| Precedente :: Successivo |
| Autore |
Messaggio |
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
 Inviato: 14 Nov 2013 21:27 Oggetto: DO SEARCHES Tollbar + spyware inefficace. |
 |
|
Buongiorno, uso Google Chrome. Forse dopo aver installato Java 7 mi è appare come pagina iniziale DO SEARCHES e relativi "slot" pubblicitari. Tale anomalia si verifica anche se apro Internet Explorer e Mozilla Firefox. Non riesco a toglierla. Ho provato con SuperAntispyware. Il risultato è che vengono trovato oltre 300 minacce. Vengono cancellate ma quando si riavvia il PC e ripeto SuperAntispyare vengono trovate altre numerose minacce. Ho provato con Malwarebytes. Il risultato è sempre lo stesso. Se vengono trovate infezioni, si cancellano ma DO SEARCHES è sempre la pagina principale di qualsiasi Browser decido di usare. Anche su "personalizza" di Google e poi "impostazioni" all'avvio imposta pagina c'è solo Google...
Inoltre ritengo che il PC sia anche un pò rallentato... In pratica credo ci sia un "covo" di infezioni ma, sicuramente, DO SEARCHES è una di queste, la più recente e non sembra voler sparire.
Si rimane in attesa di un vostro cortese riscontro.
Grazie. |
|
| Top |
|
 |
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 14 Nov 2013 21:31 Oggetto: |
|
|
ciao Armageddonet gli aggiornamenti si scaricano dal sito ufficiale, e' pericoloso accettarli da dove capita
fai questa scansione
scarica adwcleaner
clicca su scan e poi su ''clean'' conferma con OK le varie finestre che ti compariranno.
alla fine clicca su Report e allega il contenuto
Se hai Avira come antivirus, questo utilizza ASK Toolbar come parte della sua sicurezza del web.
Se eliminata, AntiVir WebGuard potrebbe non funzionare più correttamente.
Quindi:
Apri Adwcleaner e clicca sul ? in alto a sinistra.
Clicca su opzioni.
Metti la spunta su :
DisableAskDetection
Clicca OK.
Clicca sul pulsante "Elimina".
quando finisce fanne una anche con combofix come indicato in questa guida
Allega i due rapporti
|
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 14 Nov 2013 22:02 Oggetto: |
|
|
# AdwCleaner v3.012 - Report created 14/11/2013 at 20:56:20
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bruno - BRUNO-PC
# Running from : C:\Users\Bruno\Downloads\adwcleaner (1).exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Bruno\AppData\Local\Conduit
Folder Deleted : C:\Users\Bruno\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Bruno\AppData\Local\SoftwareUpdater
Folder Deleted : C:\Users\Bruno\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Bruno\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Bruno\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Bruno\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bruno\AppData\Roaming\Movdap
Folder Deleted : C:\Users\Bruno\AppData\Roaming\Web Cake
Folder Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\Extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\Extensions\torntv2@torntv.com.xpi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\bProtector_extensions.rdf
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\invalidprefs.js
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\searchplugins\ask-search.xml
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\user.js
File Deleted : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Dealply
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox ( Modalità provvisoria).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applicazioni Chrome\Magisto.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Bruno\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3304001
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_audiggle_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_audiggle_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_bit-che_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_bit-che_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_freemake-audio-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_freemake-audio-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_jaikoz_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_jaikoz_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_jdownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_jdownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_malwarebytes-anti-malware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_malwarebytes-anti-malware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_mediaget_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_mediaget_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_pc-speed-maximizer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_pc-speed-maximizer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_songr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_songr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_soulseek_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_soulseek_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_total-video-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_total-video-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_tunatic_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_tunatic_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322012239}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366016639}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366016639}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16736
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v24.0 (it)
[ File : C:\Users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\prefs.js ]
Line Deleted : user_pref("CT3304001.FF19Solved", "true");
Line Deleted : user_pref("CT3304001.UserID", "UN36415384951502122");
Line Deleted : user_pref("CT3304001.fullUserID", "UN36415384951502122.IN.20130929001346");
Line Deleted : user_pref("CT3304001.installDate", "29/09/2013 00:13:48");
Line Deleted : user_pref("CT3304001.installSessionId", "{CAFBD153-B1AA-4812-A84F-31221721AB4C}");
Line Deleted : user_pref("CT3304001.installSp", "false");
Line Deleted : user_pref("CT3304001.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3304001.keyword", "true");
Line Deleted : user_pref("CT3304001.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3304001.searchRevert", "false");
Line Deleted : user_pref("CT3304001.searchUserMode", "2");
Line Deleted : user_pref("CT3304001.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3304001.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.dosearches.com/newtab/?utm_source=b&utm_medium=tugs&utm_campaign=ST31000524AS_6VPCNYXEXXXX6VPCNYXE&utm_content=nt&from=tugs&uid=ST31000524AS_6VPCNYXEXXXX6VP[...]
