Home News Guide Hardware Download Forum Glossario

Condividi:        

maledette pagine pubblicitarie!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

maledette pagine pubblicitarie!!

Postdi Marco.Erre » 31/12/12 20:31

Buonasera anche io ho lo stesso problema,si aprono pagine pubblicitarie all'improvviso...
allego i log.Grazie dell'aiuto.

ComboFix 12-12-30.01 - MARCO 31/12/2012 15:52:46.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.1013.436 [GMT 1:00]
Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MARCO\AppData\Local\{4F43B7A5-40BC-4D19-8623-6E9EA8F7AB3D}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-28 al 2012-12-31 )))))))))))))))))))))))))))))))))))
.
.
2012-12-31 15:09 . 2012-12-31 15:10 -------- d-----w- c:\users\MARCO\AppData\Local\temp
2012-12-31 15:09 . 2012-12-31 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-31 14:15 . 2012-12-31 14:15 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A312D2D-AA58-4BCA-AB48-54016851CA0B}\offreg.dll
2012-12-31 01:33 . 2012-12-31 13:21 -------- d-----w- c:\program files\JDownloader
2012-12-31 01:20 . 2012-12-31 01:22 -------- d-----w- c:\programdata\SweetIM
2012-12-31 01:20 . 2012-12-31 01:22 -------- d-----w- c:\program files\SweetIM
2012-12-30 17:53 . 2012-12-30 17:53 100864 ----a-w- C:\fwloypog.sys
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\users\MARCO\AppData\Local\DownTango
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\program files\Red Sky
2012-12-28 12:53 . 2012-12-28 12:53 -------- d-----w- c:\users\MARCO\AppData\Roaming\Malwarebytes
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 12:51 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 12:51 . 2012-12-28 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\users\MARCO\AppData\Local\Programs
2012-12-27 15:02 . 2012-12-28 01:22 -------- d-----w- c:\users\MARCO\AppData\Roaming\PDFCreatorPackages
2012-12-27 15:01 . 2012-12-27 15:01 -------- d-----w- c:\program files\GPLGS
2012-12-27 15:01 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-12-27 15:00 . 2012-12-28 01:18 -------- d-----w- c:\program files\PDFCreator
2012-12-22 22:13 . 2012-12-22 22:13 -------- d-----w- c:\users\MARCO\AppData\Roaming\Leadertech
2012-12-22 22:13 . 2012-12-22 22:13 53248 ----a-r- c:\users\MARCO\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-22 22:12 . 2012-12-22 22:12 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-22 22:10 . 2012-12-22 22:10 -------- d-----w- c:\programdata\Logitech
2012-12-22 22:09 . 2012-12-22 22:16 -------- d-----w- c:\programdata\Logishrd
2012-12-22 22:09 . 2012-12-22 22:09 -------- d-----w- c:\program files\Logitech
2012-12-22 22:03 . 2012-12-22 22:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-12-22 22:01 . 2012-12-22 22:15 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logitech
2012-12-22 22:01 . 2012-12-22 22:03 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logishrd
2012-12-21 19:48 . 2012-12-21 19:48 -------- d-----w- c:\windows\it
2012-12-21 14:41 . 2012-12-21 21:51 -------- d-----w- c:\windows\system32\Adobe
2012-12-21 12:44 . 2012-12-21 12:44 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-21 12:44 . 2012-12-21 19:36 -------- d-----w- c:\program files\Windows Live
2012-12-21 12:41 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-21 12:41 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-21 12:41 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-21 12:41 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-12-21 12:31 . 2012-12-21 12:31 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DSETUP.dll
2012-12-21 12:31 . 2012-12-21 12:31 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DXSETUP.exe
2012-12-21 12:31 . 2012-12-21 12:31 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\dsetup32.dll
2012-12-21 12:30 . 2012-12-21 12:30 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DSETUP.dll
2012-12-21 12:30 . 2012-12-21 12:30 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DXSETUP.exe
2012-12-21 12:30 . 2012-12-21 12:30 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\dsetup32.dll
2012-12-21 12:29 . 2012-12-21 12:29 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DXSETUP.exe
2012-12-21 12:29 . 2012-12-21 12:29 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DSETUP.dll
2012-12-21 12:29 . 2012-12-21 12:29 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\dsetup32.dll
2012-12-21 11:14 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-21 11:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-12-21 11:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-12-21 11:11 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-12-21 03:18 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 03:18 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:59 . 2012-12-21 02:59 -------- d-----w- c:\windows\system32\RTCOM
2012-12-21 02:57 . 2012-12-21 02:57 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-21 02:57 . 2012-12-21 02:57 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-21 02:50 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\users\MARCO\AppData\Roaming\InstallShield
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\programdata\Atheros
2012-12-21 02:42 . 2012-12-21 02:55 -------- d-----w- c:\program files\Intel
2012-12-21 02:42 . 2012-01-16 10:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-12-21 02:32 . 2005-01-12 10:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2012-12-21 02:32 . 2004-09-28 10:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2012-12-21 02:32 . 2004-08-11 14:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2012-12-21 02:32 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2012-12-21 02:32 . 2004-03-08 23:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2012-12-21 02:32 . 2004-03-08 23:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2012-12-21 02:32 . 2004-03-08 23:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-12-21 02:32 . 2012-12-21 02:34 -------- d-----w- c:\program files\Driver Magician
2012-12-21 00:02 . 2012-12-30 20:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-21 00:02 . 2012-12-21 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-20 11:56 . 2012-12-20 11:56 -------- d-----w- c:\users\MARCO\AppData\Local\PowerOffer
2012-12-20 11:56 . 2012-12-21 03:05 -------- d-----w- c:\users\MARCO\AppData\Local\ServUpdater
2012-12-20 11:56 . 2012-12-20 12:00 -------- d-----w- c:\users\MARCO\AppData\Local\PosService
2012-12-20 04:40 . 2012-12-20 11:57 -------- d-----w- c:\users\MARCO\AppData\Local\SoftwareUpdater
2012-12-20 04:40 . 2012-12-20 04:40 -------- d-----w- c:\users\MARCO\AppData\Roaming\Sibelius Software
2012-12-20 04:31 . 2012-12-20 04:31 -------- d-----w- c:\program files\Sibelius Software
2012-12-16 13:33 . 2012-12-16 13:33 -------- d-----w- c:\program files\uTorrent
2012-12-16 13:31 . 2012-12-31 14:43 -------- d-----w- c:\users\MARCO\AppData\Roaming\uTorrent
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 19:49 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 19:49 . 2012-10-04 16:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 19:49 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 19:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 19:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 02:52 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-11 02:52 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-11 02:52 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-11 02:52 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-11 02:52 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-11 02:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-09 17:15 . 2012-12-09 17:15 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-12-05 04:53 . 2012-12-05 04:53 -------- d-----w- c:\users\MARCO\AppData\Roaming\AVG2013
2012-12-05 04:48 . 2012-12-05 04:51 -------- d-----w- c:\programdata\AVG2013
2012-12-05 04:46 . 2012-12-05 04:46 -------- d-----w- c:\program files\AVG
2012-12-05 04:43 . 2012-12-31 12:00 -------- d-----w- c:\programdata\MFAData
2012-12-05 04:43 . 2012-12-21 00:46 -------- d-----w- c:\users\MARCO\AppData\Local\Avg2013
2012-12-05 04:43 . 2012-12-05 04:43 -------- d-----w- c:\users\MARCO\AppData\Local\MFAData
2012-12-05 04:35 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A312D2D-AA58-4BCA-AB48-54016851CA0B}\mpengine.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin7.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin6.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin5.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin4.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin3.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin2.dll
2012-12-04 22:46 . 2012-12-04 22:46 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin.dll
2012-12-04 22:44 . 2012-12-04 22:46 -------- d-----w- c:\program files\QuickTime
2012-12-04 22:44 . 2012-12-04 22:44 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:27 . 2012-08-29 20:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 01:27 . 2012-08-29 20:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-16 07:39 . 2012-11-28 10:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-09 17:40 . 2012-11-14 09:28 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:28 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-05 18:07 . 2012-10-05 18:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 18:07 . 2012-10-05 18:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 02:32 . 2012-10-05 02:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-10-03 16:58 . 2012-11-14 09:29 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-14 09:29 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-14 09:29 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-14 09:29 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 09:29 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-14 09:29 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-14 09:29 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-14 09:29 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-29 02:06 . 2012-10-29 02:06 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GoogleChromeAutoLaunch_CF36761AC810CC34B713C060EB63AD6C"="c:\users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-16 929688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-02-26 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\MARCO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrazione prodotti.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 15:07 4272640 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-10-12 23:54 1088424 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ServUpdater;Serv Updater;c:\users\MARCO\AppData\Local\ServUpdater\ServiceUpd.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 01:27]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000Core.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000UA.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\MARCO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9070BA3A-DCBD-4C65-B516-E2D8CAAD5BA4}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8D61914-82B8-496A-811F-3D7F07A57698}\A4556554D454254414: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\
FF - prefs.js: browser.startup.homepage - http://WWW.GOOGLE.IT
FF - ExtSQL: 2012-12-22 23:10; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-12-27 16:10; jsonview@brh.numbera.com; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\jsonview@brh.numbera.com.xpi
FF - ExtSQL: 2012-12-31 01:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-31 13:30; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3423937484-4017244598-2803407167-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-12-31 16:14:42
ComboFix-quarantined-files.txt 2012-12-31 15:14
.
Pre-Run: 145.721.458.688 byte disponibili
Post-Run: 145.531.482.112 byte disponibili
.
- - End Of File - - 795B245CB7A228F107756C4F502A2ED4


