Come leggere il report di Combofix?

Esperanza Argentina Fumilla · 16 Aprile 2012

Salve ha tutti.
Da quando ho scaricato un file da Softonic ho riscontrato un problema: si aprono pagine pubblicitarie con Internet Explorer.
Ho analizzato il problema con Combofix, ma avrei bisogno di una mano per leggere il log che allego nel post.
Chi potrebbe aiutarmi?

Grazie anticipatamente

FDAC · 16 Aprile 2012

Disinstalla SpywareTerminator (non serve a nulla).
Disinstalla anche TuneUp Utilities 2012 (se usato bene è al limite della decenza).

Taglia/Incolla ComboFix da qui;
c:\users\Speranza\Downloads\ComboFix.exe

E mettilo sul Desktop.

Quindi;

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:

File::
c:\program files (x86)\Tuto4pc\tutorials.exe

Folder::
c:\users\Speranza\AppData\Roaming\Tuto4pc
c:\users\Speranza\AppData\Local\Tuto4PC
c:\program files (x86)\BabylonToolbar
c:\program files\Babylon
c:\program files (x86)\Crawler

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Tutorials"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{DB5A0897-2F81-4dc7-A028-0993B5D7DCFB}]

● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi

Esperanza Argentina Fumilla · 16 Aprile 2012

Grazie mille! :-)
Ecco il nuovo report. Adesso che faccio?

