RIMOZIONE www.searchnu.com/410 URGENTE AIUTO!

[aleanguz]

Disattiva il Ripristino di Sistema ancora una volta, seguendo il mio precedente post.
Quindi, riavvia il sistema, esegui una scansione con avira, e allega il report.

questo è il report di avira, ha trovato quegli oggetti che ti dicevo (li ho evidenziati in grassetto ) ma non sapendo cosa fare non li ho eliminati ancora. dimmi tu di che si tratta e se posso eliminarli o tenerli in quarantena.

Avira Free Antivirus
Data del file di report: lunedì 23 aprile 2012 13:50

Ricerca di 3672970 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows XP
Versione di Windows : (Service Pack 3) [5.1.2600]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : SYSTEM
Nome computer : UTENTE-DEE3957F

Informazioni sulla versione:
BUILD.DAT : 12.0.0.157 41963 Bytes 03/02/2012 18:36:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 15/02/2012 14:23:48
AVSCAN.DLL : 12.1.0.18 63440 Bytes 15/02/2012 14:23:48
LUKE.DLL : 12.1.0.19 68304 Bytes 15/02/2012 14:23:48
AVSCPLR.DLL : 12.1.0.22 100048 Bytes 15/02/2012 14:23:48
AVREG.DLL : 12.1.0.36 229128 Bytes 05/04/2012 18:35:48
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 23:37:03
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 17:08:26
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 11:38:22
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 17:50:08
VBASE005.VDF : 7.11.26.45 2048 Bytes 28/03/2012 17:50:08
VBASE006.VDF : 7.11.26.46 2048 Bytes 28/03/2012 17:50:08
VBASE007.VDF : 7.11.26.47 2048 Bytes 28/03/2012 17:50:08
VBASE008.VDF : 7.11.26.48 2048 Bytes 28/03/2012 17:50:09
VBASE009.VDF : 7.11.26.49 2048 Bytes 28/03/2012 17:50:10
VBASE010.VDF : 7.11.26.50 2048 Bytes 28/03/2012 17:50:10
VBASE011.VDF : 7.11.26.51 2048 Bytes 28/03/2012 17:50:10
VBASE012.VDF : 7.11.26.52 2048 Bytes 28/03/2012 17:50:10
VBASE013.VDF : 7.11.26.53 2048 Bytes 28/03/2012 17:50:10
VBASE014.VDF : 7.11.26.107 221696 Bytes 30/03/2012 09:10:11
VBASE015.VDF : 7.11.26.179 224768 Bytes 02/04/2012 16:13:40
VBASE016.VDF : 7.11.26.241 142336 Bytes 04/04/2012 18:10:49
VBASE017.VDF : 7.11.27.41 247808 Bytes 08/04/2012 17:07:40
VBASE018.VDF : 7.11.27.107 161280 Bytes 12/04/2012 17:52:05
VBASE019.VDF : 7.11.27.159 148992 Bytes 13/04/2012 10:07:10
VBASE020.VDF : 7.11.27.201 207360 Bytes 17/04/2012 10:53:06
VBASE021.VDF : 7.11.28.3 237568 Bytes 19/04/2012 10:53:21
VBASE022.VDF : 7.11.28.49 193536 Bytes 20/04/2012 10:53:03
VBASE023.VDF : 7.11.28.50 2048 Bytes 20/04/2012 10:53:03
VBASE024.VDF : 7.11.28.51 2048 Bytes 20/04/2012 10:53:03
VBASE025.VDF : 7.11.28.52 2048 Bytes 20/04/2012 10:53:03
VBASE026.VDF : 7.11.28.53 2048 Bytes 20/04/2012 10:53:03
VBASE027.VDF : 7.11.28.54 2048 Bytes 20/04/2012 10:53:04
VBASE028.VDF : 7.11.28.55 2048 Bytes 20/04/2012 10:53:04
VBASE029.VDF : 7.11.28.56 2048 Bytes 20/04/2012 10:53:04
VBASE030.VDF : 7.11.28.57 2048 Bytes 20/04/2012 10:53:04
VBASE031.VDF : 7.11.28.86 67072 Bytes 23/04/2012 11:48:56
Motore : 8.2.10.52
AEVDF.DLL : 8.1.2.2 106868 Bytes 16/12/2011 08:51:11
AESCRIPT.DLL : 8.1.4.17 446842 Bytes 20/04/2012 10:54:49
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 19:14:31
AESBX.DLL : 8.2.5.5 606579 Bytes 12/03/2012 12:02:06
AERDL.DLL : 8.1.9.15 639348 Bytes 14/12/2011 23:36:18
AEPACK.DLL : 8.2.16.9 807287 Bytes 31/03/2012 09:11:47
AEOFFICE.DLL : 8.1.2.27 201082 Bytes 04/04/2012 18:12:45
AEHEUR.DLL : 8.1.4.19 4673910 Bytes 20/04/2012 10:54:40
AEHELP.DLL : 8.1.19.1 254327 Bytes 02/04/2012 16:13:48
AEGEN.DLL : 8.1.5.27 422261 Bytes 20/04/2012 10:53:15
AEEXP.DLL : 8.1.0.29 82293 Bytes 14/04/2012 10:07:21
AEEMU.DLL : 8.1.3.0 393589 Bytes 14/12/2011 23:36:14
AECORE.DLL : 8.1.25.6 201078 Bytes 15/03/2012 14:51:18
AEBB.DLL : 8.1.1.0 53618 Bytes 14/12/2011 23:36:14
AVWINLL.DLL : 12.1.0.17 27344 Bytes 16/12/2011 08:51:16
AVPREF.DLL : 12.1.0.17 51920 Bytes 16/12/2011 08:51:13
AVREP.DLL : 12.1.0.17 179408 Bytes 16/12/2011 08:51:13
AVARKT.DLL : 12.1.0.23 209360 Bytes 15/02/2012 14:23:48
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 16/12/2011 08:51:12
SQLITE3.DLL : 3.7.0.0 398288 Bytes 16/12/2011 08:51:24
AVSMTP.DLL : 12.1.0.17 62928 Bytes 16/12/2011 08:51:14
NETNT.DLL : 12.1.0.17 17104 Bytes 16/12/2011 08:51:22
RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 14/12/2011 23:37:27
RCTEXT.DLL : 12.1.1.16 98768 Bytes 16/12/2011 08:51:31

