18 ----------

ComboFix 12-04-07.04 - Valentino 08/04/2012 17:45:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4061.1536 [GMT 2:00]
Eseguito da: c:\users\Valentino\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Bandoo\Plugins\IE\iePLugin.dll
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files (x86)\facemoods.com\sqlite3.dll
c:\program files (x86)\FunWebProducts
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files (x86)\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\chrome.manifest
c:\program files (x86)\HBLite\bin\11.0.264.0\firefox\extensions\install.rdf
c:\program files (x86)\Hyperionics DB Toolbar\tbCOre3.dll
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.dll
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
c:\program files (x86)\ShopperReports3
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\CntntCntr.dll
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome.manifest
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\firefox\firefoxtoolbar\extensions\install.rdf
c:\program files (x86)\ShopperReports3\bin\3.0.497.0\link.ico
c:\program files (x86)\UNWISE.EXE
c:\program files (x86)\Windows Searchqu Toolbar
c:\program files (x86)\Windows Searchqu Toolbar\INSTALL.LOG
c:\program files (x86)\Windows Searchqu Toolbar\main.ico
c:\program files (x86)\Windows Searchqu Toolbar\UNWISE.EXE
c:\program files (x86)\Windows Searchqu Toolbar\UnwiseLauncher.exe
c:\program files\OfferBox
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\FullRemove.exe
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\programdata\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\TheBflix\bhoclass.dll
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\data\content.js
c:\programdata\TheBflix\data\jsondb.js
c:\programdata\TheBflix\settings.ini
c:\programdata\TheBflix\uninstall.exe
c:\users\Valentino\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp3E8.tmp
c:\users\Valentino\AppData\Local\Minibar
c:\users\Valentino\AppData\Local\Minibar\chrome\background.html
c:\users\Valentino\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Valentino\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Valentino\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Valentino\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Valentino\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Valentino\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Valentino\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Valentino\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Valentino\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Valentino\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Valentino\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Valentino\AppData\Local\Minibar\chrome\main.js
c:\users\Valentino\AppData\Local\Minibar\chrome\manifest.json
c:\users\Valentino\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Valentino\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Valentino\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Valentino\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Valentino\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Valentino\AppData\Local\Minibar\chrome\popup.html
c:\users\Valentino\AppData\Local\Minibar\chrome\popup.js
c:\users\Valentino\AppData\Local\Minibar\chrome\tab.html
c:\users\Valentino\AppData\Local\Minibar\chrome\tab.js
c:\users\Valentino\AppData\Local\Minibar\chrome_installer.js
c:\users\Valentino\AppData\Local\Minibar\common.js
c:\users\Valentino\AppData\Local\Minibar\install.json
c:\users\Valentino\AppData\Local\Minibar\minibar.crx
c:\users\Valentino\AppData\Local\Minibar\sqlite3.exe
c:\users\Valentino\AppData\Local\Minibar\Uninstall.exe
c:\users\Valentino\AppData\Roaming\.#
c:\users\Valentino\AppData\Roaming\HBLite
c:\users\Valentino\AppData\Roaming\OfferBox
c:\users\Valentino\AppData\Roaming\OfferBox\config.xml
c:\users\Valentino\AppData\Roaming\OfferBox\temp.ico
c:\users\Valentino\AppData\Roaming\PriceGong
c:\users\Valentino\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Valentino\AppData\Roaming\PriceGong\Data\z.xml
c:\users\Valentino\AppData\Roaming\ShopperReports3
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-08 al 2012-04-08 )))))))))))))))))))))))))))))))))))
.
.
2012-04-08 16:01 . 2012-04-08 16:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-08 16:01 . 2012-04-08 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 15:02 . 2012-04-08 15:02 388096 ----a-r- c:\users\Valentino\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-08 15:02 . 2012-04-08 15:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-06 19:17 . 2012-04-06 19:17 -------- d-----w- c:\users\Valentino\AppData\Roaming\POINTERGHOSTV1
2012-04-06 19:16 . 2012-04-06 19:16 -------- d-----w- c:\windows\Trust GXT14 Mouse
2012-04-06 19:16 . 2012-04-06 19:16 -------- d-----w- c:\program files (x86)\Trust
2012-04-06 08:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{260E8093-CE33-4A0B-9996-AF002FA91B3E}\mpengine.dll
2012-04-04 16:49 . 2012-04-04 16:49 -------- d-----w- c:\program files (x86)\Intel
2012-04-04 16:49 . 2011-12-06 13:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-27 15:14 . 2012-04-07 21:04 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-27 15:14 . 2012-03-27 15:14 -------- d-----w- c:\users\Valentino\AppData\Local\PunkBuster
2012-03-26 18:39 . 2012-03-26 18:39 -------- d-----w- c:\program files (x86)\EA Games
2012-03-26 16:57 . 2011-05-23 21:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-03-26 16:57 . 2011-05-23 21:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-03-20 17:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-03-20 17:20 . 2012-03-20 17:20 -------- d-----w- c:\program files (x86)\Outsim
2012-03-20 17:16 . 2012-03-20 17:20 -------- d-----w- c:\program files (x86)\Image-Line
2012-03-19 21:58 . 2012-03-19 21:58 -------- d-----w- c:\programdata\Premium
2012-03-19 21:58 . 2012-03-19 21:58 -------- d-----w- c:\programdata\InstallMate
2012-03-19 14:37 . 2012-03-19 14:38 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-03-15 13:16 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 13:16 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 13:16 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:22 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:22 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:22 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\users\Valentino\AppData\Roaming\BANDISOFT
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\program files (x86)\Bandicam
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-03-11 14:57 . 2012-03-11 14:57 -------- d-----w- c:\program files (x86)\Media Player Utilities 4.29
2012-03-11 14:24 . 2012-03-11 14:24 -------- d-----w- c:\program files\iPod
2012-03-11 14:24 . 2012-03-11 14:25 -------- d-----w- c:\program files\iTunes
2012-03-11 14:24 . 2012-03-11 14:25 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 14:21 . 2012-03-11 14:21 -------- d-----w- c:\program files\Bonjour