----------------------------------------------------------------------------------------------------------------------------------------------------


--------------------------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:43, on 31/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Users\MARCO\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CF36761AC810CC34B713C060EB63AD6C] "C:\Users\MARCO\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\MARCO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Realtek87B - Realtek - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

--
End of file - 9247 bytes[/quote]
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top
Sponsor
 

Re: maledette pagine pubblicitarie!!

Postdi Luke57 » 03/01/13 10:19

Ciao, apri una pagina del blocco note e copia incolla quanto segue

Driver::
SoftwareUpd

Folder::
c:\users\MARCO\AppData\Local\PowerOffer
c:\users\MARCO\AppData\Local\ServUpdater
c:\users\MARCO\AppData\Local\PosService
c:\users\MARCO\AppData\Local\SoftwareUpdater

File::
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-


salva la pagina sul desktop nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
il programma avvierà una nuova scansione, al termine di essa posta il nuovo log.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Re: maledette pagine pubblicitarie!!

Postdi Marco.Erre » 06/01/13 20:27

Ciao grazie della risposta allego il log.....sarei interessato a sapere come fai a sapere quali stringhe modificare o eliminare? :)





ComboFix 13-01-05.01 - MARCO 06/01/2013 19:48:01.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.1013.337 [GMT 1:00]
Eseguito da: c:\users\MARCO\Desktop\ComboFix.exe
Opzioni usate :: c:\users\MARCO\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MARCO\AppData\Local\PosService
c:\users\MARCO\AppData\Local\PosService\7z.dll
c:\users\MARCO\AppData\Local\PosService\AppLib.Zip.dll
c:\users\MARCO\AppData\Local\PosService\Pos.exe
c:\users\MARCO\AppData\Local\PosService\Pos.InstallLog
c:\users\MARCO\AppData\Local\PosService\Pos.InstallState
c:\users\MARCO\AppData\Local\PosService\settings.ini
c:\users\MARCO\AppData\Local\PosService\settings\settings.ini
c:\users\MARCO\AppData\Local\SoftwareUpdater
c:\users\MARCO\AppData\Local\SoftwareUpdater\settings.ini
c:\users\MARCO\AppData\Local\SoftwareUpdater\settings\settings.ini
c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\users\MARCO\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallState
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-06 al 2013-01-06 )))))))))))))))))))))))))))))))))))
.
.
2013-01-06 19:06 . 2013-01-06 19:10 -------- d-----w- c:\users\MARCO\AppData\Local\temp
2013-01-06 19:06 . 2013-01-06 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 15:59 . 2013-01-04 15:59 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4BCFB73-913D-4379-8514-F845C95F7AA2}\offreg.dll
2013-01-04 15:36 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4BCFB73-913D-4379-8514-F845C95F7AA2}\mpengine.dll
2013-01-04 01:50 . 2007-10-22 02:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2013-01-04 01:49 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-01-04 01:28 . 2013-01-04 01:44 -------- d-----w- c:\program files\Crash Time 5 - Undercover
2013-01-03 18:48 . 2013-01-04 01:15 -------- d-----w- c:\users\MARCO\AppData\Roaming\PowerISO
2013-01-02 23:17 . 2013-01-02 23:25 -------- d-----w- c:\program files\Guitar Pro 6
2013-01-02 22:43 . 2013-01-02 23:31 -------- d-----w- c:\users\MARCO\AppData\Roaming\Guitar Pro 6
2013-01-02 22:43 . 2013-01-02 22:43 -------- d-----w- c:\programdata\Guitar Pro 6
2013-01-02 20:30 . 2013-01-02 20:30 -------- d-----w- c:\users\MARCO\AppData\Roaming\KC Softwares
2013-01-02 18:19 . 2013-01-02 18:19 -------- d-----w- c:\users\MARCO\AppData\Roaming\AVG
2013-01-02 18:16 . 2013-01-02 18:20 -------- d-----w- c:\programdata\AVG
2013-01-02 18:15 . 2013-01-02 18:15 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-02 13:43 . 2013-01-02 13:43 -------- d-----w- c:\program files\ProxyFinder
2013-01-02 00:57 . 2013-01-02 00:57 -------- d-----w- c:\users\MARCO\AppData\Local\AVG Secure Search
2013-01-02 00:57 . 2013-01-02 00:57 -------- d-----w- c:\programdata\AVG Secure Search
2013-01-02 00:56 . 2013-01-02 00:53 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-01-02 00:55 . 2013-01-02 00:56 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-01-02 00:55 . 2013-01-02 00:55 -------- d-----w- c:\program files\AVG Secure Search
2012-12-31 01:33 . 2013-01-06 16:06 -------- d-----w- c:\program files\JDownloader
2012-12-31 01:20 . 2012-12-31 16:47 -------- d-----w- c:\program files\SweetIM
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\users\MARCO\AppData\Local\DownTango
2012-12-29 19:16 . 2012-12-29 19:16 -------- d-----w- c:\program files\Red Sky
