Ecco i logs
ComboFix 08-10-25.01 - Cristiana 2008-10-26 20.01.25.1 -
FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.185 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Cristiana\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Cristiana\Dati applicazioni\FunWebProducts
C:\Documents and Settings\Cristiana\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\autorun.ini
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Creati Da 2008-09-26 al 2008-10-26 )))))))))))))))))))))))))))))))))))
.
2008-10-26 19:49 . 2008-10-26 19:49 <DIR> d-------- C:\Documents and Settings\Cristiana\Dati applicazioni\Windows Search
2008-10-25 18:04 . 2008-10-25 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-10-25 18:03 . 2008-10-25 18:03 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-10-25 16:53 . 2008-10-25 16:53 <DIR> d-------- C:\Programmi\Trend Micro
2008-10-25 16:48 . 2008-10-25 16:48 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-10-25 16:48 . 2008-10-25 16:48 <DIR> d-------- C:\Documents and Settings\Cristiana\Dati applicazioni\Windows Desktop Search
2008-10-25 16:47 . 2008-10-25 16:47 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-10-25 16:47 . 2008-10-25 16:47 <DIR> d-------- C:\Programmi\Windows Desktop Search
2008-10-25 16:47 . 2008-10-25 17:12 4,625 --a------ C:\WINDOWS\imsins.BAK
2008-10-25 16:46 . 2008-03-07 19:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-10-25 16:46 . 2008-03-07 19:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-10-25 16:46 . 2008-03-07 19:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-10-25 15:51 . 2008-10-15 18:36 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-20 20:28 . 2008-10-20 20:28 <DIR> d--hs---- C:\FOUND.007
2008-10-18 09:33 . 2008-10-18 09:33 <DIR> d--hs---- C:\FOUND.006
2008-10-18 09:12 . 2008-10-18 09:12 <DIR> d--hs---- C:\FOUND.005
2008-10-17 22:15 . 2008-10-17 22:14 2,745,808 --a------ C:\Programmi\WebfettiSetup2.3.50.22.ZKman000.exe
2008-10-17 22:04 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-17 22:02 . 2008-09-15 17:24 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-17 22:01 . 2008-08-14 15:22 2,192,896 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 22:01 . 2008-08-14 15:22 2,148,864 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 22:01 . 2008-08-14 15:22 2,069,760 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 22:01 . 2008-08-14 15:22 2,027,520 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 19:29 . 2008-10-15 19:29 <DIR> d--hs---- C:\FOUND.004
2008-10-06 22:20 . 2008-10-06 22:20 <DIR> d--hs---- C:\FOUND.003
2008-10-05 17:16 . 2008-10-05 17:16 <DIR> d--hs---- C:\FOUND.002
2008-10-05 10:56 . 2008-10-05 10:56 <DIR> d--hs---- C:\FOUND.001
2008-10-05 10:17 . 2008-10-05 10:17 8,840 --a------ C:\WINDOWS\SEC1146.PNF
2008-10-05 10:14 . 2008-10-05 10:14 <DIR> d-------- C:\WINDOWS\system32\it
2008-10-05 10:14 . 2008-10-05 10:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-05 10:14 . 2008-10-05 10:14 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-05 10:11 . 2008-10-05 10:11 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-05 10:09 . 2008-10-05 10:09 2,948 --a------ C:\WINDOWS\SEC16.PNF
2008-10-05 10:05 . 2008-10-05 10:05 <DIR> d-------- C:\WINDOWS\EHome
2008-09-30 23:15 . 2008-09-30 23:15 <DIR> d-------- C:\Programmi\Bonjour
2008-09-30 23:13 . 2008-09-30 23:13 <DIR> d-------- C:\Programmi\Apple Software Update
2008-09-30 22:54 . 2008-09-30 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-09-30 09:36 . 2008-09-30 09:36 <DIR> d--hs---- C:\FOUND.000