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: Scansione completa del sistema
File di configurazione......................: c:\programmi\avira\antivir desktop\sysscan.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Attivo
Processo esteso di scansione................: Attivo
Scansiona la registrazione..................: Attivo
Cerca Rootkits..............................: Attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Macro euristico.............................: Attivo
File euristico..............................: avanzato
Categorie irregolari delle minacce..........: +JOKE,+PFS,

Avvio della scansione: lunedì 23 aprile 2012 13:50

Avvio della scansione dei record master di avvio:
Record master di avvio dell'Hard Disk 0
[INFO] Nessun virus è stato trovato!

Avvio della scansione dei record di avvio:
Record di avvio 'C:\'
[INFO] Nessun virus è stato trovato!

La scansione dei processi in esecuzione verrà avviata:
Scansione processo 'msdtc.exe' - '42' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '65' modulo(i) scansionato(i)
Scansione processo 'dllhost.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'vssvc.exe' - '50' modulo(i) scansionato(i)
Scansione processo 'avscan.exe' - '70' modulo(i) scansionato(i)
Scansione processo 'avcenter.exe' - '71' modulo(i) scansionato(i)
Scansione processo 'firefox.exe' - '109' modulo(i) scansionato(i)
Scansione processo 'alg.exe' - '35' modulo(i) scansionato(i)
Scansione processo 'wmiapsrv.exe' - '47' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '38' modulo(i) scansionato(i)
Scansione processo 'avshadow.exe' - '28' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '41' modulo(i) scansionato(i)
Scansione processo 'daemonu.exe' - '35' modulo(i) scansionato(i)
Scansione processo 'mflmma.exe' - '13' modulo(i) scansionato(i)
Scansione processo 'NASvc.exe' - '34' modulo(i) scansionato(i)
Scansione processo 'mflmwin.exe' - '22' modulo(i) scansionato(i)
Scansione processo 'jqs.exe' - '102' modulo(i) scansionato(i)
Scansione processo 'fsproflt.exe' - '13' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '36' modulo(i) scansionato(i)
Scansione processo 'mDNSResponder.exe' - '31' modulo(i) scansionato(i)
Scansione processo 'AppleMobileDeviceService.exe' - '62' modulo(i) scansionato(i)
Scansione processo 'avguard.exe' - '64' modulo(i) scansionato(i)
Scansione processo 'NetworkLicenseServer.exe' - '32' modulo(i) scansionato(i)
Scansione processo 'TosBtHsp.exe' - '34' modulo(i) scansionato(i)
Scansione processo 'TosA2dp.exe' - '29' modulo(i) scansionato(i)
Scansione processo 'TosBtMng.exe' - '40' modulo(i) scansionato(i)
Scansione processo 'avgnt.exe' - '72' modulo(i) scansionato(i)
Scansione processo 'cfp.exe' - '77' modulo(i) scansionato(i)
Scansione processo 'Explorer.EXE' - '102' modulo(i) scansionato(i)
Scansione processo 'sched.exe' - '40' modulo(i) scansionato(i)
Scansione processo 'spoolsv.exe' - '65' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '34' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '33' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '164' modulo(i) scansionato(i)
Scansione processo 'cmdagent.exe' - '80' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '43' modulo(i) scansionato(i)
Scansione processo 'svchost.exe' - '53' modulo(i) scansionato(i)
Scansione processo 'lsass.exe' - '53' modulo(i) scansionato(i)
Scansione processo 'services.exe' - '29' modulo(i) scansionato(i)
Scansione processo 'winlogon.exe' - '71' modulo(i) scansionato(i)
Scansione processo 'csrss.exe' - '13' modulo(i) scansionato(i)
Scansione processo 'smss.exe' - '2' modulo(i) scansionato(i)

Avvio della scansione dei file eseguibili (registro):
Il registro è stato scansionato ( 1079 file ).


Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\System Volume Information\_restore{B6FA9473-3B8E-4CC6-B8E1-39BE498544AA}(2)\RP396\A0230277.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Hupigon.212055
C:\System Volume Information\_restore{B6FA9473-3B8E-4CC6-B8E1-39BE498544AA}(2)\RP396\A0230278.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Hupigon.212055

Avvio della disinfezione:
C:\System Volume Information\_restore{B6FA9473-3B8E-4CC6-B8E1-39BE498544AA}(2)\RP396\A0230278.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Hupigon.212055
[AVVISO] Il file è stato ignorato.
C:\System Volume Information\_restore{B6FA9473-3B8E-4CC6-B8E1-39BE498544AA}(2)\RP396\A0230277.exe
[RILEVAMENTO] Contiene il modello di rilevamento del Dropper DR/Hupigon.212055
[AVVISO] Il file è stato ignorato.


Fine della scansione: lunedì 23 aprile 2012 15:27
Tempo impiegato: 1:24:38 Ora(e)

La scansione è stata completamente eseguita.

21409 Directory scansionate
411914 I file sono stati scansionati
2 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
0 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
411912 File non infetti
3552 Archivi scansionati
2 Avvisi
4733 Note
632854 Oggetti scansionati durante la scansione dei rootkit
4733 Sono stati rilevati oggetti nascosti

[FrancescoFDAC]

Eliminali, e ripeti la scansione.

[aleanguz]

Eliminali, e ripeti la scansione.

le minacce si trovano in System Volume Information che disattivando il ripristino conf. di sistema, scompare dalla cartella del disco. ho letto che disattivando il r.c. di sistema la cartella viene svuotata, è corretto? difatti la scansione non ha rilevato nulla per ora (sta al 90%)

[FrancescoFDAC]

si, è normale.
Attendi il termine della scansione, e vedi se rileva le solite infezioni.

[aleanguz]

si, è normale.
Attendi il termine della scansione, e vedi se rileva le solite infezioni.

si le ho eliminate e nella quarantena ho trovato queste vecchie infezioni:

JOKE/Shock.B
W32/Induc.A
JS/Infected.A
HTML/Infected.WebPage.Gen2

le elimino?

[FrancescoFDAC]

Eliminale, certamente.

