RISOLTO Rallentamento connessione e Sirefef

Pubblicità
S

Spliffer85

Nuovo Utente
Messaggi
9
Reazioni
0
Punteggio
24
Ciao a tutti ho un sacco di virus che non riesco a cancellare... con eset li trova ma non riesce a cancellarli. Un esempio di questi virus è il client yontoo che si è installato in "programmi e funzionalità" come un vero programma ma non riesco a disinstallarlo. Adesso vi posto il mio log di hijackthis con la speranza che mi aiutiate a fixare le voci maligne. Mi si è rallentata una cifra la connessione e se entro in facebook mi dice che è un sito non sicuro! Ragazzi sono veramente al limite del rallentamento fra un po' mi si blocca il pc... Il log di hijackthis è questo, aiutatemi vi prego:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:46:56, on 17/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal


Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Hotspot Shield\bin\fbwmgr.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hotspot Shield\bin\fbw.exe
C:\Program Files\Hotspot Shield\bin\fbw.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: Hotmail, Messenger, Skype, Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Italia: Hotmail, Messenger, Skype, Windows Live
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~2\BROWER~1\ASCPLU~1.DLL
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - mscoree.dll (file missing)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - (no file)
O3 - Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [chromium] C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - Startup: runjar.bat
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: @C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll,-4 - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O9 - Extra 'Tools' menuitem: Freemake Video Downloader - {FC0EA236-1C31-418e-BFCE-A76DDB7F1362} - C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\IE\IEPluginDownloader.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D4DC9C0-8293-4361-9ABD-8D84A7E08839}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{A92FEAAA-73F8-4103-94DF-8D4C4B615CF5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6AB5E9E-5612-4E06-B795-6DF5B5FD5A15}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll,C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll,
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe


--
End of file - 12582 bytes

Quali voci devo fixare?
 
Ciao Spliffer85

qui trove le indicazioni per utilizzare OTL:
seguile e posta i due report
OTL.txt
Extras.txt
in allegato.
 
Hai saltato tutte le indicazioni:
● mettere la spunta su Scan All users
● sotto output selezionare Minimal output
● Sotto File Age selezionare 60 days (60 giorni fa ad oggi , più che sufficienti , per rilevare varie modifiche)
● Sotto Extra Registry spuntare Use SafeList
● Spuntare sia LOP CHECK e sia PURITY CHECK.
● premere su RUN SCAN (prima di effettuare la scansione , chiudere tutti i programmi aperti)
Clicca per espandere...
Ripeti la scansione come descritto e posta i report.
 
per favore cancellatemi dal pc anche tutte le toolbar che non siano di google. Sicuramente sono stato infettato da qualche virus-troyan.

Vi posto in allegato i nuovi txt con le modifiche da voi richieste (OTL e EXTRAS).

