- 90
- 2
- CPU
- intel core i7 740qm
- Scheda Madre
- asus
- HDD
- 320GB
- RAM
- 4GB DDR3
- GPU
- ATI HD 6370M 1GB
- Audio
- conexat
- OS
- WIN 7 x64
Ciao a tutti, è la prima volta che scrivo in questo forum. ringrazio tutti coloro che leggeranno il mio post.
il problema è il seguente:
sta mattina ho acceso il portatile (wind 7 premium 64bit) e ho visto che alcuni servizi non erano partiti.
BFE(base filtering engine)
Client DHCP
Pubblicazione risorse per individuazione
Riconoscimento presenza in rete
Servizio criteri di diagnostica
poi ci sono altri servizi che non partono perche dipendono da qualcuno di quelli sopra... e sono:
ICS (condivisione connessioen internet)
Moduli di impostazioni chiaviIPSec IKE e Auth-IP
Windows Firewall
ho provato ad avviare i servizi (sono già ni avvio automatico) lanciando services.msc come amministratore:
per
BFE(base filtering engine)
Client DHCP
Servizio criteri di diagnostica
l'errore è lo stesso, errore 5: accesso negato
nivece per "Pubblicazione risorse per individuazione" è : errore 0x80070005: accesso negato
e per "Riconoscimento presenza in rete" è: impossibile avviare .... per maggiori informazioni consultare il registro eventi di sistema. Se non si tratta di un servizio Microsoft contattare il fornitore del servizio e fare riferimento al codice di errore -1073741288
non so se può essere utile ma la sera prima poco priam di spegnerlo avira ha fatto un rilevamento.
questo è il report
Nel file 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Video to Android Converter\FreeVideoToAndroidConverter.exe'
è stato rilevato un virus o programma indesiderato 'TR/Crypt.XPACK.Gen2' [trojan].
Azione eseguita: Nega accesso
inoltre quando l'ho spento per sbaglio ho fatto riavvia e non volendo attendere mentre si stava arrestando ho tenuto premuto il power per spegnerlo subito.
ho fatto una scansione completa con avira e non ha rilevato niente
una scansione completa con Malwarebytes rilevando un oggetto:
File rilevati: 1
D:\CHROME\SoftonicDownloader_per_msn-messenger.exe (PUP.BundleOffer.Downloader.S) -> Spostato in quarantena ed eliminato con successo.
purtroppo il database non aggiornato da 36 giorni e non so come aggiornarlo, ho provato a scaricare le definizioni caricate da tecnico24 su questo topic http://www.tomshw.it/forum/sicurezza/219135-dubbio-su-virus-o-problema-hardware-2.html ma il file non c'è piu :(
questo il log di hijackthis
invece questo è il log di combofix
purtroppo non ho punti di ripristino perche era disattivato e neanche copie di backup :(
vi prego aiutatemi, non voglio formattare.
grazie
ps se no nsi tratta di un virus cosa potrebbe essere?
il problema è il seguente:
sta mattina ho acceso il portatile (wind 7 premium 64bit) e ho visto che alcuni servizi non erano partiti.
BFE(base filtering engine)
Client DHCP
Pubblicazione risorse per individuazione
Riconoscimento presenza in rete
Servizio criteri di diagnostica
poi ci sono altri servizi che non partono perche dipendono da qualcuno di quelli sopra... e sono:
ICS (condivisione connessioen internet)
Moduli di impostazioni chiaviIPSec IKE e Auth-IP
Windows Firewall
ho provato ad avviare i servizi (sono già ni avvio automatico) lanciando services.msc come amministratore:
per
BFE(base filtering engine)
Client DHCP
Servizio criteri di diagnostica
l'errore è lo stesso, errore 5: accesso negato
nivece per "Pubblicazione risorse per individuazione" è : errore 0x80070005: accesso negato
e per "Riconoscimento presenza in rete" è: impossibile avviare .... per maggiori informazioni consultare il registro eventi di sistema. Se non si tratta di un servizio Microsoft contattare il fornitore del servizio e fare riferimento al codice di errore -1073741288
non so se può essere utile ma la sera prima poco priam di spegnerlo avira ha fatto un rilevamento.
questo è il report
Nel file 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Video to Android Converter\FreeVideoToAndroidConverter.exe'
è stato rilevato un virus o programma indesiderato 'TR/Crypt.XPACK.Gen2' [trojan].