2008-09-28 23:13 . 2008-06-14 19:32 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-28 23:13 . 2008-06-14 19:32 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-28 23:12 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-28 23:11 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-28 16:32 . 2008-09-28 16:32 <DIR> d-------- C:\Documents and Settings\Cristiana\Dati applicazioni\skypePM
2008-09-28 16:32 . 2008-09-28 16:32 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-09-28 16:28 . 2008-09-28 16:28 <DIR> d-------- C:\Programmi\Skype
2008-09-28 16:28 . 2008-09-28 16:28 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-09-28 16:28 . 2008-09-28 16:28 <DIR> d-------- C:\Documents and Settings\Cristiana\Dati applicazioni\Skype
2008-09-28 16:28 . 2008-09-28 16:28 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-09-28 16:18 . 2008-09-28 16:18 <DIR> d-------- C:\Software
2008-09-28 16:15 . 2008-09-28 16:15 <DIR> d-------- C:\File di registro
2008-09-28 16:08 . 2008-09-28 16:08 <DIR> d-------- C:\Programmi\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:58 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 16:24 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-12 18:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-12 17:58 --------- d-----w C:\Documents and Settings\Cristiana\Dati applicazioni\Lavasoft
2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 09:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 09:57 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 09:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 09:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-23 06:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 06:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 14:22 2,192,896 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 14:22 2,069,760 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2007-11-15 09:01 102,912 ----a-w C:\Documents and Settings\Cristiana\Dati applicazioni\GDIPFONTCACHEV1.DAT
2005-12-23 13:00 24,192 ----a-w C:\Documents and Settings\Cristiana\usbsermptxp.sys
2005-12-23 13:00 22,768 ----a-w C:\Documents and Settings\Cristiana\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Packard Bell Data Secure"="C:\Programmi\Packard Bell Data Secure\PBDataSecure.exe" [2006-06-20 2361856]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" [2006-11-09 1634304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-12-11 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\Cristiana\\Documenti\\E-MULE\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
S3 USBCamera;DIGITAL CAMERA;C:\WINDOWS\system32\Drivers\Bulk533.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03652cc4-20ff-11da-8e2b-00c09fab378b}]
\Shell\auto\command - Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - Knight.exe open
\Shell\find\command - Knight.exe open
\Shell\install\command - Knight.exe open
\Shell\open\command - Knight.exe open
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e88dbcc8-80ef-11dd-9489-00c09fab378b}]
\Shell\AutoRun\command - G:\.\run\autorun.exe
\Shell\open\Command - G:\.\run\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'
2008-10-23 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE []
2008-10-26 C:\WINDOWS\Tasks\Packard Bell Data Secure for Cristiana.job
- C:\Programmi\Packard Bell Data Secure\DSMsg.exe [2006-04-13 14:50]
2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - C:\Documents and Settings\Cristiana\Dati applicazioni\Mozilla\Firefox\Profiles\j2gmd8b6.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://it.start.mozilla.com/firefox?cli ... t:official.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-26 20:05:16
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
------------------------ Altri processi in esecuzione ------------------------
.