2012-03-11 14:21 . 2012-03-11 14:21 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2012-03-11 14:18 . 2012-03-11 14:18 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-10 21:30 . 2012-03-11 07:45 -------- d-----w- c:\users\Valentino\AppData\Roaming\TS3Client
2012-03-10 21:29 . 2012-03-10 21:32 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2012-03-10 19:27 . 2012-03-10 19:27 -------- d-----w- C:\Ace of Spades
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 21:04 . 2011-12-24 20:02 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-27 14:41 . 2011-12-24 20:01 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-10 12:29 . 2011-09-29 12:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-02-08 13:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-09-29 14:39 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-02-08 13:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-11-05 21:41 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2010-09-29 14:40 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 18:28 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2010-09-29 14:40 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-09-29 14:40 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-09-29 14:40 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-09-28 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 16:24 . 2010-09-30 08:48 2736736 ----a-w- c:\program files (x86)\tbSoft.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}"= "c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll" [2010-09-12 3863136]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-09-30 11:52 2735200 ----a-w- c:\program files (x86)\Search_USA\tbSea1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8926bda4-2900-4cc7-ae68-733207518a08}]
2012-02-21 22:58 85288 ----a-w- c:\program files (x86)\blekkotb_006\blekkotb_006X.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\Softonic-IT\tbSof2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files (x86)\Softonic-IT\tbSof2.dll" [2010-10-18 3908192]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\program files (x86)\Search_USA\tbSea1.dll" [2010-09-30 2735200]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}"= "c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll" [2010-09-12 3863136]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll" [2011-03-28 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\SONY Vegas Pro 10.0c Build 469\mybarnsn9F59.tmp\tbcore3.dll" [2011-09-20 2662216]
"{8926bda4-2900-4cc7-ae68-733207518a08}"= "c:\program files (x86)\blekkotb_006\blekkotb_006X.dll" [2012-02-21 85288]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CLASSES_ROOT\clsid\{8926bda4-2900-4cc7-ae68-733207518a08}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-25 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Valentino\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Facebook Update"="c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-18 137536]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-05-09 2429]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-15 218624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-02-21 232616]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2012-01-24 3189360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"trustGTX14"="c:\program files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
.
c:\users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\Valentino\AppData\Local\PosService\Pos.exe [2011-12-15 164352]
R2 ServUpdater;Serv Updater;c:\users\Valentino\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-15 156160]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-29 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 netr28ux;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\VALENT~1\AppData\Local\Temp\005E6B8.tmp [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000Core.job
- c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-18 20:44]
.
2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000UA.job
- c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-18 20:44]
.
2012-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-29 19:45]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000Core.job
- c:\users\Valentino\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 20:43]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000UA.job
- c:\users\Valentino\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 20:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-07-20 12:10 167416 ----a-w- c:\users\Valentino\AppData\Roaming\Complitly\64\Complitly64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\progra~2\SEARCH~2\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~2\SEARCH~1\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=119999
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\SONY Vegas Pro 10.0c Build 469\mybarnsn9F59.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1EB5404F-9C5E-4B12-94AB-421BC1C42689}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BE39D2E0-6606-4708-9E42-529E11FFA6A3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CD1B98BA-35B2-45BC-8CE6-480EED58AD2A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D27DC4CC-1E65-44C9-8BE3-3FBF2250DE1C}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D27DC4CC-1E65-44C9-8BE3-3FBF2250DE1C}\44D2C496E6B6: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
BHO-{09617957-EFB8-40D8-BE0B-710838D6C1F5} - c:\programdata\TheBflix\bhoclass.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-WhatPulse - c:\program files (x86)\WhatPulse\WhatPulse.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - c:\program files\OfferBox\extensions-4.0.4498.53\offerbox_air_iexplorer.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{48405D3D-2674-4CD8-B1EF-9A719443BD3F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7A5F72D2-9BBF-443F-9D35-26FC7E858E77} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-facetheme - c:\program files (x86)\Object\facetheme_uninstall.exe
AddRemove-Searchqu 406 MediaBar - c:\program files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\uninstallTB.exe
AddRemove-Softonic-IT Toolbar - c:\progra~2\UNWISE.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\programdata\TheBflix\uninstall.exe
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\VALENT~1\AppData\Local\Temp\005E6B8.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\06\19\12\12\1d?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\program files (x86)\Trust\GXT14 Mouse\StartAutorun.exe
c:\program files (x86)\Trust\GXT14 Mouse\RapooV1Process.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-08 18:15:55 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-08 16:15
.
Pre-Run: 18.942.758.912 byte disponibili
Post-Run: 20.835.782.656 byte disponibili
.
- - End Of File - - 71343FA9846074D4F1905478644BD09A