Ma mi spieghi perchè, ad ogni scansione che fai, Avira ti trova delle nuove infezioni?

[aleanguz]

Eliminale, certamente.

Ma mi spieghi perchè, ad ogni scansione che fai, Avira ti trova delle nuove infezioni?

No queste erano nella quarantena da mesi, le avevo lasciate li xk nn sapevo se era sicuro eliminarle definitivamente

[aleanguz]

Eliminale, certamente.

Ma mi spieghi perchè, ad ogni scansione che fai, Avira ti trova delle nuove infezioni?

No queste erano nella quarantena da mesi, le avevo lasciate li xk nn sapevo se era sicuro eliminarle definitivamente

in ogni caso ora il pc dovrebbe essere pulito, dimmi solo il ripristino conf di sistema deve essere attivo o disattivato?
per quel problema del pc che si blocca nn suggerisci nulla?

[FrancescoFDAC]

Il PC è pulito, e il ripristino puoi attivarlo.
Ciao!

[aleanguz]

Il PC è pulito, e il ripristino puoi attivarlo.
Ciao!

Grazie mille! Ciao

[aleanguz]

Il PC è pulito, e il ripristino puoi attivarlo.
Ciao!

Grazie mille! Ciao

ascolta ne approfitto di già che siamo in questa discussione..ho avira free antivirus sul mio pc, ho letto che sarebbe meglio installare un buon firewall..cosa mi consigli??
anzi ora ora volevo provare a installare avast..tu che dici??

[alessio82]

si è verificato lo stesso problema. Ho lanciato combo fix e ora quest è il log. Potreste aiutarmi cortesemente