2012-12-28 12:53 . 2012-12-28 12:53 -------- d-----w- c:\users\MARCO\AppData\Roaming\Malwarebytes
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\programdata\Malwarebytes
2012-12-28 12:51 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-28 12:51 . 2012-12-28 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-28 12:51 . 2012-12-28 12:51 -------- d-----w- c:\users\MARCO\AppData\Local\Programs
2012-12-27 15:02 . 2012-12-28 01:22 -------- d-----w- c:\users\MARCO\AppData\Roaming\PDFCreatorPackages
2012-12-27 15:01 . 2012-12-27 15:01 -------- d-----w- c:\program files\GPLGS
2012-12-27 15:01 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-12-27 15:00 . 2012-12-28 01:18 -------- d-----w- c:\program files\PDFCreator
2012-12-22 22:13 . 2012-12-22 22:13 -------- d-----w- c:\users\MARCO\AppData\Roaming\Leadertech
2012-12-22 22:13 . 2012-12-22 22:13 53248 ----a-r- c:\users\MARCO\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-22 22:12 . 2013-01-05 22:41 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-22 22:10 . 2012-12-22 22:10 -------- d-----w- c:\programdata\Logitech
2012-12-22 22:09 . 2012-12-22 22:16 -------- d-----w- c:\programdata\Logishrd
2012-12-22 22:09 . 2012-12-22 22:09 -------- d-----w- c:\program files\Logitech
2012-12-22 22:03 . 2012-12-22 22:13 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-12-22 22:01 . 2012-12-22 22:15 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logitech
2012-12-22 22:01 . 2012-12-22 22:03 -------- d-----w- c:\users\MARCO\AppData\Roaming\Logishrd
2012-12-21 19:48 . 2012-12-21 19:48 -------- d-----w- c:\windows\it
2012-12-21 14:41 . 2012-12-21 21:51 -------- d-----w- c:\windows\system32\Adobe
2012-12-21 12:44 . 2012-12-21 12:44 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-21 12:44 . 2012-12-21 19:36 -------- d-----w- c:\program files\Windows Live
2012-12-21 12:41 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-21 12:41 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-21 12:41 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-21 12:41 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-12-21 12:31 . 2012-12-21 12:31 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DSETUP.dll
2012-12-21 12:31 . 2012-12-21 12:31 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\DXSETUP.exe
2012-12-21 12:31 . 2012-12-21 12:31 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\a42d2a21cddf7704\dsetup32.dll
2012-12-21 12:30 . 2012-12-21 12:30 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DSETUP.dll
2012-12-21 12:30 . 2012-12-21 12:30 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\DXSETUP.exe
2012-12-21 12:30 . 2012-12-21 12:30 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebfda94b1cddf7602\dsetup32.dll
2012-12-21 12:29 . 2012-12-21 12:29 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DXSETUP.exe
2012-12-21 12:29 . 2012-12-21 12:29 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\DSETUP.dll
2012-12-21 12:29 . 2012-12-21 12:29 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\ba39d3d11cddf7601\dsetup32.dll
2012-12-21 11:14 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-12-21 11:14 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-12-21 11:14 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-12-21 11:11 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-12-21 03:18 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 03:18 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 02:59 . 2012-12-21 02:59 -------- d-----w- c:\windows\system32\RTCOM
2012-12-21 02:57 . 2012-12-21 02:57 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2012-12-21 02:57 . 2012-12-21 02:57 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2012-12-21 02:50 . 2009-06-04 17:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\users\MARCO\AppData\Roaming\InstallShield
2012-12-21 02:49 . 2012-12-21 02:49 -------- d-----w- c:\programdata\Atheros
2012-12-21 02:42 . 2012-12-21 02:55 -------- d-----w- c:\program files\Intel
2012-12-21 02:42 . 2012-01-16 10:06 53248 ----a-w- c:\windows\system32\CSVer.dll
2012-12-21 02:32 . 2005-01-12 10:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2012-12-21 02:32 . 2004-09-28 10:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2012-12-21 02:32 . 2004-08-11 14:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2012-12-21 02:32 . 2004-03-08 23:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2012-12-21 02:32 . 2004-03-08 23:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2012-12-21 02:32 . 2004-03-08 23:00 1081616 ----a-w- c:\windows\system32\Mscomctl.ocx
2012-12-21 02:32 . 2004-03-08 23:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2012-12-21 02:32 . 2012-12-21 02:34 -------- d-----w- c:\program files\Driver Magician