C:\PROGRAMMI\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\WINDOWS\SYSTEM32\WGATRAY.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAMMI\FILE COMUNI\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAMMI\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-10-26 20:08:33 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2008-10-26 19:08:26
Pre-Run: 17.387.569.152 byte disponibili
Post-Run: 17,378,885,632 byte disponibili
WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
208 --- E O F --- 2008-10-25 14:05:17
------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.30
Versione del database: 1324
Windows 5.1.2600 Service Pack 3
26/10/2008 21.03.16
mbam-log-2008-10-26 (21-03-16).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 93600
Tempo trascorso: 23 minute(s), 16 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 153
Valori di registro infetti: 4
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{16c7013f-912e-42ac-aa8e-a10a180dff51} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{50a7e9b0-70ef-11d1-b75a-00a0c90564fe} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0751c551-7568-41c9-8e5b-e22e38919236} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{177160ca-bb5a-411c-841d-bd38facdeaa0} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{18bcc359-4990-4bfb-b951-3c83702be5f9} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1d2efd50-75ce-11d1-b75a-00a0c90564fe} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2d91eea1-9932-11d2-be86-00a0c9a83da1} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{317ee249-f12e-11d2-b1e4-00c04f8eeb3e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{31c147b6-0ade-4a3c-b514-ddf932ef6d17} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4a3df050-23bd-11d2-939f-00a0c91eedba} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60890160-69f0-11d1-b758-00a0c90564fe} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{62112aa2-ebe4-11cf-a5fb-0020afe7292d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{744129e0-cbe5-11ce-8350-444553540000} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{88a05c00-f000-11ce-8350-444553540000} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9ba05970-f6a8-11cf-a442-00a0c90a8f39} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a4c6892c-3ba9-11d2-9dea-00c04fb16162} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a7ae5f64-c4d7-4d7f-9307-4d24ee54b841} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b30f7305-5967-45d1-b7bc-d6eb7163d770} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcbde60-c3ff-11ce-8350-444553540000} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c94f0ad0-f363-11d2-a327-00c04f8eec7f} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8f015c0-c278-11ce-a49e-444553540000} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e7a1af80-4d96-11cf-960c-0080c7f4ee85} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eaa7c309-bbec-49d5-821d-64d966cb667f} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{edc817aa-92b8-11d1-b075-00c04fc33aa5} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{efd84b2d-4bcf-4298-be25-eb542a59fbda} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2d8ef-3890-11d2-bf8b-00c04fb93661} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0010890e-8789-413c-adbc-48f5b511b3af} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0010890e-8789-413c-adbc-48f5b511b3af} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00eebf57-477d-4084-9921-7ab3c2c9459d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01e2e7c0-2343-407f-b947-7e132e791d3e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{021003e9-aac0-4975-979f-14b5d4e717f8} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09799afb-ad67-11d1-abcd-00c04fc30936} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0afaced1-e828-11d1-9187-b532f1e9575d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0d2e74c4-3c34-11d2-a27e-00c04fc30871} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e5cbf21-d15f-11d0-8301-00aa005b4383} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{111dcced-3b96-4170-a076-681669ed1512} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{12518493-00b2-11d2-9fa5-9e3420524153} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{13709620-c279-11ce-a49e-444553540000} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1820fed0-473e-11d0-a96c-00c04fd705a2} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1ebdcf80-a200-11d0-a3a4-00c04fd706ec} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{208d2c60-3aea-1069-a2d7-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20b1cb23-6968-4eb9-b7d4-a66d00d07cee} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20d04fe0-3aea-1069-a2d8-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21b22460-3aea-1069-a2dc-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24f14f01-7b1c-11d1-838f-0000f80461cf} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24f14f02-7b1c-11d1-838f-0000f80461cf} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25585dc7-4da0-438d-ad04-e42c8d2d64b9} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{26fdc864-be88-46e7-9235-032d8ea5162e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3bb4118f-ddfd-4d30-a348-9fb5d6bf1afe} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f454f0e-42ae-4d7c-8ea3-328250d6e272} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f6953f0-5359-47fc-bd99-9f2cb95a62fd} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fc0b520-68a9-11d0-8d77-00c04fd70822} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4622ad11-ff23-11d0-8d34-00a0c90f2719} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4657278a-411b-11d2-839a-00c04fd918d0} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53c74826-ab99-4d33-aca4-3117f51d3788} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{55d7b852-f6d1-42f2-aa75-8728a1b2d264} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{57651662-ce3e-11d0-8d77-00c04fc99d61} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5b4dae26-b807-11d0-9815-00c04fd91972} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5f5295e0-429f-1069-a2e2-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{62112