ComboFix 12-10-23.02 - Alessio 24/10/2012 14:31:17.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1033.18.8089.6319 [GMT 2:00]
Eseguito da: c:\users\Alessio\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\appAPIinternalWrapper.js
c:\program files (x86)\I Want This\fb.js
c:\program files (x86)\I Want This\I Want This.dll
c:\program files (x86)\I Want This\I Want This.exe
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisGui.exe
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\I Want This\jquery.js
c:\program files (x86)\I Want This\json.js
c:\program files (x86)\I Want This\Uninstall.exe
c:\users\Alessio\AppData\Local\I Want This
c:\users\Alessio\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\{34A10C7C-68A0-403C-A726-700BABCB0847}.xps
c:\users\Alessio\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3DF69B7C-1931-4551-8A0E-345A6540464B}.xps
c:\windows\SysWow64\instsrv.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-24 al 2012-10-24 )))))))))))))))))))))))))))))))))))
.
.
2012-10-24 12:37 . 2012-10-24 12:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-23 14:29 . 2012-10-24 08:04 -------- d-----w- c:\programdata\boost_interprocess
2012-10-23 14:29 . 2012-10-23 14:29 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2012-10-23 14:26 . 2012-10-23 14:30 -------- d-----w- c:\program files (x86)\Free mp3 Wma Converter
2012-10-23 08:19 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFF1889C-3C9C-42BF-B11A-91EB000B5AFB}\mpengine.dll
2012-10-22 06:00 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-22 06:00 . 2012-10-22 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-22 06:00 . 2012-10-22 06:00 -------- d-----w- c:\program files\iTunes
2012-10-22 06:00 . 2012-10-22 06:00 -------- d-----w- c:\program files (x86)\iTunes
2012-10-22 06:00 . 2012-10-22 06:00 -------- d-----w- c:\program files\iPod
2012-10-11 13:22 . 2012-10-11 13:22 -------- d-----w- c:\users\Alessio\AppData\Local\Garmin
2012-10-11 12:04 . 2012-10-11 12:04 -------- d-----w- c:\users\Alessio\AppData\Roaming\Garmin
2012-10-11 12:03 . 2012-10-11 12:04 -------- d-----w- c:\program files (x86)\Garmin
2012-10-10 08:22 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 08:22 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 08:22 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 08:22 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 08:21 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 08:21 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 08:21 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 08:21 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 08:21 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 08:21 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 08:21 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 08:21 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 08:21 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 08:21 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-03 08:10 . 2012-10-03 08:10 -------- d-----w- c:\windows\system32\appmgmt
2012-09-26 07:44 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-25 10:22 . 2012-08-24 11:23 754824 ----a-w- c:\program files\Internet Explorer\iexplore.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 08:27 . 2011-11-21 16:41 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 10:51 . 2012-05-08 07:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 10:51 . 2011-09-20 14:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-22 18:12 . 2012-09-12 09:08 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 09:08 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 09:08 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 09:08 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 11:01 . 2012-01-13 15:13 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-01-13 15:13 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 08:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 09:08 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 09:08 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-03-25 12:53 413568 ----a-w- c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
2012-10-09 23:29 89288 ----a-w- c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}"= "c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-10-09 89288]
.
