Ciao, credo di avere il pc infetto, non riesco a installare programmi e ci sono pagine internet che si aprono da sole. Ho fatto una scansione con combofix e con haijack this. Mi potreste dire cos'altro devo fare?
Grazie
[/CODE]
Grazie
Codice:
ComboFix 14-04-20.01 - Francesca 21/04/2014 17:55:58.4.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4063.2505 [GMT 2:00]
Eseguito da: d:\users\Francesca\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0\6
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\background.html
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\chromeCoreFilesIndex.txt
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\crossriderManifest.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\manifest.xml
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\1.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\102.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\103.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\104.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\119.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\123.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\124.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\13.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\14.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\155.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\17.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\177.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\178.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\179.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\180.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\182.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\183.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\184.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\189.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\19.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\190.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\191.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\194.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\195.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\198.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\199.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\207.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\21.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\213.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\22.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\220.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\221.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\223.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\226.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\232.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\236.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\244.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\246.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\28.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\4.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\47.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\64.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\7.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\72.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\78.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\79.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\80.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\9.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\91.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\93.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\plugins\97.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\userCode\background.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\extensionData\userCode\extension.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\icons\actions\1.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\icons\icon128.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\icons\icon16.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\icons\icon48.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\chrome.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\cookie.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\message.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\monitor.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\pageAction.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\api\pageActionBG.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\background.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\app_api.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\bg_app_api.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\consts.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\cookie_store.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\crossriderAPI.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\delegate.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\events.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\extensionDataStore.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\installer.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\logFile.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\logging.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\onBGDocumentLoad.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\popupResource\newPopup.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\popupResource\popup.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\reports.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\storageWrapper.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\updateManager.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\util.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\lib\xhr.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\main.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\js\platformVersion.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\manifest.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.114_0\popup.html
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\000109.ldb
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\000115.log
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\CURRENT
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\LOCK
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\LOG
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\LOG.old
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\MANIFEST-000113
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0.localstorage-journal
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0.localstorage
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Francesca\AppData\Roaming\OfferBox
c:\users\Francesca\AppData\Roaming\OfferBox\config.xml
c:\users\Francesca\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\Francesca\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\Francesca\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\Francesca\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\Francesca\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\windows\IsUn0410.exe
c:\windows\SysWow64\asr3232.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2014-03-21 al 2014-04-21 )))))))))))))))))))))))))))))))))))
.
.
2014-04-21 15:37 . 2014-04-21 15:37 -------- d-sh--w- c:\users\Francesca\AppData\Local\EmieUserList