ComboFix 12-04-16.01 - Speranza 16/04/2012 18:01:48.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4061.2567 [GMT 2:00]
Eseguito da: c:\users\Speranza\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Speranza\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Tuto4pc\tutorials.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files (x86)\Crawler
c:\program files (x86)\Crawler\Toolbar\adrkeys.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\CLEANUP_BMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\COMMON\YP_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\STBUTTON_BMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\STBUTTON_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\STBUTTON_MENU.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
c:\program files (x86)\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
c:\program files (x86)\Crawler\Toolbar\COMMON_FF.dat
c:\program files (x86)\Crawler\Toolbar\confirm.dat
c:\program files (x86)\Crawler\Toolbar\ctbcomm.dll
c:\program files (x86)\Crawler\Toolbar\ctbr.dll
c:\program files (x86)\Crawler\Toolbar\CTConf.dat
c:\program files (x86)\Crawler\Toolbar\CTipsDef.dll
c:\program files (x86)\Crawler\Toolbar\CToolbar.exe
c:\program files (x86)\Crawler\Toolbar\CUpdate.exe
c:\program files (x86)\Crawler\Toolbar\firefox\chrome.manifest
c:\program files (x86)\Crawler\Toolbar\firefox\chrome\common.jar
c:\program files (x86)\Crawler\Toolbar\firefox\chrome\stwsg.jar
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko1.9.2.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko10.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko11.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko2.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko5.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko6.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko7.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko8.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\gecko9.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko1.9.2.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko10.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko11.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko2.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko5.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko6.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko7.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko8.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\WSG_Gecko\gecko9.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\xcomm.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\xplugin.xpt
c:\program files (x86)\Crawler\Toolbar\firefox\components\xshared.dll
c:\program files (x86)\Crawler\Toolbar\firefox\components\xshared.xpt
c:\program files (x86)\Crawler\Toolbar\firefox\components\xwsg.dll
c:\program files (x86)\Crawler\Toolbar\firefox\install.ini
c:\program files (x86)\Crawler\Toolbar\firefox\install.rdf
c:\program files (x86)\Crawler\Toolbar\firefox\stwsg_ff.ini
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_CS.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_DA.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_DE.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_EN.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_ES.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_FF.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_FR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_IT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_NL.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_PT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_RU.cab
c:\program files (x86)\Crawler\Toolbar\Languages\STWSG_SR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_CS.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_DA.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_DE.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_EN.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_ES.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_FR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_IT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_NL.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_PT.cab
c:\program files (x86)\Crawler\Toolbar\Languages\TBR5_RU.cab
c:\program files (x86)\Crawler\Toolbar\lookfor.dat
c:\program files (x86)\Crawler\Toolbar\majorse.dat
c:\program files (x86)\Crawler\Toolbar\rootmenu.dat
c:\program files (x86)\Crawler\Toolbar\services.dat
c:\program files (x86)\Crawler\Toolbar\STWSG_FF.dat
c:\program files (x86)\Crawler\Toolbar\STWSGLanguageAct\info.ini
c:\program files (x86)\Crawler\Toolbar\STWSGLanguageAct\language.ini
c:\program files (x86)\Crawler\Toolbar\TBR5LanguageAct\info.ini
c:\program files (x86)\Crawler\Toolbar\TBR5LanguageAct\language.ini
c:\program files (x86)\Crawler\Toolbar\Update\domains.cab
c:\program files (x86)\Crawler\Toolbar\WebSecurityGuard.dll
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_000.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_001.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_002.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_003.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_004.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_005.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_006.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_007.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_008.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_009.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_010.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_011.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_012.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_013.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_014.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_015.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_016.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_017.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_018.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_019.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_020.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_021.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_022.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_023.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_024.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_025.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_026.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_027.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_028.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_029.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_030.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_031.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_032.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_033.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_034.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_034_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_035.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_035_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_036.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_036_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_037.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_037_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_038.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_038_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_039.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_039_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_040.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_040_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_041.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\domains_041_diff.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\index.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\domains\TopList.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\ud_S-1-5-21-380637450-2164552997-1424197416-1000.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\uv_S-1-5-21-380637450-2164552997-1424197416-1000.dat
c:\program files (x86)\Crawler\Toolbar\WSGData\wfilter.dat
c:\program files (x86)\Tuto4pc\tutorials.exe
c:\program files\Babylon
c:\users\Speranza\AppData\Local\Tuto4PC
c:\users\Speranza\AppData\Local\Tuto4PC\Tutorials\EoStats\eoStats.txt
c:\users\Speranza\AppData\Local\Tuto4PC\Tutorials\Tuto4PC_confMedia.cyp
c:\users\Speranza\AppData\Local\Tuto4PC\Tutorials\user.cyp
c:\users\Speranza\AppData\Local\Tuto4PC\Tutorials\user_profil.cyp
c:\users\Speranza\AppData\Roaming\Tuto4pc
c:\users\Speranza\AppData\Roaming\Tuto4pc\Tuto4pc\shar.cyp
c:\users\Speranza\AppData\Roaming\Tuto4pc\Tuto4pc\Updatetutorials.exe
c:\users\Speranza\AppData\Roaming\Tuto4pc\Tuto4pc\UpdatetutorialsHP.exe
c:\users\Speranza\AppData\Roaming\Tuto4pc\Tuto4pc\user_conf.cyp
c:\users\Speranza\AppData\Roaming\Tuto4pc\Tuto4pc\user_prof.cyp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-16 al 2012-04-16 )))))))))))))))))))))))))))))))))))
.
.
2012-04-16 16:13 . 2012-04-16 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 00:08 . 2012-04-16 00:08 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-04-13 23:23 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{871FD7B9-8679-4ABF-9EA3-86507924180A}\mpengine.dll
2012-04-11 23:10 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 23:10 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 23:10 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 23:08 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 23:08 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 23:08 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 23:07 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 23:07 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 23:07 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 23:07 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-29 23:10 . 2012-03-29 23:10 238 ----a-w- C:\user.js
