Moderatori: m.paolo, kadosh, Luke57
:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr&cd=2XzuyEtN2Y1L1QzutDtDtByEtBtCtCtDzztB0D0BtByBtBtCtN0D0Tzu0CyBtDtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=387558573&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ts=1367061247148&tguid=41460-2938-1367061238501-786264&q={searchTerms}
IE - HKU\S-1-5-21-1708882139-563089864-3692045498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1388406568&from=tugs&uid=WDCXWD5000AAKS-00UU3A0_WD-WCAYU015002650026
IE - HKU\S-1-5-21-1708882139-563089864-3692045498-1000\..\SearchScopes\{D05569CC-DA94-493C-BCA5-4287F50EF51B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYIT&apn_uid=A3E8313B-635E-4703-AD56-B33F4DE05ECB&apn_sauid=1BAE1801-6EDD-467A-958A-8A0CA0A854A9
[2013/12/30 13:29:28 | 000,000,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml
O3:[b]64bit:[/b] - HKU\S-1-5-21-1708882139-563089864-3692045498-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02E65613-1367-4669-B61E-B158D2A0EE61}: DhcpNameServer = 83.224.70.62 83.224.70.78
O33 - MountPoints2\{74ed0224-3307-11e3-86a7-0024211082db}\Shell - "" = AutoRun
O33 - MountPoints2\{74ed0224-3307-11e3-86a7-0024211082db}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{74ed02b5-3307-11e3-86a7-0024211082db}\Shell - "" = AutoRun
O33 - MountPoints2\{74ed02b5-3307-11e3-86a7-0024211082db}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7559755a-590e-11e1-a21a-0024211082db}\Shell - "" = AutoRun
O33 - MountPoints2\{7559755a-590e-11e1-a21a-0024211082db}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{b4c61cd1-0d49-11e2-95ae-0024211082db}\Shell - "" = AutoRun
O33 - MountPoints2\{b4c61cd1-0d49-11e2-95ae-0024211082db}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{fa64d66c-d643-11e0-9ec7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fa64d66c-d643-11e0-9ec7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2013/09/18 08:50:17 | 000,465,216 | R--- | M] (Electronic Arts)
[2014/02/14 20:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/02/14 20:20:02 | 000,002,256 | ---- | C] () -- C:\Users\Romina\Desktop\SpyHunter.lnk
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:56E2E879
:Files
ipconfig /flushdns /c
:commands
[purity]
[RESETHOSTS]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]
Visitano il forum: Nessuno e 38 ospiti