2014-04-21 15:37 . 2014-04-21 15:37 -------- d-sh--w- c:\users\Francesca\AppData\Local\EmieSiteList
2014-04-21 15:16 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E423EE10-E637-4735-ACC3-B3772088B13A}\mpengine.dll
2014-04-10 14:28 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-10 16:45 . 2012-01-18 06:27 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2012-01-18 05:58 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-10 14:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-03 12:12 . 2014-03-03 12:12 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-03-03 12:12 . 2014-03-03 12:12 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-03-03 12:12 . 2014-03-03 12:12 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-03-03 12:12 . 2014-03-03 12:12 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-03-03 12:12 . 2014-03-03 12:12 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-03-03 12:12 . 2014-03-03 12:12 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-03-03 12:12 . 2014-03-03 12:12 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-03-03 12:12 . 2014-03-03 12:12 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-03-03 12:12 . 2014-03-03 12:12 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-03-03 12:12 . 2014-03-03 12:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-03-03 12:12 . 2014-03-03 12:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-03-03 12:12 . 2014-03-03 12:12 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-03-03 12:12 . 2014-03-03 12:12 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-03-03 12:12 . 2014-03-03 12:12 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-03-03 12:12 . 2014-03-03 12:12 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-03-03 12:12 . 2014-03-03 12:12 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-03-03 12:12 . 2014-03-03 12:12 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-03-03 12:12 . 2014-03-03 12:12 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-03-03 12:12 . 2014-03-03 12:12 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-03-03 12:12 . 2014-03-03 12:12 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-03-03 12:12 . 2014-03-03 12:12 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-03-03 12:12 . 2014-03-03 12:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-03-03 12:12 . 2014-03-03 12:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-03-03 12:12 . 2014-03-03 12:12 247808 ----a-w- c:\windows\system32\msls31.dll
2014-03-03 12:12 . 2014-03-03 12:12 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-03-03 12:12 . 2014-03-03 12:12 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-03-03 12:12 . 2014-03-03 12:12 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-03-03 12:12 . 2014-03-03 12:12 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-03-03 12:12 . 2014-03-03 12:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-03-03 12:12 . 2014-03-03 12:12 81408 ----a-w- c:\windows\system32\icardie.dll
2014-03-03 12:12 . 2014-03-03 12:12 774144 ----a-w- c:\windows\system32\jscript.dll
2014-03-03 12:12 . 2014-03-03 12:12 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-03-03 12:12 . 2014-03-03 12:12 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-03-03 12:12 . 2014-03-03 12:12 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-03-03 12:12 . 2014-03-03 12:12 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-03-03 12:12 . 2014-03-03 12:12 413696 ----a-w- c:\windows\system32\html.iec
2014-03-03 12:12 . 2014-03-03 12:12 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-03 12:12 . 2014-03-03 12:12 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-03-03 12:12 . 2014-03-03 12:12 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-03-03 12:12 . 2014-03-03 12:12 235520 ----a-w- c:\windows\system32\url.dll
2014-03-03 12:12 . 2014-03-03 12:12 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-03-03 12:12 . 2014-03-03 12:12 147968 ----a-w- c:\windows\system32\occache.dll
2014-03-03 12:12 . 2014-03-03 12:12 143872 ----a-w- c:\windows\system32\wextract.exe
2014-03-03 12:12 . 2014-03-03 12:12 13824 ----a-w- c:\windows\system32\mshta.exe
2014-03-03 12:12 . 2014-03-03 12:12 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-03-03 12:12 . 2014-03-03 12:12 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-03-03 12:12 . 2014-03-03 12:12 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-07 01:23 . 2014-03-14 15:12 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-14 15:08 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 15:08 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 15:08 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 15:08 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-14 15:12 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-14 15:12 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-14 15:12 228864 ----a-w- c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411591118}]
2013-12-14 12:41 641896 ----a-w- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 911040]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Francesca\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys;c:\windows\SYSNATIVE\DRIVERS\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 09:47]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 09:47]
.
2014-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386625674-3826157362-4037655265-1000Core.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 05:46]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386625674-3826157362-4037655265-1000UA.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 05:46]
.
2014-04-21 c:\windows\Tasks\Plus-HD-4.9-chromeinstaller.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-chromeinstaller.exe [2013-12-14 12:41]
.
2014-04-21 c:\windows\Tasks\Plus-HD-4.9-codedownloader.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe [2013-12-14 12:41]
.
2014-04-21 c:\windows\Tasks\Plus-HD-4.9-enabler.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-enabler.exe [2013-12-14 12:41]
.
2014-04-21 c:\windows\Tasks\Plus-HD-4.9-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-firefoxinstaller.exe [2013-12-14 12:41]
.
2014-04-21 c:\windows\Tasks\Plus-HD-4.9-updater.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe [2013-12-14 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-14 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"tworcgmrrv"="wscript.exe" [2013-10-12 168960]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Wow6432Node-HKLM-Run-YouCam Service - c:\program files (x86)\CyberLink\YouCam\YouCamService.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=97929]DenieD[/MENTION]: (Full) (Everyone)
.
Ora fine scansione: 2014-04-21 18:05:18
ComboFix-quarantined-files.txt 2014-04-21 16:05
.
Pre-Run: 44.972.834.816 byte disponibili
Post-Run: 44.897.570.816 byte disponibili
.
- - End Of File - - 00A054F1A33DB37F90AE8BA6F0B3F298
A36C5E4F47E84449FF07ED3517B43A31
ho fatto una scansione anche con haijack this [CODE]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:27, on 31/01/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB2B425E-E37D-4CE2-A9D0-38007CCDF734}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC6FD51C-972C-4F81-8BFF-86A40C82BF4D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: [MENTION=102397]Key[/MENTION]iso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8385 bytes[/CODE]