---------- Post added at 18:37 ---------- Previous post was at 18:18 ----------

quindi il testo dice buono? ha eliminato i file infetti?come la risolvo la cosa dei login?

---------- Post added at 19:15 ---------- Previous post was at 18:37 ----------

c'è nessuno? UP UP UP!

---------- Post added at 19:49 ---------- Previous post was at 19:15 ----------

aiuto raga non c'è + nessuno? uuuuuuuuuppppppppp!!!!!!
 
Purtroppo con combofix non so aiutarti io.. Non conosco bene come funzioni...
Dovresti aspettare tecnico24 oppure qualcuno che sappia "come mettere mano"..
 
Ciao.

Combofix ha eliminato decine di infezioni, ma non l'hai salvato sul destkop come ti avevo suggerito io stesso nella mia procedura.
Se ti rivogli ad un forum, vedi di seguire le indicazioni, il 100% delle indicazioni, non metà.
E' molto importante salvare ComboFix sul Desktop, ma evidentemente hai dato una veloce occhiata e ti sei detto: eseguiamolo dalla cartella Download, cosa cambierà mai!

Di PC riempiti in questo modo di schifezze ne ho visti tanti, ma questo li supera tutti.

Disinstalla TUTTE le toolbar installate.

Poi, taglia ed incolla combofix da dove è posizionato ora, sul Desktop.

A questo punto:
Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


Codice:
File::
c:\users\VALENT~1\AppData\Local\Temp\005E6B8.tmp


Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.



Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
 
io ho avviato combofix dalla icona che si è creata sul desktop......cmq adesso lo rifaccio e scrivo quà cosa esce......

---------- Post added at 19:42 ---------- Previous post was at 18:44 ----------

ecco cosa è uscito.....

---------- Post added at 19:43 ---------- Previous post was at 19:42 ----------

ComboFix 12-04-07.04 - Valentino 09/04/2012 19:07:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4061.2477 [GMT 2:00]
Eseguito da: c:\users\Valentino\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Valentino\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\VALENT~1\AppData\Local\Temp\005E6B8.tmp"
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-09 al 2012-04-09 )))))))))))))))))))))))))))))))))))
.
.
2012-04-09 17:18 . 2012-04-09 17:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-04-09 17:18 . 2012-04-09 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-08 15:02 . 2012-04-08 15:02 388096 ----a-r- c:\users\Valentino\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-08 15:02 . 2012-04-08 15:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-06 19:17 . 2012-04-06 19:17 -------- d-----w- c:\users\Valentino\AppData\Roaming\POINTERGHOSTV1
2012-04-06 19:16 . 2012-04-06 19:16 -------- d-----w- c:\windows\Trust GXT14 Mouse
2012-04-06 19:16 . 2012-04-06 19:16 -------- d-----w- c:\program files (x86)\Trust
2012-04-06 08:37 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{260E8093-CE33-4A0B-9996-AF002FA91B3E}\mpengine.dll
2012-04-04 16:49 . 2012-04-04 16:49 -------- d-----w- c:\program files (x86)\Intel
2012-04-04 16:49 . 2011-12-06 13:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-27 15:14 . 2012-04-07 21:04 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-27 15:14 . 2012-03-27 15:14 -------- d-----w- c:\users\Valentino\AppData\Local\PunkBuster
2012-03-26 18:39 . 2012-03-26 18:39 -------- d-----w- c:\program files (x86)\EA Games
2012-03-26 16:57 . 2011-05-23 21:29 3673600 ----a-w- c:\windows\system32\DxtoryCodec64.dll
2012-03-26 16:57 . 2011-05-23 21:23 3166720 ----a-w- c:\windows\SysWow64\DxtoryCodec.dll
2012-03-20 17:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-03-20 17:20 . 2012-03-20 17:20 -------- d-----w- c:\program files (x86)\Outsim
2012-03-20 17:16 . 2012-03-20 17:20 -------- d-----w- c:\program files (x86)\Image-Line
2012-03-19 21:58 . 2012-03-19 21:58 -------- d-----w- c:\programdata\Premium
2012-03-19 21:58 . 2012-03-19 21:58 -------- d-----w- c:\programdata\InstallMate
2012-03-19 14:37 . 2012-03-19 14:38 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-03-15 13:16 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 13:16 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 13:16 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 13:22 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 13:22 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 13:22 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\users\Valentino\AppData\Roaming\BANDISOFT
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\program files (x86)\Bandicam
2012-03-13 17:13 . 2012-03-13 17:13 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-03-11 14:57 . 2012-03-11 14:57 -------- d-----w- c:\program files (x86)\Media Player Utilities 4.29
2012-03-11 14:24 . 2012-03-11 14:24 -------- d-----w- c:\program files\iPod
2012-03-11 14:24 . 2012-03-11 14:25 -------- d-----w- c:\program files\iTunes
2012-03-11 14:24 . 2012-03-11 14:25 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 14:21 . 2012-03-11 14:21 -------- d-----w- c:\program files\Bonjour
2012-03-11 14:21 . 2012-03-11 14:21 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2012-03-11 14:18 . 2012-03-11 14:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2012-03-11 14:18 . 2012-03-11 14:18 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-10 21:30 . 2012-03-11 07:45 -------- d-----w- c:\users\Valentino\AppData\Roaming\TS3Client
2012-03-10 21:29 . 2012-03-10 21:32 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2012-03-10 19:27 . 2012-03-10 19:27 -------- d-----w- C:\Ace of Spades
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 21:04 . 2011-12-24 20:02 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-27 14:41 . 2011-12-24 20:01 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-10 12:29 . 2011-09-29 12:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-02-08 13:43 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2010-09-29 14:39 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-02-08 13:43 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-11-05 21:41 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2010-09-29 14:40 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 18:28 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2010-09-29 14:40 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2010-09-29 14:40 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2010-09-29 14:40 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2010-09-28 16:47 279656 ------w- c:\windows\system32\MpSigStub.exe
2010-06-03 16:24 . 2010-09-30 08:48 2736736 ----a-w- c:\program files (x86)\tbSoft.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-08_16.07.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-08 16:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-09 17:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-08 16:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 17:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-09 17:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-08 16:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-04-09 17:22 44784 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-28 16:34 . 2012-04-09 17:22 13430 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1184031838-309565304-1303757029-1000_UserData.bin
- 2012-04-08 16:04 . 2012-04-08 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-09 17:19 . 2012-04-09 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-08 16:04 . 2012-04-08 16:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-09 17:19 . 2012-04-09 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-29 13:19 . 2012-04-09 08:30 346380 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2012-04-09 17:18 598512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-07 21:19 598512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-04-09 11:07 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-04-08 12:57 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-02-08 14:13 . 2012-04-07 21:20 50154269 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1184031838-309565304-1303757029-1000-12288.dat