Line Deleted : user_pref("browser.search.defaultenginename", "dosearches");
Line Deleted : user_pref("browser.search.selectedEngine", "dosearches");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=ST31000524AS_6VPCNYXEXXXX6VPCNYXE&ts=1384207063");
Line Deleted : user_pref("extensions.crossrider.bic", "1403900ed60b3b11bb52cafcb497358b");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "it");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "1a0847bc000000000000bcaec5301159");
Line Deleted : user_pref("extensions.delta.instlDay", "15942");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.618:43:21");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=124019&tsp=4985");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.enabledAddons", "plugin%40getwebcake.com:1.00.01,client%40anonymox.net:2.1.1,%7BDF153AFF-6948-45d7-AC98-4FC4AF8A08E2%7D:1.3.3,%7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.12.0.13[...]
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "52ae519c-2c06-4bbf-9898-bfc898b85541");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304001&SearchSource=2&CUI=UN36415384951502122&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3304001");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3304001&SearchSource=2&CUI=UN36415384951502122&UM=2&q=");
Line Deleted : user_pref("smartbar.machineId", "WOH8UC9ZPXFPJFVH0KAEFMDL0VULSA0OQIETRAJU2A0CXVTDPOTD51A+DUUTY35PERICKE+FIF++/XUYAM+0XW");
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\Bruno\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [27033 octets] - [14/11/2013 20:54:30]
AdwCleaner[S0].txt - [22737 octets] - [14/11/2013 20:56:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22798 octets] ########## |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 14 Nov 2013 22:08 Oggetto: |
|
|
| Non sò se è dovuto all'età.... ma non vedo "?" in alto a sinistra nel programma Adwcleaner... |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 14 Nov 2013 22:17 Oggetto: |
|
|
| Codice: | | Non sò se è dovuto all'età.... ma non vedo "?" in alto a sinistra nel programma Adwcleaner... |
no no non e' colpa tua, probabilmente sono cambiate le impostazioni
esegui combofix come da guida e allega il log |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 14 Nov 2013 23:27 Oggetto: |
|
|
ComboFix 13-11-12.01 - Bruno 14/11/2013 22:16:01.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6135.3736 [GMT 1:00]
Eseguito da: c:\users\Bruno\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-14 al 2013-11-14 )))))))))))))))))))))))))))))))))))
.
.