Fatemi sapere,
Fabrizio
 

Allegati

Apri OTL
copia-incolla queste righe
sotto "custom scans/fixes"
Codice: 
[FONT=courier new]:OTL
SRV - (SoftwareUpd) -- C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (ServUpdater) -- C:\Users\Utente\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
PRC - C:\Programmi\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
[/FONT][FONT=courier new]IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://search.findeer.com"]Search[/URL][/FONT]
[FONT=courier new]IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://search.findeer.com"]Search[/URL][/FONT]
[FONT=courier new]IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://search.findeer.com"]Search[/URL][/FONT]
[FONT=courier new]IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [URL="http://search.findeer.com"]Search[/URL]
[/FONT][FONT=courier new]FF - prefs.js..browser.search.defaultenginename: "Search Results"[/FONT]
[FONT=courier new]FF - prefs.js..browser.search.order.1: "Search Results"[/FONT]
[FONT=courier new]FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749"[/FONT]
[FONT=courier new]FF - prefs.js..browser.search.selectedEngine: "Search Results"[/FONT]
[FONT=courier new]FF - prefs.js..browser.startup.homepage: "http://search.lphant.com"[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: @FissaPlugin:1.0[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: [EMAIL="iobit@mybrowserbar.com"]iobit@mybrowserbar.com[/EMAIL]:6.5[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: [EMAIL="wtxpcom@mybrowserbar.com"]wtxpcom@mybrowserbar.com[/EMAIL]:6.5[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: [EMAIL="ascsurfingprotection@iobit.com"]ascsurfingprotection@iobit.com[/EMAIL]:1.0[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: [EMAIL="afurladvisor@anchorfree.com"]afurladvisor@anchorfree.com[/EMAIL]:1.0[/FONT]
[FONT=courier new]FF - prefs.js..extensions.enabledAddons: [EMAIL="plugin@yontoo.com"]plugin@yontoo.com[/EMAIL]:1.20.02[/FONT]
[FONT=courier new]FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=157&systemid=4&apn_dtid=IME004&apn_ptnrs=AG3&apn_uid=2083104503114133&o=APN10642&q="
O4 - Startup: C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runjar.bat ()
[/FONT][FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8[/FONT]
[FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15D1D8B8-E07C-43F0-9A6C-E830D6D107A6}: DhcpNameServer = 8.8.8.8[/FONT]
[FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D4DC9C0-8293-4361-9ABD-8D84A7E08839}: NameServer = 8.8.8.8,8.8.4.4[/FONT]
[FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A92FEAAA-73F8-4103-94DF-8D4C4B615CF5}: NameServer = 8.8.8.8,8.8.4.4[/FONT]
[FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6AB5E9E-5612-4E06-B795-6DF5B5FD5A15}: NameServer = 8.8.8.8,8.8.4.4[/FONT]
[FONT=courier new]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4[/FONT]
[FONT=courier new]@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4[/FONT]
[FONT=courier new]
[/FONT]
[FONT=courier new]:Files
C:\Windows\$NtUninstallKB21055$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KY9QQNA4\t.cxt.ms\lso.swf\u.sol
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CLEARALLRESTOREPOINT]
[REBOOT]
[/FONT]

Clicca
2eejtxj.jpg

Attendi le operazioni senza interferire
posta il report che ti appare dopo il riavvio del pc.

2)Utilizza adwcleaner direttamente con il tasto "Elimina"
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
conferma con OK sul messaggio illustrativo
dopo il riavvio del pc posta il report insieme a quell'altro.
 
Adesso eset ha appena bloccato una connessione di un trojan Win32, il report dopo il riavvio è questo:

All processes killed
========== OTL ==========
Service SoftwareUpd stopped successfully!
Service SoftwareUpd deleted successfully!
C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
Service ServUpdater stopped successfully!
Service ServUpdater deleted successfully!
C:\Users\Utente\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully.
Process ApplicationUpdater.exe killed successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&ilc=12&type=685749" removed from browser.search.param.yahoo-fr
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "http://search.lphant.com" removed from browser.startup.homepage
Prefs.js: @FissaPlugin:1.0 removed from extensions.enabledAddons
Prefs.js: iobit@mybrowserbar.com:6.5 removed from extensions.enabledAddons
Prefs.js: wtxpcom@mybrowserbar.com:6.5 removed from extensions.enabledAddons
Prefs.js: ascsurfingprotection@iobit.com:1.0 removed from extensions.enabledAddons
Prefs.js: afurladvisor@anchorfree.com:1.0 removed from extensions.enabledAddons
Prefs.js: plugin@yontoo.com:1.20.02 removed from extensions.enabledAddons
Prefs.js: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=157&systemid=4&apn_dtid=IME004&apn_ptnrs=AG3&apn_uid=2083104503114133&o=APN10642&q=" removed from keyword.URL
C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runjar.bat moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15D1D8B8-E07C-43F0-9A6C-E830D6D107A6}\\DhcpNameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5D4DC9C0-8293-4361-9ABD-8D84A7E08839}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A92FEAAA-73F8-4103-94DF-8D4C4B615CF5}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C6AB5E9E-5612-4E06-B795-6DF5B5FD5A15}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}\\NameServer| /E : value set successfully!
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
C:\Windows\$NtUninstallKB21055$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KY9QQNA4\t.cxt.ms\lso.swf\u.sol moved successfully.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Utente\Downloads\cmd.bat deleted successfully.
C:\Users\Utente\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Public

User: Utente
->Temp folder emptied: 81657125 bytes
->Temporary Internet Files folder emptied: 20731182 bytes
->Java cache emptied: 1854921 bytes
->FireFox cache emptied: 72216734 bytes
->Google Chrome cache emptied: 366750843 bytes
->Flash cache emptied: 782 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1461057 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17524948 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 951244339 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.444,00 mb


[EMPTYFLASH]

User: All Users

User: Classic .NET AppPool
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Public

User: Utente
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[CLEARALLRESTOREPOINT]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03172013_193426