[HKEY_CLASSES_ROOT\clsid\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 1136928]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2011-1-20 1552240]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2011-9-20 50688]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\DRIVERS\libusb0.sys [2009-07-07 32256]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-16 115168]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-21 168448]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys [2011-01-03 72808]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-21 22528]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2011-07-15 22128]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\ATService.exe [2010-05-10 2683712]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-06-29 158720]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2011-01-20 517488]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-07-02 612320]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472]
S2 O2SDIOAssist;O2SDIOAssist;c:\windows\SysWOW64\srvany.exe [2003-04-19 8192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-03 2656280]
S2 Wave Authentication Manager Service;Wave Authentication Manager Service;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-07-01 1600000]
S2 ZcfgSvc7;Intel(R) PROSet/Wireless ZeroConfig Service;c:\program files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2011-07-22 27760]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-09-20 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-20 39464]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 172960]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7x64.sys [2011-01-03 74984]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7x64.sys [2011-03-23 83560]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 10:51]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541213241-3891097245-648926253-1000Core.job
- c:\users\Alessio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 11:20]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1541213241-3891097245-648926253-1000UA.job
- c:\users\Alessio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-21 11:20]
.
2012-10-23 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2012-07-02 13:47]
.
2012-10-24 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2012-07-02 13:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-05-27 22:46 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-05 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-28 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-28 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-28 416024]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-23 1934608]
"TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-05-27 257392]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2011-03-08 227328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll c:\windows\System32\acaptuser64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchnu.com/410
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.200.1
TCP: Interfaces\{A2AF70AE-A437-457B-8C75-286F49F84723}: NameServer = 8.8.8.8,4.4.8.8
TCP: Interfaces\{A2AF70AE-A437-457B-8C75-286F49F84723}\4554348454447454F5550393: NameServer = 8.8.8.8,4.4.8.8
TCP: Interfaces\{A2AF70AE-A437-457B-8C75-286F49F84723}\455636865446765613: NameServer = 8.8.8.8,4.4.8.8
TCP: Interfaces\{A2AF70AE-A437-457B-8C75-286F49F84723}\455636865446765623: NameServer = 8.8.8.8,4.4.8.8
TCP: Interfaces\{A2AF70AE-A437-457B-8C75-286F49F84723}\E4544574541425: NameServer = 8.8.8.8,4.4.8.8
FF - ProfilePath - c:\users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\7zdc12m1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WinZipBar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/410
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... PN10649&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-05 09:50; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2012-10-23 16:29; {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}; c:\users\Alessio\AppData\Roaming\Mozilla\Firefox\Profiles\7zdc12m1.default\extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
FF - ExtSQL: 2012-10-23 16:29; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension
FF - ExtSQL: !HIDDEN! 2012-10-23 16:29; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109986&tt=100512_3_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e0dfdee70000000000003859f9d9be13
FF - user.js: extensions.BabylonToolbar_i.hardId - e0dfdee70000000000003859f9d9be13
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15475
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - (no file)
BHO-{11111111-1111-1111-1111-110011221158} - c:\program files (x86)\I Want This\I Want This.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\rundll32.exe
c:\windows\sysWOW64\SDIOAssist.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-24 14:42:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-24 12:42
.
Pre-Run: 211.363.700.736 bytes free
Post-Run: 212.005.597.184 bytes free
.
- - End Of File - - BF7AD47097F75E8FE0485BA21EF3D03A

[FrancescoFDAC]

Apri una nuova discussione.