2013-11-14 21:22 . 2013-11-14 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-14 20:08 . 2013-11-14 20:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D6E8669-CFDD-47A7-855B-96D6AC6DCFB5}\offreg.dll
2013-11-14 20:05 . 2013-11-14 20:05 -------- d-----w- c:\program files (x86)\Hosts_Anti_Adwares_PUPs
2013-11-14 19:51 . 2013-11-14 19:56 -------- d-----w- C:\AdwCleaner
2013-11-13 22:09 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-12 17:06 . 2013-10-16 00:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D6E8669-CFDD-47A7-855B-96D6AC6DCFB5}\mpengine.dll
2013-11-12 15:37 . 2013-11-12 15:37 -------- d-----w- c:\users\Bruno\AppData\Roaming\AVAST Software
2013-11-12 15:37 . 2013-11-12 15:36 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-12 15:37 . 2013-11-12 15:36 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-12 15:37 . 2013-11-12 15:36 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-12 15:37 . 2013-11-12 15:36 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-12 15:37 . 2013-11-12 15:36 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-12 15:36 . 2013-11-12 15:36 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-12 15:36 . 2013-11-12 15:36 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-12 15:36 . 2013-11-12 15:36 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-12 15:36 . 2013-11-12 15:36 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-12 15:36 . 2013-11-12 15:36 43152 ----a-w- c:\windows\avastSS.scr
2013-11-12 15:36 . 2013-11-12 15:36 -------- d-----w- c:\program files\AVAST Software
2013-11-12 15:35 . 2013-11-12 15:35 -------- d-----w- c:\programdata\AVAST Software
2013-11-12 12:37 . 2013-11-12 12:38 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-12 12:36 . 2013-11-12 12:37 -------- d-----w- c:\users\Bruno\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-12 12:21 . 2013-11-12 12:21 -------- d-----w- c:\program files\Enigma Software Group
2013-11-12 12:20 . 2013-11-12 12:20 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-11-12 12:13 . 2013-11-12 12:13 -------- d-----w- c:\program files (x86)\Re-markit
2013-11-01 19:05 . 2013-11-01 22:08 -------- d-----w- c:\users\Bruno\'70 '80 '90 Disco Party
2013-11-01 09:15 . 2013-11-01 09:15 -------- d-----w- c:\users\Bruno\AppData\Local\ElevatedDiagnostics
2013-10-31 13:08 . 2013-10-31 13:08 -------- d-----w- c:\users\Bruno\AppData\Local\TBHostSupport
2013-10-31 13:08 . 2013-10-31 13:08 -------- d-----w- c:\users\Bruno\AppData\Local\NativeMessaging
2013-10-31 12:01 . 2013-10-31 12:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-31 12:01 . 2013-10-31 12:01 -------- d-----w- c:\program files\iTunes
2013-10-31 12:01 . 2013-10-31 12:01 -------- d-----w- c:\program files (x86)\iTunes
2013-10-31 12:01 . 2013-10-31 12:01 -------- d-----w- c:\program files\iPod
2013-10-31 07:56 . 2013-10-31 07:56 -------- d-----w- C:\MaxAVLiveUpdate
2013-10-31 07:41 . 2013-10-31 07:42 -------- d-----w- c:\programdata\Max Secure
2013-10-31 07:27 . 2013-10-31 07:44 -------- d-----w- c:\users\Bruno\AppData\Roaming\GetRightToGo
2013-10-21 17:40 . 2013-10-21 17:40 -------- d-----w- c:\programdata\Oracle
2013-10-21 17:40 . 2013-10-08 05:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-13 22:53 . 2011-07-10 10:17 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 18:33 . 2011-07-10 10:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-18 20:08 . 2013-09-18 20:08 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2013-09-10 09:46 . 2013-05-13 15:30 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-10 09:46 . 2013-03-29 06:52 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-10 09:46 . 2013-03-29 06:52 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-09-09 05:30 . 2008-03-26 06:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-09-09 05:30 . 2008-03-26 06:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-09-08 02:30 . 2013-10-10 04:26 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-10 04:26 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-10 04:26 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-10 15:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-10 15:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-10 15:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-10 15:20 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-10 15:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-10 15:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-10 15:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-09-03 13:35 . 2011-07-08 11:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 02:17 . 2013-10-10 04:26 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-10 04:26 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-10 04:26 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-10 04:26 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-10 04:26 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-10 04:26 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-10 04:26 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-10 04:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-10 04:26 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-10 04:26 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-10 04:26 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-10 04:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 01:29 . 