Files\Folders moved on Reboot...
C:\Users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AdDisplayTrackerServlet[7].htm moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\adsAdClient31[2].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA070FHR.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA13Y9Z2.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA6AX9G1.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA817LWS.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA8VFR2B.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCA9M8MHD.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCAA0VUB4.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCABL8G4R.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCACB0R42.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCADAP99F.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCAL8AIEM.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCAWB7AS4.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afrCAY854E3.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCA0EOVQ1.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCA1CTISF.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCA38RTNG.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCA5YR4MA.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAK4OZXE.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAKO2L7Q.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAKVLFKS.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAMAKEY5.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAMMM7TG.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\anchorfree_netCAUI3X5F.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\app[2].js not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\beaconCAH3KNBN.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\collapseExpand[1].js not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\content[1].css moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\controller[1].js not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\core068CACXN2UD.js moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cu=13800__camp=33390__no=51153__kw=link1-51153__uuid=4ae37c54-8f33-11e2-a05e-0025907ff219__EASLink=1;sz=728x90;ord=8945700274[1].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cu=13802__camp=33391__no=51154__kw=link1-51154__uuid=595d7154-8f33-11e2-ac75-0025907ff215__EASLink=1;sz=728x90;ord=2587755737[1].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c[1].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\doubleclickCA6YDG68.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\doubleclickCAQJG8N6.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\easCA0JGLQF.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\easCAJLP76Z.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\easCAP1UU0M.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\easCAQW4NGM.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCA3Q8KKF.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCA4CX6N4.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCA8IO7QX.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCA9XMR3N.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCAGR8XVN.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCAKKZ4LI.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCALC9YRG.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCARNM1VM.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\emilyCAV4N9T7.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\finish_quantum_bright_ligths30_03342_us_linear_480x360_h264[1].mp4 not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fw-nonplayer-bannerCAAPPEB1.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\how-apply-bank-loan[1].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ifCADYG1RK.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ifCAPB9PRD.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ifCATYEUO8.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ifCAX1WYFY.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\jquery-ui.minCAFBTOUM.js not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ltagCA1530OY.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ltagCAGM7EFV.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ltagCAR8VJRA.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mevio_com[3].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\oauth[5].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pdCACEW76R.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pdCAYMACNR.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\tweet_button.1363148939[2].htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\tweet_button[1].htm not found!
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\visitormatch[3].htm moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\wyoming[1].htm moved successfully.
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\xd_arbiterCA06JZJI.htm not found!
File\Folder C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\xd_arbiterCA7M3S3P.htm not found!
File move failed. C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.


PendingFileRenameOperations files...


Registry entries deleted on Reboot...
 
Il log di adwcleaner dopo il riavvio è questo:

# AdwCleaner v2.115 - Logfile creato il 17/03/2013 alle 20:11:54
# Aggiornamento 17/03/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Utente : Utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Utente\Downloads\AdwCleaner.exe
# Opzioni [Elimina]




***** [Servizi] *****


Fermato & Eliminato : Application Updater


***** [File / Cartelle] *****


Cartella Eliminato : C:\Program Files\Application Updater
Cartella Eliminato : C:\Program Files\Common Files\spigot
Cartella Eliminato : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Cartella Eliminato : C:\Program Files\TornTV.com
Cartella Eliminato : C:\Program Files\Yontoo
Cartella Eliminato : C:\ProgramData\boost_interprocess
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\Users\Utente\AppData\Local\Conduit
Cartella Eliminato : C:\Users\Utente\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\Utente\AppData\Local\PackageAware
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Utente\AppData\LocalLow\Search Settings
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\moovida-1
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\extensions\@FissaPlugin
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\jetpack
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\OfferBox
Eliminato al riavvio : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Eliminato : C:\user.js
File Eliminato : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\searchplugins\Search_Results.xml
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\searchplugins\SearchResults.xml


***** [Registro] *****


Chiave Eliminata : HKCU\Software\1ClickDownload
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Search Settings
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\FissaSearch
Chiave Eliminata : HKCU\Software\InstallCore
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKCU\Software\Search Settings
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Application Updater
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Chiave Eliminata : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Chiave Eliminata : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\Funmoods
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Widestream6-setup_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\Software\Search Settings
Chiave Eliminata : HKLM\Software\Tarma Installer
Chiave Eliminata : HKLM\Software\WebShot\OpenCandy
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll,C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll,
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]


***** [Browser Internet] *****


-\\ Internet Explorer v10.0.9200.16521


[OK] Registro Pulito.