+ 2011-02-08 14:13 . 2012-04-09 17:18 50154269 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1184031838-309565304-1303757029-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}"= "c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll" [2010-09-12 3863136]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{09617957-EFB8-40D8-BE0B-710838D6C1F5}]
c:\programdata\TheBflix\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
2009-12-20 09:51 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2010-09-30 11:52 2735200 ----a-w- c:\program files (x86)\Search_USA\tbSea1.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8926bda4-2900-4cc7-ae68-733207518a08}]
2012-02-21 22:58 85288 ----a-w- c:\program files (x86)\blekkotb_006\blekkotb_006X.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2010-10-18 10:26 3908192 ----a-w- c:\program files (x86)\Softonic-IT\tbSof2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}]
2012-01-11 14:29 241872 ----a-w- c:\program files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files (x86)\Softonic-IT\tbSof2.dll" [2010-10-18 3908192]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\program files (x86)\Search_USA\tbSea1.dll" [2010-09-30 2735200]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"= "c:\progra~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll" [2009-12-20 87480]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}"= "c:\program files (x86)\Softonic_Italia_Movavi\tbSoft.dll" [2010-09-12 3863136]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files (x86)\BrotherSoft_Extreme\prxtbBrot.dll" [2011-03-28 176936]
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"= "c:\program files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll" [2012-01-11 250064]
"{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}"= "c:\program files (x86)\SONY Vegas Pro 10.0c Build 469\mybarnsn9F59.tmp\tbcore3.dll" [2011-09-20 2662216]
"{8926bda4-2900-4cc7-ae68-733207518a08}"= "c:\program files (x86)\blekkotb_006\blekkotb_006X.dll" [2012-02-21 85288]
.
[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
.
[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
.
[HKEY_CLASSES_ROOT\clsid\{0974ba1e-64ec-11de-b2a5-e43756d89593}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d6088b8c-1053-4bde-9b9f-6dc3dea411b4}]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}]
.
[HKEY_CLASSES_ROOT\clsid\{5018cfd2-804d-4c99-9f81-25eaea2769de}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Softonic.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{c86ff9fa-aeed-451b-a9cc-39a53173ae2e}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07458.TBSB07458]
.
[HKEY_CLASSES_ROOT\clsid\{8926bda4-2900-4cc7-ae68-733207518a08}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-25 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Akamai NetSession Interface"="c:\users\Valentino\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"Facebook Update"="c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-18 137536]
"Dxtory Update Checker 2.0"="c:\program files (x86)\Dxtory Software\Dxtory2.0\UpdateChecker.exe" [2010-10-17 93696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-11 2244608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2011-05-09 2429]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-08-17 737104]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-15 218624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-02-21 232616]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"trustGTX14"="c:\program files (x86)\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
.
c:\users\Valentino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\Valentino\AppData\Local\PosService\Pos.exe [2011-12-15 164352]
R2 ServUpdater;Serv Updater;c:\users\Valentino\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-15 156160]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsPrOb64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-29 30192]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [x]
R3 netr28ux;Driver scheda LAN wireless USB RT2870 per Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\program files (x86)\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000Core.job
- c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-18 20:44]
.
2012-04-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000UA.job
- c:\users\Valentino\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-18 20:44]
.
2012-04-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-09-29 19:45]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000Core.job
- c:\users\Valentino\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 20:43]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1184031838-309565304-1303757029-1000UA.job
- c:\users\Valentino\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 20:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{703740c1-0f1a-4cec-a4df-d78db0158477}]
c:\program files\OfferBox\extensions-4.0.4498.53\offerbox_air_iexplorer.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\progra~2\SEARCH~2\SEARCH~1\x64\datamngr.dll c:\progra~2\SEARCH~2\SEARCH~1\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/home?AF=119999
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;*.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - {C86FF9FA-AEED-451B-A9CC-39A53173AE2E} - c:\program files (x86)\SONY Vegas Pro 10.0c Build 469\mybarnsn9F59.tmp\tbcore3.dll
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1EB5404F-9C5E-4B12-94AB-421BC1C42689}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BE39D2E0-6606-4708-9E42-529E11FFA6A3}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CD1B98BA-35B2-45BC-8CE6-480EED58AD2A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D27DC4CC-1E65-44C9-8BE3-3FBF2250DE1C}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{D27DC4CC-1E65-44C9-8BE3-3FBF2250DE1C}\44D2C496E6B6: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{48405D3D-2674-4CD8-B1EF-9A719443BD3F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7A5F72D2-9BBF-443F-9D35-26FC7E858E77} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\06\19\12\12\1d?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\program files (x86)\Trust\GXT14 Mouse\StartAutorun.exe
c:\program files (x86)\Trust\GXT14 Mouse\RapooV1Process.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-09 19:30:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-09 17:30
ComboFix2.txt 2012-04-08 16:15
.
Pre-Run: 19.786.915.840 byte disponibili
Post-Run: 19.741.708.288 byte disponibili
.
- - End Of File - - F2F2568AF7B0D4B6FBE16B737F770BC7

---------- Post added at 19:56 ---------- Previous post was at 19:43 ----------

allora? questa volta ho fatto tutto quello che mi hai detto hè! che dice il responso?
 
Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/utils/tdsskiller.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
 
adesso lo faccio poi ti dico........scusa se solo ora ti rispondo ma prima èro un pò incasinato.....

---------- Post added at 14:37 ---------- Previous post was at 14:20 ----------

allora io ho cliccato su start scan.......dopo una 30ina di secondi finisce e mi dà un file sospetto con l'azione skip.......clicco su continua ma non mi dà nessuna opzione di riavvio,in'oltre non c'è nessun file nel disco C:\ di quel nome.........ho sbagliato qualcosa? HO FATTO ESATTAMENTE QUELLO CHE MI HAI DETTO

---------- Post added at 14:38 ---------- Previous post was at 14:37 ----------

mi dà una schermata con scritto SUSPICIOUS OBJECTS WERE FOUND.......E PIU SOTTO ANCORA IL TASTO DI START SCAN è normale?

---------- Post added at 14:40 ---------- Previous post was at 14:38 ----------

ho notato adesso che in alto a destra c'è un pilsante con scritto report......ci clicco?
 
TDSSKiller crea automaticamente il report in C. Allega il report che trovi in C. In attesa che FDAC veda il report....fai skip sugli oggetti sospetti: a volte sono semplici drivers senza firma digitale e quindi falsi positivi....per esempio quelli del programma vmware workstation rilevati da TDSS killer sono falsi positivi.
 
Ultima modifica:
Pubblicità
Pubblicità
Indietro
Top