2013-10-10 04:26 33280 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-29 00:49 . 2013-10-10 04:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-10 04:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-10 04:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-10 04:26 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-10 04:26 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-10 04:25 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-08-26 09:13 . 2013-08-26 09:13 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2009-09-27 07:39 369152 --sh--w- c:\windows\SysWOW64\avisynth.dll
2005-07-14 10:31 32256 --sh--w- c:\windows\SysWOW64\AVSredirect.dll
2004-02-22 08:11 719872 --sh--w- c:\windows\SysWOW64\devil.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\i420vfw.dll
2004-01-24 22:00 70656 --sh--w- c:\windows\SysWOW64\yv12vfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9a42ce2b-7a14-4d5a-a2e3-84ba19e9a28f}]
2013-11-12 12:13 136704 ----a-w- c:\program files (x86)\Re-markit\135.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-07 6604568]
"TBHostSupport"="c:\users\Bruno\AppData\Local\TBHostSupport\TBHostSupport.dll" [2013-10-31 458016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-10 347192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-23 152392]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [BU]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-09-11 450560]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-12 3568312]
"HOSTS Anti-Adware_PUPs"="c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" [2013-11-14 302961]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
"PosService"=c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe;c:\program files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [x]
R2 LiveUpSC;LiveUpSC;c:\users\Bruno\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\Bruno\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 PowerOffer Service;Pos Service;c:\users\Bruno\AppData\Local\PosService\Pos.exe;c:\users\Bruno\AppData\Local\PosService\Pos.exe [x]
R2 ServUpdater;Serv Updater;c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.exe;c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-25 21:17 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 18:33]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 06:20]
.
2013-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-09 06:20]
.
2013-11-14 c:\windows\Tasks\Re-markit Update.job
- c:\program files (x86)\Re-markit\ReMarkit_up.exe [2013-11-12 12:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-12 15:36 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Bruno\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Profiles\kvx6xoop.default\
FF - ExtSQL: 2013-11-12 13:13; {284fed43-2e13-4afe-8aeb-50827d510e20}; c:\program files (x86)\Re-markit\135.xpi
FF - ExtSQL: 2013-11-12 16:36; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-11-14 22:24:10
ComboFix-quarantined-files.txt 2013-11-14 21:24
ComboFix2.txt 2013-10-31 08:06
.
Pre-Run: 9.237.708.800 byte disponibili
Post-Run: 9.261.096.960 byte disponibili
.
- - End Of File - - 89BA78FEFA284212924EE57A9BA9CFB0
A36C5E4F47E84449FF07ED3517B43A31 |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 15 Nov 2013 00:26 Oggetto: |
|
|
perche' vi ostinate a tenere due antivirus installati, creano solo instabilita' e non proteggono, ne' uno ne' l'altro perche' vanno in conflitto tra loro
rimuovi avast o avira, decidi tu
ora apri blocco note e incolla dentro questo testo
| Codice: | File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Bruno\AppData\Local\PosService\Pos.exe
c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Bruno\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
Folder::
c:\users\Public\Documents\AppData\PoApp
c:\users\Bruno\AppData\Local\PosService
c:\users\Bruno\AppData\Local\ServUpdater
c:\users\Bruno\AppData\Local\SoftwareUpdater
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PosService"=-
driver::
PowerOffer Service
ServUpdater
LiveUpSC
|
salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log |
|
| Top |
|
|
nic
Semidio
Registrato: 30/07/05 14:25
Messaggi: 490
Residenza: Gallo bassa ferrarese
|
| Inviato: 19 Nov 2013 23:08 Oggetto: |
|
|
Ciao a tutti.
Anche a me succede la stessa cosa.Ho provato sia con spyhunter 4,adw cleaner e Malwarebytes,ma Dosearches è ancora presente quando apro Chrome o Ie.Io ho solo Norton installato e anche spyboot non riesce ad eliminarlo.Come devo procedere???
Il sistema operativo è windows 8.1 e non so sinceramente come ho fatto a installare il do searches.
Grazie a tutte/i. |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 19 Nov 2013 23:18 Oggetto: |
|
|
Ciao nic.
Apri un nuovo topic tutto tuo.
Descrivi il problema meglio che puoi.
Non è permesso accodarsi a topic già aperti da altri, anche se il problema è simile.
Grazie.