-\\ Mozilla Firefox v15.0.1 (it)


File : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\prefs.js


C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\user.js ... Eliminato !


Eliminata : user_pref("extensions.Fissa.Uninstall.lastRunTime", "Fri, 15 Mar 2013 16:54:44 GMT");
Eliminata : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Eliminata : user_pref("extentions.y2layers.installId", "d9181b1d-0bb0-421b-ac0f-f47c816737b1");


-\\ Google Chrome v25.0.1364.172


File : C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Preferences


[OK] File Pulito.


*************************


AdwCleaner[S1].txt - [12539 octets] - [17/03/2013 20:11:54]


########## EOF - C:\AdwCleaner[S1].txt - [12600 octets] ##########


Eset trova un trojan in services.exe ma non riesce a cancellarlo! mi appare una pagina non protetta quando cerco di entrare in yahoo mail o qualsiasi altro sito (anche facebook). Si chiama Errore SSL.

Aspetto vostre info,
Fabrizio

- - - Updated - - -

Il trojan si chiama Sirefef.gen!C

- - - Updated - - -

Il trojan si chiama Sirefef.gen!C


Come si cancella?
 
Ultima modifica:
Il Log di combofix è questo:

ComboFix 13-03-17.01 - Utente 17/03/2013 20:48:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3327.2384 [GMT 1:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Firewall ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Local\assembly\tmp
c:\users\Utente\g2mdlhlpx.exe
c:\windows\$NtUninstallKB21055$
c:\windows\$NtUninstallKB21055$\2178012142\@
c:\windows\$NtUninstallKB21055$\2178012142\Desktop.ini
c:\windows\$NtUninstallKB21055$\2178012142\L\00000004.@
c:\windows\$NtUninstallKB21055$\2178012142\L\201d3dde
c:\windows\$NtUninstallKB21055$\2178012142\L\76603ac3
c:\windows\$NtUninstallKB21055$\2178012142\L\xadqgnnk
c:\windows\$NtUninstallKB21055$\2178012142\U\00000004.@
c:\windows\$NtUninstallKB21055$\2178012142\U\00000008.@
c:\windows\$NtUninstallKB21055$\2178012142\U\000000cb.@
c:\windows\$NtUninstallKB21055$\2178012142\U\80000000.@
c:\windows\$NtUninstallKB21055$\2178012142\U\80000032.@
c:\windows\$NtUninstallKB21055$\2969624108
c:\windows\IsUn0410.exe
c:\windows\system32\DC120fc7_32.dll
.
La copia infetta di c:\windows\system32\drivers\afd.sys è stata trovata e disinfettata
ipristinata copia da - The cat found it :)
.
((((((((((((((((((((((((( Files Creati Da 2013-02-17 al 2013-03-17 )))))))))))))))))))))))))))))))))))
.
.
2013-03-17 20:00 . 2013-03-17 20:03 -------- d-----w- c:\users\Utente\AppData\Local\temp
2013-03-17 20:00 . 2013-03-17 20:00 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-03-17 20:00 . 2013-03-17 20:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-17 19:12 . 2013-03-17 19:12 191 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-17 18:34 . 2013-03-17 18:34 -------- d-----w- C:\_OTL
2013-03-15 21:22 . 2013-03-15 21:22 -------- d-----w- c:\users\Utente\AppData\Roaming\MusicNet
2013-03-15 21:22 . 2013-03-15 21:25 -------- d-----w- c:\users\Utente\AppData\Local\Lphant
2013-03-15 21:21 . 2013-03-15 21:22 -------- d-----w- c:\program files\Lphant Applications
2013-03-15 21:21 . 2013-03-15 21:21 -------- d-----w- c:\programdata\Lphant
2013-03-15 21:20 . 2013-03-15 21:23 -------- dc-h--w- c:\programdata\{175E0859-0138-41EB-B69A-C4CA293ADCCD}
2013-03-15 19:59 . 2013-03-15 19:59 -------- d-----w- c:\program files\Enigma Software Group
2013-03-15 19:58 . 2013-03-15 19:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-03-14 12:39 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-14 12:18 . 2013-03-14 12:18 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-14 12:18 . 2013-03-14 12:18 -------- d-----w- c:\users\Utente\AppData\Roaming\Apple Computer
2013-03-13 13:53 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-10 13:09 . 2013-03-10 13:09 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-03 12:51 . 2013-03-03 12:51 -------- d-----w- c:\program files\ESET
2013-02-27 16:43 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-27 16:43 . 2013-01-13 19:02 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-02-27 16:43 . 2013-01-13 21:17 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-27 16:43 . 2013-01-13 21:17 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-27 16:43 . 2013-01-13 21:16 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-22 01:37 . 2013-02-22 01:37 40136 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 20:02 . 2011-04-10 14:30 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-03-16 17:58 . 2012-03-30 11:42 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-16 17:58 . 2011-07-17 11:49 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-10 13:09 . 2012-08-06 16:09 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-10 13:09 . 2010-11-30 18:56 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-13 13:57 . 2007-04-27 09:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2013-02-12 04:48 . 2013-03-12 19:41 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-12 19:41 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 00:45 . 2013-03-15 12:35 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{788FD3F8-80E0-40E5-AAED-EBF7DB44102B}\mpengine.dll