2012-12-21 00:02 . 2013-01-03 15:33 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-21 00:02 . 2012-12-21 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-12-20 04:40 . 2012-12-20 04:40 -------- d-----w- c:\users\MARCO\AppData\Roaming\Sibelius Software
2012-12-16 13:33 . 2012-12-16 13:33 -------- d-----w- c:\program files\uTorrent
2012-12-16 13:31 . 2013-01-06 19:10 -------- d-----w- c:\users\MARCO\AppData\Roaming\uTorrent
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-12 19:49 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 19:49 . 2012-10-04 16:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-12 19:49 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-12 19:47 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 19:47 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 02:52 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-11 02:52 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-11 02:52 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-11 02:52 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-11 02:52 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-11 02:52 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-12-09 17:15 . 2012-12-09 17:15 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 01:27 . 2012-08-29 20:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 01:27 . 2012-08-29 20:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 12:02 . 2012-10-22 12:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-16 07:39 . 2012-11-28 10:01 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:48 . 2012-10-15 02:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-09 17:40 . 2012-11-14 09:28 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 09:28 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-29 08:27 . 2012-10-29 02:06 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-02 00:53 1828808 ----a-w- c:\program files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll" [2013-01-02 1828808]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-16 929688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2010-02-26 98304]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2569616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-01-02 1046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2012-10-01 07:22 66360 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 15:07 4272640 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-10-12 23:54 1088424 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-29 01:27]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-05 12:46]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000Core.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3423937484-4017244598-2803407167-1000UA.job
- c:\users\MARCO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-01 21:10]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://isearch.avg.com/?cid={5E99B759-2110-421C-A8EC-E2589F87F424}&mid=e78282f5672747d0b79c5bd9c63ae92d-6b394659b49773e03ee22472e38e85bf1d3f7d72&lang=it&ds=st011&pr=sa&d=2013-01-02 01:56&v=13.3.0.17&sap=hp
mStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\MARCO\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9070BA3A-DCBD-4C65-B516-E2D8CAAD5BA4}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D8D61914-82B8-496A-811F-3D7F07A57698}\A4556554D454254414: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
FF - ProfilePath - c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={5E99B759-2110-421C-A8EC-E2589F87F424}&mid=e78282f5672747d0b79c5bd9c63ae92d-6b394659b49773e03ee22472e38e85bf1d3f7d72&lang=it&ds=st011&pr=sa&d=2013-01-02 01:56&v=13.3.0.17&sap=ku&q=
FF - ExtSQL: 2012-12-22 23:10; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2012-12-27 16:10; jsonview@brh.numbera.com; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\jsonview@brh.numbera.com.xpi
FF - ExtSQL: 2012-12-31 01:24; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-31 13:30; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\MARCO\AppData\Roaming\Mozilla\Firefox\Profiles\mzrg1ptr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-01-02 01:57; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.3.0.17
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3423937484-4017244598-2803407167-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\progra~1\AVG\AVG2013\avgrsx.exe
c:\program files\AVG\AVG2013\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG2013\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2013\avgemcx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
.
**************************************************************************
.
Ora fine scansione: 2013-01-06 20:20:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-01-06 19:20
.
Pre-Run: 102.282.137.600 byte disponibili
Post-Run: 102.344.843.264 byte disponibili
.
- - End Of File - - C0A983C5CFCF4AFFA39453B6EEBB3B05
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top