2012-03-29 23:09 . 2012-03-29 23:14 -------- d-----w- c:\program files (x86)\GPL MPEG Decoder
2012-03-29 23:08 . 2012-04-16 16:08 -------- d-----w- c:\program files (x86)\Tuto4pc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-16 12:19 . 2012-03-16 12:19 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 12:19 . 2012-03-16 12:19 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 12:19 . 2012-03-16 12:19 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 12:19 . 2012-03-16 12:19 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 12:19 . 2012-03-16 12:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 12:19 . 2012-03-16 12:19 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 12:19 . 2012-03-16 12:19 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 12:19 . 2012-03-16 12:19 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 12:19 . 2012-03-16 12:19 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 12:19 . 2012-03-16 12:19 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 12:19 . 2012-03-16 12:19 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 12:19 . 2012-03-16 12:19 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 12:19 . 2012-03-16 12:19 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 12:19 . 2012-03-16 12:19 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 12:19 . 2012-03-16 12:19 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 12:19 . 2012-03-16 12:19 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 12:19 . 2012-03-16 12:19 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 12:19 . 2012-03-16 12:19 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 12:19 . 2012-03-16 12:19 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 12:19 . 2012-03-16 12:19 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 12:19 . 2012-03-16 12:19 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 12:19 . 2012-03-16 12:19 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 12:19 . 2012-03-16 12:19 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 12:19 . 2012-03-16 12:19 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 12:19 . 2012-03-16 12:19 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 12:19 . 2012-03-16 12:19 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 12:19 . 2012-03-16 12:19 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 12:19 . 2012-03-16 12:19 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 12:19 . 2012-03-16 12:19 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 12:19 . 2012-03-16 12:19 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 12:19 . 2012-03-16 12:19 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 12:19 . 2012-03-16 12:19 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 12:19 . 2012-03-16 12:19 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 12:19 . 2012-03-16 12:19 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-06 22:32 . 2012-03-06 22:32 1409 ----a-w- c:\windows\QTFont.for
2012-02-23 08:18 . 2010-08-11 12:46 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-13 21:24 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-13 21:24 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-13 21:24 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-13 21:24 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:18 . 2012-03-14 14:50 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-14 14:50 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-14 14:50 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-14 14:50 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-14 14:50 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 14:50 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-14 14:50 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-14 14:50 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-14 14:50 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-14 14:50 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 14:51 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 07:57 . 2012-03-01 18:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-31 07:57 . 2012-03-01 18:46 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-25 06:27 . 2012-03-13 21:23 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-13 21:23 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:20 . 2012-03-13 21:23 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-16_13.20.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-10 12:29 . 2012-04-16 16:17 55988 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-16 15:51 42704 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-09 12:58 . 2012-04-16 16:17 17374 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-380637450-2164552997-1424197416-1000_UserData.bin
- 2012-04-16 11:59 . 2012-04-16 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-16 16:15 . 2012-04-16 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-16 11:59 . 2012-04-16 11:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-16 16:15 . 2012-04-16 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-10 20:01 . 2012-04-16 15:22 440674 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 10:53 . 2012-04-16 15:55 698804 c:\windows\system32\perfh010.dat
- 2009-07-14 10:53 . 2012-04-16 12:04 698804 c:\windows\system32\perfh010.dat
+ 2009-07-14 02:36 . 2012-04-16 15:55 616242 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-16 12:04 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 10:53 . 2012-04-16 15:55 127998 c:\windows\system32\perfc010.dat
- 2009-07-14 10:53 . 2012-04-16 12:04 127998 c:\windows\system32\perfc010.dat
- 2009-07-14 02:36 . 2012-04-16 12:04 106622 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-04-16 15:55 106622 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-16 16:14 520316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-16 11:59 520316 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-19 17:40 . 2012-04-16 16:14 1795696 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380637450-2164552997-1424197416-1000-12288.dat
- 2009-07-14 02:34 . 2012-04-16 12:38 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-04-16 16:04 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
c:\users\Speranza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 135664]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [x]
R3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [x]
R3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-380637450-2164552997-1424197416-1000Core.job
- c:\users\Speranza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 19:30]
.
2012-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-380637450-2164552997-1424197416-1000UA.job
- c:\users\Speranza\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 19:30]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 18:11]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-09 18:11]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-380637450-2164552997-1424197416-1000Core.job
- c:\users\Speranza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 12:14]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-380637450-2164552997-1424197416-1000UA.job
- c:\users\Speranza\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-19 12:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 570680]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 497504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-26 1481568]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-04 711000]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Crawler Search - tbr:iemenu
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Speranza\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7572FBB0-37B6-449C-97C5-BFCAAF0F87C4}: NameServer = 193.70.152.25 212.52.97.25
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
FF - ProfilePath - c:\users\Speranza\AppData\Roaming\Mozilla\Firefox\Profiles\mlozth9w.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?affID=111148
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111148&babsrc=KW_def&mntrId=f299597600000000000070f1a159fce9&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.id - f299597600000000000070f1a159fce9
FF - user.js: extensions.BabylonToolbar_i.hardId - f299597600000000000070f1a159fce9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15428
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:10
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111148
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKLM-Run-Tutorials - c:\program files (x86)\Tuto4pc\tutorials.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-CToolbar_UNINSTALL - c:\progra~2\Crawler\Toolbar\CToolbar.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-16 18:32:33 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-16 16:32
ComboFix2.txt 2012-04-16 13:34
.
Pre-Run: 16.722.333.696 byte disponibili
Post-Run: 16.311.451.648 byte disponibili
.
- - End Of File - - 18C6A5AD06E6E9815F8FE75A6FBD0B8F

FDAC · 16 Aprile 2012

Elimina se ancora presente questa cartella:
c:\program files (x86)\Tuto4pc

Il PC è pulito:
Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
● termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
● scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Esperanza Argentina Fumilla · 16 Aprile 2012

Grazie ancora! Tutto risolto :-)

Come leggere il report di Combofix?

Esperanza Argentina Fumilla

Nuovo Utente

Allegati

FDAC

Utente Attivo

Esperanza Argentina Fumilla

Nuovo Utente

FDAC

Utente Attivo

Esperanza Argentina Fumilla

Nuovo Utente