Azione eseguita: Nega accesso
inoltre quando l'ho spento per sbaglio ho fatto riavvia e non volendo attendere mentre si stava arrestando ho tenuto premuto il power per spegnerlo subito.
ho fatto una scansione completa con avira e non ha rilevato niente
una scansione completa con Malwarebytes rilevando un oggetto:
File rilevati: 1
D:\CHROME\SoftonicDownloader_per_msn-messenger.exe (PUP.BundleOffer.Downloader.S) -> Spostato in quarantena ed eliminato con successo.
purtroppo il database non aggiornato da 36 giorni e non so come aggiornarlo, ho provato a scaricare le definizioni caricate da tecnico24 su questo topic http://www.tomshw.it/forum/sicurezza/219135-dubbio-su-virus-o-problema-hardware-2.html ma il file non c'è piu :(
questo il log di hijackthis
Codice:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:08:30, on 18/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra 'Tools' menuitem: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {4E4D7D39-3E81-4A55-976B-092AF0B3F2BD} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RPC Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 9941 bytes
invece questo è il log di combofix
Codice:
ComboFix 12-02-17.02 - lissi 19/02/2012 15:42:41.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4021.2501 [GMT 1:00]
Eseguito da: c:\users\lissi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-19 al 2012-02-19 )))))))))))))))))))))))))))))))))))
.
.
2012-02-19 14:49 . 2012-02-19 14:54 -------- d-----w- c:\users\lissi\AppData\Local\temp
2012-02-19 14:49 . 2012-02-19 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-18 19:11 . 2012-02-18 19:17 -------- d-----w- c:\users\lissi\AppData\Local\ElevatedDiagnostics
2012-02-18 17:50 . 2012-02-18 17:50 388096 ----a-r- c:\users\lissi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-18 17:50 . 2012-02-18 17:50 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-18 13:34 . 2012-02-18 13:34 -------- d-----w- c:\users\lissi\AppData\Roaming\Malwarebytes
2012-02-18 13:33 . 2012-02-18 13:33 -------- d-----w- c:\programdata\Malwarebytes
2012-02-18 13:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 13:33 . 2012-02-19 11:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-18 12:15 . 2012-02-18 12:15 -------- d-----w- c:\windows\Profiles
2012-02-18 12:15 . 2012-02-18 12:15 -------- d-----w- c:\users\Administrator
2012-02-15 20:08 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 20:08 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 20:08 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 20:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 20:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 20:08 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 20:08 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 20:08 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-12 14:43 . 2012-02-12 14:46 -------- d-----w- C:\ADOperationsGuide
2012-02-11 10:34 . 2012-02-11 10:34 -------- d-----w- c:\program files (x86)\EpsonNet
2012-02-10 18:06 . 2012-02-10 18:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-10 00:46 . 2012-02-10 00:46 -------- d-sha-w- c:\users\Public\DRM
2012-02-08 22:01 . 2012-02-08 22:01 -------- d-----w- c:\program files (x86)\FinalWire
2012-02-08 20:28 . 2012-02-08 20:28 -------- d-----w- c:\programdata\ATI
2012-02-08 20:27 . 2012-02-08 20:27 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-02-08 18:26 . 2012-02-08 20:28 -------- d-----w- c:\program files\ATI Technologies
2012-02-08 17:24 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2012-02-08 17:24 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-02-08 17:24 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-08 17:24 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-02-08 17:23 . 2012-02-10 17:48 -------- d-----w- c:\program files (x86)\PerformanceTest
2012-02-08 10:59 . 2009-03-09 14:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2012-02-08 10:58 . 2012-02-08 10:58 -------- d-----w- c:\windows\system32\temp
2012-02-08 10:58 . 2012-02-08 10:58 -------- d-----w- c:\program files\BurnInTest
2012-02-06 19:25 . 2012-02-06 19:26 -------- d-----w- c:\users\lissi\AppData\Local\Facebook
2012-02-02 10:39 . 2012-02-02 10:39 -------- d-----w- c:\users\lissi\AppData\Local\Ilivid Player
2012-02-02 10:38 . 2012-02-02 11:28 -------- d-----w- c:\programdata\boost_interprocess
2012-02-02 10:38 . 2012-02-02 10:38 -------- d-----w- c:\users\lissi\AppData\Local\PackageAware
2012-02-01 21:41 . 2012-02-02 02:37 -------- d-----w- c:\programdata\ASUS
2012-02-01 18:03 . 2012-02-01 18:03 -------- d-----w- c:\program files (x86)\Camtech
2012-02-01 18:03 . 2004-02-22 23:00 1386496 ----a-w- c:\windows\SysWow64\temp.000
2012-02-01 18:01 . 2012-02-01 22:58 -------- d-----w- c:\program files (x86)\Passware
2012-02-01 13:16 . 2012-02-01 13:16 -------- d-----w- c:\users\lissi\AppData\Local\iOpus_Software_GmbH
2012-02-01 13:15 . 2012-02-01 13:15 -------- d-----w- c:\program files (x86)\iOpus
2012-01-30 00:32 . 2012-01-30 00:33 -------- d-----w- c:\program files (x86)\Safari