Re: maledette pagine pubblicitarie!!

Postdi nikita75 » 06/01/13 21:59

Marco.Erre ha scritto:sarei interessato a sapere come fai a sapere quali stringhe modificare o eliminare?
Non è una questione di sapere

Si va a scuola di rimozione virus quie dopo aver avuto il Brevetto ', da specialista
puoi decodificare il log e dare le direttive di rimozione virus ,
Un cattivo uso di Combofix puo' creare danni al sistema operativo !.......e non si ritorna piu' indietro 8)

COMBOFIX moderazione nell'uso !Da usare solo con l'uso di prescrizione medica :roll: 8)
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )
Top

Re: maledette pagine pubblicitarie!!

Postdi Marco.Erre » 07/01/13 00:51

nikita75 ha scritto:
Marco.Erre ha scritto:sarei interessato a sapere come fai a sapere quali stringhe modificare o eliminare?
Non è una questione di sapere

Si va a scuola di rimozione virus quie dopo aver avuto il Brevetto ', da specialista
puoi decodificare il log e dare le direttive di rimozione virus ,
Un cattivo uso di Combofix puo' creare danni al sistema operativo !.......e non si ritorna piu' indietro 8)

COMBOFIX moderazione nell'uso !Da usare solo con l'uso di prescrizione medica :roll: 8)



e chiaramente non c'è un sito italiano :diavolo: .....in effetti ho sbirciato il sito russo,c'è proprio un corso a tempo....uhhh quante cose da studiare!! :eeh:
Con questo pc è impossibile provare a studiare,mi serve minimo un notebook con monitor da 15 pollici :)
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top

Re: maledette pagine pubblicitarie!!

Postdi nikita75 » 07/01/13 10:28

Marco.Erre ha scritto:e chiaramente non c'è un sito italiano .....in effetti ho sbirciato il sito russo,c'è proprio un corso a tempo....uhhh quante cose da studiare!!
Con questo pc è impossibile provare a studiare,mi serve minimo un notebook con monitor da 15 pollici



OT--MICROSOFT , i nostri pc , sistemi operativi , parlano INGLESE ,...in italia siamo troppo viziati , :oops: in tv ci traducono pure i film ...!In Europa moltissime tv trasmettono i film in lingua originale con i sottotitoli ,,e anche i bambini imparano l'inglese :) ...si guardando i cartoni animati !...........siamo ITAGLIANI :) ;)OT

Vorrei collegare il mio netbook al TV ..ma per adesso ho imparato come trasformare PDF in Jpeg ....i manuali tutorial ........li studio sul TV......comodamente seduta in poltrona ! :)
"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5401
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )
Top

Re: maledette pagine pubblicitarie!!