Ciao. |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 21 Nov 2013 22:39 Oggetto: |
|
|
ComboFix 13-11-16.01 - Bruno 21/11/2013 20:42:00.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6135.3489 [GMT 1:00]
Eseguito da: c:\users\Bruno\Downloads\ComboFix.exe
Opzioni usate :: c:\users\Bruno\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\users\Bruno\AppData\Local\PosService\Pos.exe"
"c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.exe"
"c:\users\Bruno\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Bruno\AppData\Local\PosService
c:\users\Bruno\AppData\Local\PosService\7z.dll
c:\users\Bruno\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Bruno\AppData\Local\PosService\Pos.exe
c:\users\Bruno\AppData\Local\PosService\Pos.InstallLog
c:\users\Bruno\AppData\Local\PosService\Pos.InstallState
c:\users\Bruno\AppData\Local\PosService\settings.ini
c:\users\Bruno\AppData\Local\PosService\settings\settings.ini
c:\users\Bruno\AppData\Local\ServUpdater
c:\users\Bruno\AppData\Local\ServUpdater\7z.dll
c:\users\Bruno\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Bruno\AppData\Local\ServUpdater\InstallHelper.exe
c:\users\Bruno\AppData\Local\ServUpdater\PosService.zip
c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Bruno\AppData\Local\ServUpdater\ServiceUpd.zip
c:\users\Bruno\AppData\Local\ServUpdater\settings.ini
c:\users\Bruno\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Bruno\AppData\Local\ServUpdater\System.Data.SQLite.dll
c:\users\Bruno\AppData\Local\ServUpdater\upd.exe
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\users\Public\Documents\AppData\PoApp\System.Data.SQLite.dll
c:\users\Public\Documents\AppData\PoApp\UPLauncher.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 21 Nov 2013 22:45 Oggetto: |
|
|
finiamo per bene le pulizie potrebbe esserci qualche rimasuglio
Scarica OTL e salvalo sul desktop
Metti la spunta su SCAN ALL USERS.
Sotto output, metti la spunta su minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check e Purity Check.
Clicca su RUN SCAN
Lascia fare la scansione senza interferire.
Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 21 Nov 2013 23:17 Oggetto: |
|
|
Salve,
caricali su Wikisend ???
Cioè ? |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 21 Nov 2013 23:20 Oggetto: |
|
|
| Citazione: | caricali su Wikisend ???
Cioè ? |
preso da una discussione di R16
| Codice: | Per postare il log:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
|
|
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 21 Nov 2013 23:52 Oggetto: |
|
|
Voi scrivete "Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend".
Ma nelle istruzioni per Wikisend è riportato:
"Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum".
Ma quale dei due devo caricare ??
I due log generati sono OTL ed Extras.
Ho provato a caricare OTL su Wikisend.
Il forum link è risultato essere:
OTL.Txt.
Ma la ricerca del link (salvo miei errori) non ha prodotto nessun risultato... |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 22 Nov 2013 18:44 Oggetto: |
|
|
| Citazione: | | Ma quale dei due devo caricare ?? |
Tutti e 2. ( 1 alla volta)
Comunque lo hai postato correttamente.
Aspetta ulteriori indicazioni da menatwork. |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 22 Nov 2013 19:31 Oggetto: |
|
|
non ho trovato molto per ora esegui questo
apri otl e copia questo testo nel box bianco del programma
| Codice: | :OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}: "URL" = http://search.chatzum.com/?orig=DS&affid=62&cztbid=158030780&q={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-947446419-3740479279-3176552494-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-947446419-3740479279-3176552494-1001\..\SearchScopes\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}: "URL" = http://searchitika.com/Search.aspx?cx=partner-pub-8552182375757157:1410703413&cof=FORID:10&ie=UTF-8&q={searchTerms}
[2013/03/18 18:21:37 | 000,001,609 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\kvx6xoop.default\searchplugins\ChatZumSearch.xml
[2011/11/24 21:46:34 | 000,001,867 | ---- | M] () -- C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\kvx6xoop.default\searchplugins\findeer.xml
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
[2013/10/31 08:53:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/24 22:28:08 | 000,005,081 | ---- | C] () -- C:\ProgramData\hnbdehzc.pfe
[2013/11/11 17:10:43 | 103,716,811 | ---- | M] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\ᵖ疮畤¡
[2013/11/11 17:10:43 | 103,716,811 | ---- | C] ()(C:\Windows\SysWow64\???¡) -- C:\Windows\SysWow64\ᵖ疮畤¡
:Files
ipconfig /flushdns /c
:commands
[purity]
[Reboot] |
premi run fix e allega il log |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 24 Nov 2013 21:02 Oggetto: |
|
|
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-947446419-3740479279-3176552494-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-947446419-3740479279-3176552494-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2F6A96A-D352-4171-A570-9DD4AF6986F9}\ not found.