2013-01-17 00:28 . 2010-11-22 09:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-10 08:25 . 2013-01-10 08:25 150080 ----a-w- c:\windows\system32\drivers\epfw.sys
2013-01-10 08:25 . 2013-01-10 08:25 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2013-01-10 08:25 . 2013-01-10 08:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-10 08:25 . 2013-01-10 08:25 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-01-10 08:25 . 2013-01-10 08:25 122240 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2013-01-05 05:00 . 2013-02-13 12:53 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 12:53 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 03:46 . 2013-01-05 03:46 37208 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-04 04:50 . 2013-02-13 12:53 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 12:53 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 12:53 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 12:53 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-12-24 18:16 . 2012-12-24 18:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-10-28 18:06 . 2012-10-28 18:05 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromium"="c:\users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-03-11 1274320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 4763008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-12-24 295072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 5074384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]
.
c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2012-12-6 2045736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2012-07-10 22:53 549760 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 NDISKIO;NDISKIO;c:\users\Utente\AppData\Local\Temp\000013ad.nmc\nse\bin\ndiskio.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SMALUSB;Digital Camera Driver;c:\windows\system32\DRIVERS\smallogi.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:58]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9466f261a140.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 19:52]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ce0d4abbda4cf0.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-22 19:52]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3102737792-3306905355-1981217177-1001Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 20:31]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3102737792-3306905355-1981217177-1001UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17 20:31]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:8555
uInternet Settings,ProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 78.46.86.74 212.117.175.185
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - ExtSQL: 2013-03-14 14:18; ascsurfingprotection@iobit.com; c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\dg6ss2wx.default\extensions\ascsurfingprotection@iobit.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @DenieD: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @DenieD: (2) (LocalSystem)
"Timestamp"=hex:50,7f,ed,ca,ce,b1,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @DenieD: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,60,4e,2b,d4,8b,1a,40,bf,06,ff,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,60,4e,2b,d4,8b,1a,40,bf,06,ff,\
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_USERS\S-1-5-21-3102737792-3306905355-1981217177-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4B486049-0D12-21D2-A718-AC9E55F0402E}*]
"maddnpphdmpbipgjkfajfcdndh"=hex:6b,61,66,6b,6e,6e,63,6d,67,70,62,6d,67,6b,6f,
6a,6c,65,6b,62,65,6f,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Kodak\KODAK Share Button App\Listener.exe
c:\program files\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\CISVC.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hotspot Shield\bin\openvpntray.exe
c:\program files\Hotspot Shield\bin\af_proxy_cmd.exe
c:\windows\system32\conhost.exe
c:\program files\Hotspot Shield\bin\openvpn.exe
c:\windows\system32\conhost.exe
c:\program files\Hotspot Shield\bin\fbwmgr.exe
c:\windows\system32\conhost.exe
c:\program files\Hotspot Shield\bin\fbw.exe
c:\program files\Hotspot Shield\bin\fbw.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2013-03-17 21:08:36 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-03-17 20:08
.
Pre-Run: 84.714.110.976 byte disponibili
Post-Run: 84.607.385.600 byte disponibili
.
- - End Of File - - 567A581452C985214B8891AE99969903


Ci sono unlteriori virus?
 
Combofix ha eliminato il rootkit Zero Access (sirefef nominato da molti antivirus).
Riattiva eset e verifica.
 
Pubblicità
Pubblicità
Indietro
Top