Postdi Marco.Erre » 07/01/13 12:43

nikita75 ha scritto:
Marco.Erre ha scritto:e chiaramente non c'è un sito italiano .....in effetti ho sbirciato il sito russo,c'è proprio un corso a tempo....uhhh quante cose da studiare!!
Con questo pc è impossibile provare a studiare,mi serve minimo un notebook con monitor da 15 pollici



OT--MICROSOFT , i nostri pc , sistemi operativi , parlano INGLESE ,...in italia siamo troppo viziati , :oops: in tv ci traducono pure i film ...!In Europa moltissime tv trasmettono i film in lingua originale con i sottotitoli ,,e anche i bambini imparano l'inglese :) ...si guardando i cartoni animati !...........siamo ITAGLIANI :) ;)OT

Vorrei collegare il mio netbook al TV ..ma per adesso ho imparato come trasformare PDF in Jpeg ....i manuali tutorial ........li studio sul TV......comodamente seduta in poltrona ! :)





La prima volta che andai in Olanda avevo 21 anni,in quel campeggio ricordo c'erano delle ragazze di 15/16 anni...queste parlavano l'Olandese,l'Inglese e il tedesco.... :eeh: noi a malapena parlavamo l'italiano,pur avendo fatto gli stessi studi...era una comica,noi a fare gesti per farci capire e loro ridevano....poi c'era un altro del gruppo che sapeva qualche parola d'inglese.
Poi col passare degli anni ho imparucchiato un po d'inglese,posso dialogare...ma certamente non posso tradurre un testo con parole tecniche in inglese... :) ..con lo spagnolo me la cavo meglio visto che ho vissuto piu' di un anno la....del russo conosco solo qualche parola è una lingua molto interessante....l'italiano è la mia lingua madre,sono italiano...ma certamente non lo parlo correttamente,chi si ricorda tutti i verbi?? bohhhh
Comunque possibile che in quel sito ci siano tutte le lingua,cioè inglese,danese,spagnolo,tedesco,russo,portoghese,frrancese e italiano no??cioè intendo in fondo alla pagina ci sono i link per entrare nei siti che spiegano combofix...
I manuali tutorial che studi ,cosa trattano? Combofix ?
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top

Re: maledette pagine pubblicitarie!!

Postdi Marco.Erre » 07/01/13 17:51

comunque Luke57,se sei nei paraggi e hai tempo,per favore mi dai un occhio all'ultimo report di COMBOFIX...visto che qui sei l'unico o forse uno dei pochi a dare del TU a questo COMBOFIX. :-)
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top

Re: maledette pagine pubblicitarie!!

Postdi Luke57 » 08/01/13 23:42

Ciao, mi pare a posto con le eliminazioni fatte. Se non hai altri problemi, possiamo chiudere qui ;)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Re: maledette pagine pubblicitarie!!

Postdi Marco.Erre » 09/01/13 23:15

ok thanks :)
Marco.Erre
Utente Junior
 
Post: 18
Iscritto il: 31/12/12 19:08
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "maledette pagine pubblicitarie!!":

consumo pagine web
Autore: nikita75 		Forum: Software Windows
Risposte: 4
Firefox: visualizzo pagine con parole errate
Autore: franco11 		Forum: Software Windows
Risposte: 7
Pagine web che si aprono e chiudono velocemente
Autore: nippon 		Forum: Sistemi Operativi Windows
Risposte: 7
Problema stampa due pagine Excel su foglio A4
Autore: dipdip 		Forum: Applicazioni Office Windows
Risposte: 11
Maschera accesso pagine web non compare
Autore: Ricky0185 		Forum: Software Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 84 ospiti

cron