aa1-ebe4-11cf-a5fb-0020afe7292d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63b51f81-c868-11d0-999c-00c04fd655e1} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{66742402-f9b9-11d1-a202-0000f81fedee} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67331d85-be17-42f6-8d3f-47b8e8b26637} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{679d9e37-f8f9-11d2-8deb-00c04f6837d5} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b831e4f-a50d-45fc-842f-16ce27595359} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6cf8e98c-5dd4-42a2-a948-bfe4ca1dc3eb} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d5313c0-8c62-11d1-b2cd-006097df8c11} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72267f6a-a6f9-11d0-bc94-00c04fb67863} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{72eb61e0-8672-4303-9175-f2e4c68b2e7c} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{733ac4cb-f1a4-11d0-b951-00a0c90312e1} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7487cd30-f71a-11d0-9ea7-00805f714772} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{75048700-ef1f-11d0-9888-006097deacf9} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ba4c740-9e81-11cf-99d3-00aa004ae837} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7eb5fbe4-2100-49e6-8593-17e130122f91} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7febaf7c-18cf-11d2-993f-00a0c91f3880} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8278f931-2a3e-11d2-838f-00c04fd918d0} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84720068-f106-4b58-a4c6-189382ab39bd} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86422020-42a0-1069-a2e5-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{864a1288-354c-4d19-9d68-c2742bb14997} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86747ac0-42a0-1069-a2e6-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86c86720-42a0-1069-a2e8-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e827c11-33e7-4bc1-b242-8cd9a1c2b304} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{94357b53-ca29-4b78-83ae-e8fe7409134f} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95ce8412-7027-11d1-b879-006008059382} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ba05971-f6a8-11cf-a442-00a0c90a8f39} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a07034fd-6caa-4954-ac3f-97a27216f98a} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a470f8cf-a1e8-4f65-8335-227475aa5c46} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aabe54d4-6e88-4c46-a6b3-1df790dd6e0d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b005e690-678d-11d1-b758-00a0c90564fe} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b091e540-83e3-11cf-a713-0020afd79762} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b0a8f3cf-4333-4bab-8873-1ccb1cada48b} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2f2e083-84fe-4a7e-80c3-4b50d10d646e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b5607793-24ac-44c7-82e2-831726aa6cb7} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bab33640-1280-11d2-aa30-00a0c91eedba} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2fbb630-2971-11d1-a18c-00c04fd75d13} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2fbb631-2971-11d1-a18c-00c04fd75d13} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c827f149-55c1-4d28-935e-57e47caed973} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d82be2b0-5764-11d0-a96e-00c04fd705a2} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d912f8cf-0396-4915-884e-fb425d32943b} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d969a300-e7ff-11d0-a93b-00a0c90f2719} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e13ef4e4-d2f2-11d0-9816-00c04fd91972} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1618f52-bf15-484a-86d2-183400e66a2b} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e773f1af-3a65-4866-857d-846fc9c4598a} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecd4fc4f-521c-11d0-b792-00a0c90312e1} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f3364ba0-65b9-11ce-a9ba-00aa004ae837} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f46316e4-fb1b-46eb-aedf-9520bfbb916a} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f83cbf45-1c37-4ca1-a78a-28bcb91642ec} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fbf23b41-e3f0-101b-8488-00aa003e56f8} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fef10ded-355e-4e06-9381-9b24d7f7cc88} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fef10fa2-355e-4e06-9381-9b24d7f7cc88} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00021400-0000-0000-c000-000000000046} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-c000-000000000046} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{217fc9c0-3aea-1069-a2db-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{21ec2020-3aea-1069-a2dd-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2227a280-3aea-1069-a2de-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3da165b6-cc41-11d2-bdc6-00c04f79ec6b} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{61e218e0-65d3-101b-9f08-061ceac3d50d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645ff040-5081-101b-9f08-00aa002f954e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645ff040-5081-101b-9f08-00aa002f954e} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86f19a00-42a0-1069-a2e9-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86f19a00-42a0-1069-a2eb-08002b30309d} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8d8763ab-e93b-4812-964e-f04e0008fd50} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aeb6717e-7e19-11d0-97ee-00c04fd91972} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Backdoor check (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e5cbf21-d15f-11d0-8301-00aa005b4383} (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\postbootreminder (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\cdburn (Search.Hijacker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aeb6717e-7e19-11d0-97ee-00c04fd91972} (Search.Hijacker) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
-------------------------------------------------------------------------------------------------------------------------------------------
grazie ancora