2012-01-30 00:31 . 2012-01-30 00:31 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-01-30 00:31 . 2012-01-30 00:31 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-27 22:02 . 2012-01-28 16:37 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-01-27 21:52 . 2012-01-27 21:52 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-01-27 21:51 . 2012-01-27 21:51 -------- d-----w- c:\users\lissi\AppData\Local\Microsoft Help
2012-01-27 21:51 . 2012-02-01 23:01 -------- d-----w- c:\programdata\Microsoft Help
2012-01-27 21:51 . 2012-01-27 21:51 -------- d-----r- C:\MSOCache
2012-01-27 16:07 . 2012-01-27 16:07 -------- d-----w- c:\windows\SysWow64\Adobe
2012-01-26 17:49 . 2012-01-26 18:05 -------- d-----w- c:\users\lissi\AppData\Roaming\vlc
2012-01-25 20:41 . 2012-01-25 20:41 -------- d-----w- c:\program files (x86)\SopCast
2012-01-25 16:12 . 2012-02-10 00:14 -------- d-----w- c:\program files (x86)\Online TV Player 4
2012-01-25 14:37 . 2012-01-25 14:37 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 14:53 . 2011-09-12 20:47 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2012-02-10 18:05 . 2011-09-18 23:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-08 21:38 . 2009-07-13 23:28 6656 ----a-w- c:\windows\system32\lpcio.dll
2012-01-27 16:06 . 2012-01-09 23:44 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 17:46 . 2012-01-18 17:46 4608 ----a-w- c:\windows\SysWow64\w95inf32.dll
2012-01-18 17:46 . 2012-01-18 17:46 2272 ----a-w- c:\windows\SysWow64\w95inf16.dll
2012-01-18 17:17 . 2012-01-18 17:17 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-16 08:51 . 2011-12-22 14:03 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-16 08:51 . 2011-12-22 14:03 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-12-16 08:51 . 2011-12-22 14:03 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-06 14:55 . 2011-01-24 15:26 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-18_13.55.13 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-16 19:41 . 2012-02-18 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-16 19:41 . 2012-02-18 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-16 19:41 . 2012-02-18 12:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-16 19:41 . 2012-02-18 19:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-18 12:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-18 19:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-18 13:54 . 2012-02-18 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 14:50 . 2012-02-19 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 14:50 . 2012-02-19 14:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-18 13:54 . 2012-02-18 13:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-02 02:58 . 2012-02-19 14:25 482560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-02 02:58 . 2012-02-18 13:53 482560 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-02 02:58 . 2012-02-19 14:49 394344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-02 02:58 . 2012-02-18 13:53 394344 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 02:58 . 2012-02-19 14:49 4736308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1574342691-3605883445-474851928-1001-12288.dat
- 2012-02-02 02:58 . 2012-02-18 13:16 4736308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1574342691-3605883445-474851928-1001-12288.dat
+ 2012-02-18 13:32 . 2012-02-18 13:32 1402880 c:\windows\Installer\20a97b.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-01-24 3054136]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-1-24 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 135664]
R3 ALSysIO;ALSysIO;c:\users\lissi\AppData\Local\Temp\ALSysIO64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [2010-06-30 21056]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001Core.job
- c:\users\lissi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-06 19:25]
.
2012-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001UA.job
- c:\users\lissi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-06 19:25]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 14:52]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 14:52]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001Core.job
- c:\users\lissi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 10:12]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001UA.job
- c:\users\lissi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 10:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {50C3F0BE-A832-45AB-BB6E-352D173AFD8C} - c:\program files (x86)\iOpus\iMacros\iMacrosSidebar.dll
TCP: DhcpNameServer = 193.70.152.15 212.52.97.15
FF - ProfilePath - c:\users\lissi\AppData\Roaming\Mozilla\Firefox\Profiles\6u1e5j99.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-19 16:05:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-02-19 15:05
ComboFix2.txt 2012-02-18 22:35
ComboFix3.txt 2012-02-18 13:59
.
Pre-Run: 5.905.063.936 byte disponibili
Post-Run: 5.858.631.680 byte disponibili
.
- - End Of File - - FA2D07320B75D0282E5DCE72FD757EE2
purtroppo non ho punti di ripristino perche era disattivato e neanche copie di backup :(
vi prego aiutatemi, non voglio formattare.
grazie
ps se no nsi tratta di un virus cosa potrebbe essere?
Ultima modifica: