problema www.searchnu.com/406 AGGIORNAMENTO

Pubblicità
K

kimi09

Utente Attivo
Messaggi
165
Reazioni
4
Punteggio
38
è da un paio di giorni che aprendo explorer e google chrome mi trovo Search come pagina iniziale oltre a pagine di siti che si aprono da sole. ho risolto il problema nelle impostazioni dei due browser ma come faccio ad eliminare definitivamente il/i virus?
ecco hijackthis dopo aver pulito il registro con ccleaner:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:42:56, on 08/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\program files (x86)\real\realplayer\update\realsched.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ezio\Downloads\HijackThis (1).exe
C:\Users\Ezio\Downloads\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Sydrive, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Soda PDF Helper - {5CFCAFF6-5BB0-4864-B626-021C99ED82E5} - C:\Program Files (x86)\Soda PDF\PDFIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O3 - Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O3 - Toolbar: (no name) - !{980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF} - (no file)
O3 - Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{847C8FE0-BEB3-4E22-AA35-2C2357D34390}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{99FE76D5-AC58-4B73-9B5B-AB5D4FF44906}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: DYMO PnP Service (DymoPnpService) - Sanford, L.P. - C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @Keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NeMeSys Service (Nemesys) - Fondazione Ugo Bordoni - C:\Program Files (x86)\Nemesys\dist\Nemesys.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Ezio\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ezio\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soda PDF Helper Service - LULU Software - C:\Program Files (x86)\Soda PDF\HelperService.exe
O23 - Service: Soda PDF Service - LULU Software - C:\Program Files (x86)\Soda PDF\ConversionService.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Ezio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe


--
End of file - 17850 bytes

- - - Updated - - -

questo è il log fatto con Malwarebytes Anti-Malware:
Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download


Versione database: v2012.08.07.09


Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ezio :: EZIO-HP [amministratore]


08/08/2012 00:31:56
mbam-log-2012-08-08 (00-31-56).txt


Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 230667
Tempo impiegato: 4 minuti, 37 secondi


Processi rilevati in memoria: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 1172 -> Verrà eliminato al riavvio.


Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)


Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)


Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)


Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)


Cartelle rilevate: 2
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16 (PUP.Funmoods) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\bh (PUP.Funmoods) -> Spostato in quarantena ed eliminato con successo.


File rilevati: 26
C:\Users\Ezio\Downloads\SoftonicDownloader_per_aptana-studio.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_combofix.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_cpu-z.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_cyberlink-power2go.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_daemon-tools(2).exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_daemon-tools.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_debut-video-capture.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_everest.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_freeware-pdf-unlocker.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_irfanview.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_nero-kwik-burn.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_pc-wizard-2010.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_peazip.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_revo-uninstaller.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_siw.exe (PUP.ToolbarDownloader) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_super.exe (PUP.BundleOffer.Downloader.S) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_utorrent.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_virtual-imageprinter.exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_virtualdub(1).exe (PUP.OfferBundler.ST) -> Nessuna azione intrapresa.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_xilisoft-video-converter-ultimate.exe (PUP.BundleOffer.Downloader.S) -> Nessuna azione intrapresa.
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Verrà eliminato al riavvio.
C:\Users\Ezio\Downloads\Kingsetup.exe (PUP.Casino) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Ezio\Downloads\SoftonicDownloader_for_djvu-viewer-plug-in.exe (PUP.BundleOffer.Downloader.S) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Ezio\Downloads\SoftonicDownloader_per_abbyy-finereader.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\Installer\MSI404A.tmp (HackTool.Hiderun) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx (PUP.Funmoods) -> Spostato in quarantena ed eliminato con successo.