C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\kvx6xoop.default\searchplugins\ChatZumSearch.xml moved successfully.
C:\Users\Bruno\AppData\Roaming\mozilla\firefox\profiles\kvx6xoop.default\searchplugins\findeer.xml moved successfully.
Unable to save new HOSTS file
C:\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\Qoobox\Quarantine\C\Windows\SysWOW64 folder moved successfully.
C:\Qoobox\Quarantine\C\Windows folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData\PoApp\settings folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData\PoApp folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public\Documents folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Public folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Roaming\Microsoft folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Roaming\45150951-49DC-41CC-9DAB-C9220A70D059 folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Roaming folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local\ServUpdater\settings folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local\ServUpdater folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local\PosService\settings folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local\PosService folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local\lollipop folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData\Local folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno\AppData folder moved successfully.
C:\Qoobox\Quarantine\C\Users\Bruno folder moved successfully.
C:\Qoobox\Quarantine\C\Users folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86)\WinRAR folder moved successfully.
C:\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully.
C:\Qoobox\Quarantine\C folder moved successfully.
C:\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\Qoobox\BackEnv scheduled to be moved on reboot.
C:\Qoobox folder moved successfully.
C:\ProgramData\hnbdehzc.pfe moved successfully.
C:\Windows\SysWOW64\ᵖ疮畤¡ moved successfully.
File C:\Windows\SysWow64\ᵖ疮畤¡ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Bruno\Desktop\cmd.bat deleted successfully.
C:\Users\Bruno\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Error: Unable to interpret <[Reboot] - See more at: http://forum.zeusnews.com/viewtopic.php?p=608399#608399> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 11242013_194930
Files\Folders moved on Reboot...
File\Folder C:\Qoobox\BackEnv not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot... |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 24 Nov 2013 21:43 Oggetto: |
|
|
apri otl e clicca su cleanup rimuoverai il tool insieme a combofix
da pannello di controllo >>> installazione applicazioni rimuovi le versioni di java che trovi, poi scarica l'ultima versione da qui e installala
disattiva il ripristino, riavvia e riattivalo creando un nuovo punto = > clicca
fai pulizia con ccleaner = > clicca
fammi sapere se il pc e' migliorato |
|
| Top |
|
|
Armageddonet
Eroe
Registrato: 14/11/13 21:03
Messaggi: 47
|
| Inviato: 08 Dic 2013 21:01 Oggetto: |
|
|
Dimenticavo di dire che se azione SuperAntiSpyware, mi vengono trovati oltre 200 minacce. Io pulisco con il programma dagli "invasori" ma se spengo e riaccendo il PC e faccio di nuovo un check con lo stesso programma, risaltano fuori tutti questi spyware o cosa siano... Non si possono debellare una volta x tutte ?
Grazie  |
|
| Top |
|
|
menatwork
Dio minore
Registrato: 07/10/11 16:58
Messaggi: 506
|
| Inviato: 08 Dic 2013 21:24 Oggetto: |
 |
|
prova a fare questa scansione, mi sembra strano dopo tutto quello che abbiamo rimosso
scarica RogueKiller e mettilo sul desktop
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita le pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, troverai il log sul desktop.
Postalo qui. |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