(fine)

- - - Updated - - -

ho fatto prima con Malwarebytes Anti-Malware e poi hijackthis

Credo di aver risolto il problema di searchqu.com con l'antivirus virIT che ha rilevato adwar.win32.searchQUDX.A e lo ha rimosso.
pero continuano ad aprirsi pagine web. ed ecco la stranezza: quando apro ebay mi si apre il sito ww.fnac.com oppure PETITES ANNONCES GRATUITES . VivaStreet le N°1 de l'Annonce Gratuite oppure andando su Speedtest.net - The Global Broadband Speed Test si aprono pagine di telecomitalia oppure pagine di vodafone e infostrada. un altra stranezza e che mi compaiono sul browser predefinito.:boh:
cioè se ho google chrome come browser predefinito e apro ebay su internet explorer si apre la pagina di fnac su google chrome!!! anche se il browser è chiuso!!!:oogle:

posto il report di combofix,eseguito come amministratore e disattivando l'antivirus e il firewall.

ComboFix 12-08-09.01 - Ezio 10/08/2012 12:21:56.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3959.2118 [GMT 2:00]
Eseguito da: c:\users\Ezio\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-10 al 2012-08-10 )))))))))))))))))))))))))))))))))))
.
.
2012-08-10 10:31 . 2012-08-10 10:31 -------- d-----w- c:\users\Mcx1-EZIO-HP\AppData\Local\temp
2012-08-10 10:31 . 2012-08-10 10:31 -------- d-----w- c:\users\Mcx1-EZIO-HP.Ezio-HP\AppData\Local\temp
2012-08-10 10:31 . 2012-08-10 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 17:48 . 2012-08-09 17:48 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-09 17:48 . 2012-08-09 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 17:43 . 2012-08-09 17:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-09 17:43 . 2012-08-09 17:43 -------- d-----w- c:\program files (x86)\Oracle
2012-08-09 17:42 . 2012-08-09 17:42 -------- d-----w- c:\program files (x86)\Java
2012-08-09 17:37 . 2012-08-09 17:39 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-08-09 14:44 . 2012-08-09 15:35 81408 ----a-w- c:\windows\listcmd.bin
2012-08-09 13:48 . 2012-08-10 09:44 85016 ----a-w- c:\windows\SysWow64\drivers\viragtlt.sys
2012-08-09 13:41 . 2012-08-09 13:41 -------- dc-h--w- c:\users\Ezio\AppData\Local\{B093B69F-C05D-4AF7-8F0D-D90FF1FAF546}
2012-08-09 13:41 . 2012-08-10 10:33 -------- d-----w- C:\VEXPLite
2012-08-09 08:59 . 2012-05-29 15:19 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-09 08:59 . 2012-05-29 15:19 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-08-09 08:59 . 2012-05-29 15:19 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-08-09 08:59 . 2012-08-09 08:59 -------- d-----w- c:\users\Ezio\AppData\Roaming\TuneUp Software
2012-08-09 08:59 . 2012-08-09 08:59 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-08-09 08:58 . 2012-08-09 09:00 -------- d-----w- c:\programdata\TuneUp Software
2012-08-09 08:58 . 2012-08-09 08:58 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-08-09 08:58 . 2012-08-09 08:58 -------- d--h--w- c:\programdata\Common Files
2012-08-08 23:40 . 2012-08-10 09:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-08 23:40 . 2012-08-08 23:40 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-07 22:30 . 2012-08-07 22:30 -------- d-----w- c:\users\Ezio\AppData\Roaming\Malwarebytes
2012-08-07 22:29 . 2012-08-07 22:29 -------- d-----w- c:\programdata\Malwarebytes
2012-08-07 22:29 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-07 22:29 . 2012-08-07 22:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-07 21:26 . 2012-08-07 21:26 -------- d-----w- c:\users\Ezio\AppData\Local\VS Revo Group
2012-08-07 21:26 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-08-07 21:26 . 2012-08-07 21:26 -------- d-----w- c:\program files\VS Revo Group
2012-08-06 17:20 . 2012-08-06 17:20 -------- d-----w- c:\users\Ezio\AppData\Local\Ilivid Player
2012-08-06 10:13 . 2012-08-06 10:13 -------- d-----w- c:\users\Ezio\AppData\Local\PowerOffer
2012-08-06 10:13 . 2012-08-06 10:24 -------- d-----w- c:\users\Ezio\AppData\Local\ServUpdater
2012-08-06 10:13 . 2012-08-06 10:23 -------- d-----w- c:\users\Ezio\AppData\Local\PosService
2012-08-05 16:32 . 2012-08-05 16:32 11776 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-08-05 16:31 . 2012-08-05 16:31 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-05 16:31 . 2012-08-05 16:31 150736 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-08-05 16:31 . 2012-08-05 16:31 129176 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-08-04 15:37 . 2012-08-04 15:37 -------- d-----w- c:\users\Ezio\AppData\Roaming\OpenCandy
2012-08-04 15:37 . 2012-08-04 15:37 -------- d-----w- c:\program files (x86)\SIW
2012-08-04 10:53 . 2012-08-06 10:13 -------- d-----w- c:\users\Ezio\AppData\Local\SoftwareUpdater
2012-08-04 10:53 . 2012-08-04 10:53 -------- d-----w- c:\windows\Java
2012-08-04 10:53 . 2012-08-04 10:53 -------- d-----w- c:\program files (x86)\CPUID
2012-08-04 10:53 . 2010-08-22 11:48 114176 ----a-w- c:\windows\SysWow64\PCWizard.cpl
2012-08-02 12:05 . 2012-08-02 12:05 -------- d-----w- c:\program files\CCleaner
2012-07-30 10:07 . 2012-07-30 10:07 -------- d-----w- c:\users\Ezio\AppData\Roaming\Windows Live Writer
2012-07-30 10:07 . 2012-07-30 10:07 -------- d-----w- c:\users\Ezio\AppData\Local\Windows Live Writer
2012-07-22 21:22 . 2012-07-22 21:22 -------- d-----w- c:\users\Ezio\AppData\Roaming\Uniblue
2012-07-22 21:22 . 2012-07-22 21:22 -------- d-----w- c:\program files (x86)\Uniblue
2012-07-16 09:30 . 2012-07-16 09:30 -------- d-----w- c:\users\Ezio\P5JavaClientSettings
2012-07-16 09:28 . 2012-07-05 20:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-12 01:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:02 . 2011-02-18 11:53 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 22:09 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-05 20:06 . 2011-02-02 12:46 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-23 20:28 . 2012-06-23 20:28 29184 ----a-r- c:\users\Ezio\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2012-06-22 22:59 . 2012-06-22 22:59 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-09 05:43 . 2012-07-11 04:02 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 04:03 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 04:03 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 04:03 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 04:03 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 04:03 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 04:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-08 22:57 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-08 22:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:57 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:57 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-08 22:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-08 22:57 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-08 22:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-08 22:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 04:03 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 04:03 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 04:03 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 04:03 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 04:03 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 04:03 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 04:03 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 04:03 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 04:03 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-15 04:01 . 2012-06-13 03:56 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 03:56 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 03:56 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-07_21.48.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-07 21:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-10 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-07 21:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 10:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 10:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 21:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 12:18 . 2012-08-10 09:15 69142 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 09:15 37538 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-02 12:18 . 2012-08-10 10:36 26734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-517953103-3569613119-2013440581-1000_UserData.bin
+ 2010-12-03 03:43 . 2012-08-10 08:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-03 03:43 . 2012-08-07 21:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-03 03:43 . 2012-08-10 08:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-03 03:43 . 2012-08-07 21:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-10 08:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 21:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 11:00 . 2012-08-10 09:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 11:00 . 2012-08-07 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 11:00 . 2012-08-10 09:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 11:00 . 2012-08-07 15:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-02 11:00 . 2012-08-07 15:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 11:00 . 2012-08-10 09:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-02 11:00 . 2012-08-10 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-02 11:00 . 2012-08-07 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-02 11:00 . 2012-08-10 09:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-02 11:00 . 2012-08-07 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 10:55 . 2011-06-06 10:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\wow_helper.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\wow_helper.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\ViewerPS.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\reader_sl.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\PDFPrevHndlr.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\eula.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrotextextractor.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrotextextractor.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acroiehelpershim.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroIEHelper.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\Acrofx32.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-08-10 10:33 . 2012-08-10 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-07 21:44 . 2012-08-07 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 10:33 . 2012-08-10 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-07 21:44 . 2012-08-07 21:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-29 15:07 . 2012-07-29 15:07 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-08-09 17:48 . 2012-08-09 17:48 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
- 2012-04-09 16:30 . 2012-08-06 10:14 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-09 17:48 . 2012-08-09 17:48 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-07-16 09:28 . 2012-07-05 20:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-08-09 17:42 . 2012-07-05 20:06 227760 c:\windows\SysWOW64\javaws.exe
- 2012-07-16 09:27 . 2012-07-16 09:27 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-08-09 17:42 . 2012-08-09 17:42 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-08-09 17:42 . 2012-08-09 17:42 174064 c:\windows\SysWOW64\java.exe
- 2012-07-16 09:27 . 2012-07-16 09:27 174064 c:\windows\SysWOW64\java.exe
- 2012-07-29 15:07 . 2012-07-29 15:07 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2012-08-09 17:48 . 2012-08-09 17:48 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:12 . 2012-08-09 08:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-08-02 12:44 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-05-11 01:47 . 2012-08-08 16:16 691816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-11 01:47 . 2012-08-03 12:20 691816 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-10 10:32 321248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-07 21:43 321248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 13:41 . 2012-08-09 13:41 348160 c:\windows\Installer\d5c9ed.msi
+ 2012-08-09 17:43 . 2012-08-09 17:43 179200 c:\windows\Installer\c6f112.msi
+ 2012-08-09 17:42 . 2012-08-09 17:42 461824 c:\windows\Installer\c6f10b.msi
- 2011-06-06 11:55 . 2011-06-06 11:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\sqlite.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\pdfshell.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\nppdf32.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRdIF.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRdIF.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroPDF.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\acrobroker.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\a3dutils.dll
- 2012-07-29 15:07 . 2012-07-29 15:07 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-08-09 17:48 . 2012-08-09 17:48 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
- 2012-07-29 15:07 . 2012-07-29 15:07 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2012-08-09 17:48 . 2012-08-09 17:48 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2011-02-02 12:13 . 2012-08-07 21:43 4870192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-517953103-3569613119-2013440581-1000-8192.dat
+ 2011-02-02 12:13 . 2012-08-10 10:32 4870192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-517953103-3569613119-2013440581-1000-8192.dat
+ 2011-06-06 20:53 . 2011-06-06 20:53 2331648 c:\windows\Installer\e49b9d.msi
+ 2012-08-09 08:58 . 2012-08-09 08:58 2535424 c:\windows\Installer\139dab.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\rt3d.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\rt3d.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\authplay.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.exe
- 2011-06-06 11:55 . 2011-06-06 11:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-08-09 17:48 . 2012-08-09 17:48 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
- 2012-07-29 15:07 . 2012-07-29 15:07 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2012-08-09 17:42 . 2012-08-09 17:42 17379840 c:\windows\Installer\c6f107.msi
+ 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\335e8.msp
+ 2012-08-09 08:58 . 2012-08-09 08:58 24055808 c:\windows\Installer\139daf.msi
+ 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.dll
- 2011-06-06 11:55 . 2011-06-06 11:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA70401B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2012-07-08 68504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2012-08-10 331776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\Ezio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-18 1040952]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"PDF Complete"=c:\program files (x86)\PDF Complete\pdfsty.exe
.
2;2 ServUpdater;Serv Updater [x]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2010-10-13 1244224]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys [2010-03-25 46776]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys [2010-03-25 45752]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-01-28 32336]
R4 Nemesys;NeMeSys Service;c:\program files (x86)\Nemesys\dist\Nemesys.exe [2011-11-30 90112]
R4 Soda PDF Helper Service;Soda PDF Helper Service;c:\program files (x86)\Soda PDF\HelperService.exe [2011-09-20 829272]
R4 Soda PDF Service;Soda PDF Service;c:\program files (x86)\Soda PDF\ConversionService.exe [2011-09-20 903512]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 54848]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2006-07-24 52664]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120804.001\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120809.001\IDSvia64.sys [2012-06-14 509088]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2010-07-22 814344]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-17 203264]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 PowerOffer Service;Pos Service;c:\users\Ezio\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SoftwareUpd;Software Upd;c:\users\Ezio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]
S2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-17 6853632]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-17 263680]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517953103-3569613119-2013440581-1000Core.job
- c:\users\Ezio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 10:22]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517953103-3569613119-2013440581-1000UA.job
- c:\users\Ezio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-07 10:22]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForEZIO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-07-05 c:\windows\Tasks\HPCeeScheduleForEzio.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-08-10 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2012-07-22 05:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{847C8FE0-BEB3-4E22-AA35-2C2357D34390}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{99FE76D5-AC58-4B73-9B5B-AB5D4FF44906}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Ezio\AppData\Roaming\Mozilla\Firefox\Profiles\wxoimax0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=vmn&type=vmn-toolbarcleaner-1_1-ya-bs-rp&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Toolbar-!{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-517953103-3569613119-2013440581-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-517953103-3569613119-2013440581-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\users\Ezio\AppData\Local\ServUpdater\ServiceUpd.exe
c:\vexplite\viritsvc.exe
c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
.
**************************************************************************
.
Ora fine scansione: 2012-08-10 12:50:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-08-10 10:50
ComboFix2.txt 2012-08-07 21:53
.
Pre-Run: 22.257.348.608 byte disponibili
Post-Run: 22.229.221.376 byte disponibili
.
- - End Of File - - 3765F35DDEE31A35858DBB2218E869D9
 
Ultima modifica:
Fai una scansione con malwarebites antimalware e installa winpatrol BillP Studios - WinPatrol 2012 un cagnolino virtuale che ti avvisa se qualche malware esegue azioni sospette come appunto cambiare la homepage, mentre se vuoi un software più completo c'è threat fire che è però pesante, inoltre come browser utilizza google chrome o firefox che sono molto più sicuri del browser casa microsoft
 
@ferencs90

Hai un pò di cacca... tipo gli O17... ma anche in R1, anche O2 e O3...
E file missing... Prima fai una pulizia con CCleaner del registro e dei file temporanei.
Poi fai di nuovo HiJAckThis.
Comunque se non usi programmi tipo TeamViewer o per accedere e comunicare con il PC da remoto... fai fuori gli O17...
Aggiungo, hai un sacco di toolbar per internet... e usi tutte?
Bing... Vuze... di tutto... fanne fuori qualcuna, consiglio...
 
ciao come detto da incolto fai una scansione con malwarebytes ed elimina tutto. poi kaspesrky tds killer per eliminare rookit.
poi fai cosi
da prompt dei comandi :msconfig deseleziona tutti gli elementi avvio tranne antivirus
inoltre nei servizi nascondi tutti i servizi microsoft e deseleziona tutto tranne l'antivirus.
poi riavvia e posta un log di hijachthis nuovamente! ciao
 
Grazie per le risposte.
per Informaticage: ho rifatto la scansione con malwarebites antimalware e non mi ha rilevato nulla. ho meso i risultati della prima scanzione e mi ha rilevato un paio di malware.

per incolto: le toolbar non le uso le ho eliminate con toolbar cleaner,ora non uso programmi per accedere da remoto, ma se elimino gli O17 e poi mi servisse accedere da remoto al pc posso sempre farlo?

per ferencs: kaspesrky tds killer non mi ha rilevato nulla, poi postero il log di hijachthis.
 
ecco il log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:33:51, on 11/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\VEXPLite\MONLITE.EXE
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Ezio\Downloads\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Skype, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&userid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Soda PDF Helper - {5CFCAFF6-5BB0-4864-B626-021C99ED82E5} - C:\Program Files (x86)\Soda PDF\PDFIEHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
O3 - Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O3 - Toolbar: (no name) - !{980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF} - (no file)
O3 - Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\Program Files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" -d 20000
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: exefile -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{847C8FE0-BEB3-4E22-AA35-2C2357D34390}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{99FE76D5-AC58-4B73-9B5B-AB5D4FF44906}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @Keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Ezio\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ezio\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Ezio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas TG Soft Official Website - AntiVirus - AntiSpyware - AntiMalware - Personal Firewall - C:\VEXPLite\viritsvc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNDA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe


--
End of file - 16574 bytes
 
Ma... hai fatto CCLeaner per pulire il registro?

Comunque, se tu non hai impostato niente di niente di indirizzi IP...
Fai fix su questi

O17 - HKLM\System\CCS\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{847C8FE0-BEB3-4E22-AA35-2C2357D34390}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{99FE76D5-AC58-4B73-9B5B-AB5D4FF44906}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{5FF9DDEC-73D1-4CD4-A850-5905EAA9CCAC}: NameServer = 176.31.229.24,176.31.229.25

Sono indirizzi francesi.

Fixa anche questi
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: (no name) - !{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - !{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O3 - Toolbar: (no name) - !{980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF} - (no file)
O3 - Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)


Poi ci sono anche gli O16 che non mi piacciono, ma per ora li lasciamo così. Hai fatto pulizia con CCleaner? Scusa se insisto, ma ci sono troppi file missing...
Fai sia la pulizia del registro che la pulizia normale, leggi le caselle spuntate prima di dargli l'ok (questo per la pulizia del PC, che ne so... se cancellare o no il cestino... queste cose qua... ;) )
 
ho levato quei elementi e poi ho fatto la pulizia del registro con ccleaner. riavvio, rifaccio con hijackthis e mi ricompaiono. ma ogni volta che lo avvio mi compare questo:
29zxa87.jpg
 
capito... capitato proprio oggi con un Pc che stavo sistemando.
Dovresti avviare l'applicazione come amministratore.
Puoi fare in due modi:

click dx sull'icona e metti esegui come amministratore / run as administrator
Se non ti appare questa possibilità (come capitato a me), devi andare nella cartella del programma:
c:\ -> programmi -> trendmiro -> hijackthis e fai come sopra: tasto destro e run as administrator (ti dovrebbe comparire ora).
Se ti dice che è già avviato, apri task manager,vai sulla finestrella processi, cerca HiJackThis (metti in ordine per nome;) ) lo selezioni e metti termina processo.

Poi lo fai ripartire, sempre come amministratore.
 
Per quanto riguarda search devi fixare questi:

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&use rid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=IT&use rid=c8f74f86-0faf-4392-bdad-09d356e85208&affid=111583&searchtype=ds&babsrc=lnk ry&q={searchTerms}

Li lascia purein modalità provvisoria... strano...
forse ci vorrebbe combofix.... che non so usare però....
COmunque con MalwareBytes non hai risolto nel senso che non ha trovato...
Prova un altro antivirus: Hitman pro ... Downloads - SurfRight
E' un buon antivirus... vedi cosa trova.
Prima però devi fare Anti-rootkit utility TDSSKiller

vediamo cosa dice @ferencs90

- - - Updated - - -

aggiungo, fixa:

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Ezio\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ezio\AppData\Local\ServUpdater\ServiceUpd .exe

come ha suggerito ferencs.
Ho fatto un pò di ricerche e pare che pos.exe sia un possibile virus.
In realtà dovrebbe essere un servizio di windows che però può beccare virus.
Ti basta fare una ricerca su internet al proposito scrivendo su google:
"pos.exe"
oppure
"virus pos.exe" o simili... ad esempio ho trovato questo

http://www.manuali.it/forum/informatica-ed-internet-virus/hijackthis-modmain-startscan-error-5-t24347.html

Al limite prima di fixare legg un pò su internet e fai un backup prima delle modifiche. Se ricordo bene hijackThis te lo chiede se lo vuoi fare, in modo tale da poter ripristinare se si vuole.
 
l'anti rootkit non mi ha rilevato nulla. mentre invece hitman pro mi ha rilevato un bel po di roba. posto il log:
Codice: 
HitmanPro 3.6.1.164
www.hitmanpro.com


   Computer name . . . . : EZIO-HP
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Ezio-HP\Ezio
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free


   Scan date . . . . . . : 2012-08-13 14:43:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 8m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No


   Threats . . . . . . . : 11
   Traces  . . . . . . . : 126


   Objects scanned . . . : 1.825.629
   Files scanned . . . . : 69.312
   Remnants scanned  . . : 592.014 files / 1.164.303 keys


Malware _____________________________________________________________________


   C:\Users\Ezio\AppData\Local\PosService\Pos.exe
      Size . . . . . . . : 169.472 bytes
      Age  . . . . . . . : 7.1 days (2012-08-06 12:13:11)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : D4159EE9F85D373C0D583BB22EF6A814600137F6FAE2DA4A76A8A828487CE824
      Product  . . . . . : PowerOfferService
      Publisher  . . . . : PowerOfferService
      Description  . . . : PowerOfferService
      Version  . . . . . : 1.0
      Copyright  . . . . : Copyright © PowerOfferService 2011
      Service  . . . . . : PowerOffer Service
    > Ikarus . . . . . . : Backdoor.MSIL!IK
      Fuzzy  . . . . . . : 106.0
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\PowerOffer Service\


   C:\Users\Ezio\Desktop\Desktop 2\Nuova cartella (2)\Portable_MS Office Enterprise 2007 ITA new 7 prog by xelion21\Microsoft Office Document Imaging.exe
      Size . . . . . . . : 17.758 bytes
      Age  . . . . . . . : 376.7 days (2011-08-02 22:00:08)
      Entropy  . . . . . : 4.4
      SHA-256  . . . . . : C0721C1A3712C5428FB88B6E8A2EF8513D33FED3BFE77FDA71AD919E06BC87E8
      Product  . . . . . : 2007 Microsoft Office system
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Microsoft Office Document Imaging
      Version  . . . . . : 12.0.4518.1014
      Copyright  . . . . : © 2006 Microsoft Corporation.  All rights reserved.
    > Ikarus . . . . . . : Trojan.Backdoor.SuspectCRC!IK
      Fuzzy  . . . . . . : 100.0


   C:\Users\Ezio\Desktop\Desktop 2\Nuova cartella (2)\Portable_MS Office Enterprise 2007 ITA new 7 prog by xelion21\Microsoft Office Document Scanning.exe
      Size . . . . . . . : 14.620 bytes
      Age  . . . . . . . : 376.7 days (2011-08-02 22:00:08)
      Entropy  . . . . . : 4.6
      SHA-256  . . . . . : 1575ADC34DF24DED647F5BBF6C32F0C2B580D1AB67BEAA569AF627F0F528A71C
      Product  . . . . . : 2007 Microsoft Office system
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Microsoft® Office Document Scanning DCOM Component
      Version  . . . . . : 12.0.4518.1014
      Copyright  . . . . : © 2006 Microsoft Corporation.  All rights reserved.
    > Ikarus . . . . . . : Trojan.Backdoor.SuspectCRC!IK
      Fuzzy  . . . . . . : 100.0


   C:\Users\Ezio\Downloads\iLividSetupV1 (3).exe
      Size . . . . . . . : 823.648 bytes
      Age  . . . . . . . : 6.8 days (2012-08-06 19:16:40)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 2A8FA702A1883DB27F3D363C83ABFB58B2C6CE52F0E1F27CD4773F902F5C690F
      Product  . . . . . : iLivid
      Publisher  . . . . : Bandoo Media Inc
      Description  . . . : iLivid Install
      Version  . . . . . : 1.92
      Copyright  . . . . : Copyright (c) 2011
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 103.0


   C:\Users\Ezio\Downloads\iLividSetupV1 (4).exe
      Size . . . . . . . : 823.648 bytes
      Age  . . . . . . . : 6.8 days (2012-08-06 19:16:59)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 2A8FA702A1883DB27F3D363C83ABFB58B2C6CE52F0E1F27CD4773F902F5C690F
      Product  . . . . . : iLivid
      Publisher  . . . . : Bandoo Media Inc
      Description  . . . : iLivid Install
      Version  . . . . . : 1.92
      Copyright  . . . . : Copyright (c) 2011
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 103.0


   C:\Users\Ezio\Downloads\installer_pdf_unlocker_for_windows_7_Italian.exe
      Size . . . . . . . : 5.332.704 bytes
      Age  . . . . . . . : 432.1 days (2011-06-08 12:17:53)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : C8CE809B64D54D16722C385D536E5CD96B70EAD8368CD4735B28C5EA6A2414A6
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 102.0


   C:\Users\Ezio\Downloads\installer_roxio_easy_media_creator.exe
      Size . . . . . . . : 2.519.712 bytes
      Age  . . . . . . . : 302.1 days (2011-10-16 13:09:01)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 45EF1C135A1CD90F0229F5928497F506B31518FA28CEC1B2DDA37ED3058DDAC1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 103.0


   C:\Users\Ezio\Downloads\SweetImSetup (2).exe
      Size . . . . . . . : 459.568 bytes
      Age  . . . . . . . : 304.1 days (2011-10-14 11:32:29)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7F5E1A43718CA35ED7D9AF42008510DBDEF44F0C871FDF23EDA4238BAA3F43CD
      Product  . . . . . : SweetIM Installer
      Publisher  . . . . : SweetIM Technologies, Ltd.
      Description  . . . : SweetIM Installer
      Version  . . . . . : 1.0.0.4
      Copyright  . . . . : Copyright © 2010
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 101.0


   C:\Users\Ezio\Downloads\SweetImSetup (3).exe
      Size . . . . . . . : 459.568 bytes
      Age  . . . . . . . : 304.1 days (2011-10-14 11:32:54)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 7F5E1A43718CA35ED7D9AF42008510DBDEF44F0C871FDF23EDA4238BAA3F43CD
      Product  . . . . . : SweetIM Installer
      Publisher  . . . . : SweetIM Technologies, Ltd.
      Description  . . . : SweetIM Installer
      Version  . . . . . : 1.0.0.4
      Copyright  . . . . : Copyright © 2010
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > DrWeb  . . . . . . : Infected
      Fuzzy  . . . . . . : 101.0




Suspicious files ____________________________________________________________


   C:\VEXPLite\viritsvc.exe 
      Size . . . . . . . : 86.016 bytes
      Age  . . . . . . . : 4.0 days (2012-08-09 15:47:47)
      Entropy  . . . . . : 5.2
      SHA-256  . . . . . : 6CA42CEAC9A7D34D85DE040358D22F80DAF96871C6621330A5DC3D425D1CFE8A
      Product  . . . . . : TG Soft viritsvc
      Publisher  . . . . : TG Soft Sas   www.tgsoft.it
      Description  . . . : VirIT eXplorer Service
      Version  . . . . . : 1.10.0.0
      Copyright  . . . . : Copyright © 2006, 2012
      Service  . . . . . : viritsvclite
      Fuzzy  . . . . . . : 28.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\viritsvclite\
e a quanto pare c'è il pos.exe
li cancello o li metto in quarantena?

gli R1 sono cancellati mentre mi ricompare:
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ezio\AppData\Local\ServUpdater\ServiceUpd .exe
lo elimino direttamente?
 
Pubblicità
Pubblicità
Indietro
Top