www.MegaLab.it

[Perulli]

Ciao a tutti da quando ho cambiato pc (da xp a w7 64bit) si aprono delle pubblicità quando clicco su alcuni siti su tutti i browser che ho utilizzato. Con il nod32, malwarebytes anti-maleware, spybot non ho risolto il problema. Ora ho provato anche ad avviare combofix ma al termine appena apro alcune pagine puntualmente si riaprono le solite pubblicità. Sapete aiutarmi?

[nix87]

Potresti essere più specifico ?

Su quali pagine, se posso chiederti, si aprono le pubblicità ?

Non è che hai disattivo il blocco popup ? Oppure hai installata qualche toolbar 'pubblicitaria' (ad-ware) ?

[Berga95]

Cominciamo con una scansione con HijackThis, posta il contenuto del log usando il tag MEMO.
E già che ci sei metti il vecchio log di Combofix

[Perulli]

Per nik87: si, allora poco fa ad esempio cercavo un video sul poker e appena ho cliccato sul video (you tube) si è aperta sempre su firefox un'altra pagina relativa ad un sito di poker online e la stessa cosa mi capita ad esempio per i coupon ma anche per altro. All'inizio credevo che era un problema di browser ma la stessa cosa mi capita anche con altri. Su firefox ho anche installato adblock plus ma senza risultati.
Il blocco popup è attivo mentre per quanto riguarda toolbar installate non credo di averne...ho controllato con "toolbar cleaner".
Per Berga95 ecco qui il log di hijack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:32:37, on 17/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{25C499D7-3333-4092-9F7F-A622703E0EFF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{25C499D7-3333-4092-9F7F-A622703E0EFF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{25C499D7-3333-4092-9F7F-A622703E0EFF}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\media\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\media\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10790 bytes

Mentre qui quello di combofix fatto ieri:

ComboFix 12-04-16.01 - media 16/04/2012 18:25:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4078.2259 [GMT 2:00]
Eseguito da: d:\download\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\media\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
c:\users\media\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-03-16 al 2012-04-16 )))))))))))))))))))))))))))))))))))
.
.
2012-04-16 16:28 . 2012-04-16 16:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 15:00 . 2012-04-16 16:05 -------- d-----w- c:\users\media\AppData\Local\Google
2012-04-16 14:59 . 2012-04-16 14:59 -------- d-----w- c:\users\media\AppData\Local\Apps
2012-04-16 14:59 . 2012-04-16 15:00 -------- d-----w- c:\users\media\AppData\Local\Deployment
2012-04-16 12:01 . 2012-04-16 16:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-16 12:01 . 2012-04-16 16:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-15 12:21 . 2012-04-15 12:21 -------- d-----w- c:\program files\ESET
2012-04-13 08:38 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB908239-99BE-4AFD-96A1-771650547687}\mpengine.dll
2012-04-11 14:49 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 14:49 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 14:49 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 14:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 14:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 14:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 14:47 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 14:47 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 14:47 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 14:47 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 12:45 . 2012-04-05 13:58 -------- d-----w- c:\users\media\Tracing
2012-04-04 14:50 . 2012-04-04 14:50 -------- d-----w- c:\program files\Unlocker
2012-04-04 14:47 . 2012-04-04 14:47 -------- d-----w- c:\users\media\AppData\Local\ESET
2012-04-04 14:21 . 2012-04-04 14:21 -------- d-----w- c:\programdata\Media Center Programs
2012-04-04 11:37 . 2012-04-04 11:37 -------- d-----w- c:\users\media\AppData\Local\Nero
2012-04-01 10:38 . 2012-04-01 10:38 108368 ----a-r- c:\users\media\AppData\Roaming\Microsoft\Installer\{C8AED900-8C52-43B6-B4F9-7BEF858AF5CD}\ARPPRODUCTICON.exe
2012-04-01 10:38 . 2012-04-01 10:38 -------- d-----w- c:\users\media\AppData\Local\Sky Italia
2012-03-30 11:06 . 2012-03-30 11:06 -------- d-----w- c:\program files (x86)\Common Files\Simple Adblock
2012-03-30 09:14 . 2012-04-14 11:14 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 08:37 . 2012-04-11 09:52 -------- d-----w- c:\program files (x86)\Glary Utilities
2012-03-30 08:32 . 2012-04-06 08:52 -------- d-----w- c:\users\media\AppData\Roaming\HpUpdate
2012-03-30 08:32 . 2012-03-30 08:32 -------- d-----w- c:\windows\Hewlett-Packard
2012-03-30 08:30 . 2012-04-05 13:18 -------- d-----w- c:\users\media\AppData\Roaming\GlarySoft
2012-03-30 08:27 . 2012-04-14 11:14 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 11:01 . 2012-03-28 23:11 -------- d-----w- c:\programdata\Ubisoft
2012-03-26 11:01 . 2012-03-26 11:04 -------- d-----w- c:\users\media\AppData\Local\Ubisoft Game Launcher
2012-03-26 10:18 . 2012-03-26 10:18 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-26 10:18 . 2012-03-26 10:18 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-26 10:18 . 2012-03-26 10:18 -------- d-----w- c:\users\media\AppData\Roaming\PunkBuster
2012-03-26 10:17 . 2008-10-15 04:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-03-26 10:17 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-03-26 10:17 . 2008-10-15 04:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-03-26 10:17 . 2008-10-15 04:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-03-26 10:17 . 2008-10-15 04:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-03-26 10:10 . 2012-04-04 14:15 -------- d-----w- c:\program files (x86)\Ubisoft
2012-03-25 13:50 . 2012-03-25 14:07 -------- d-----w- c:\program files (x86)\PC Pad
2012-03-24 13:04 . 2012-03-25 10:07 -------- d-----w- C:\Downloads
2012-03-24 13:04 . 2012-03-24 18:26 -------- d-----w- c:\users\media\AppData\Local\ServUpdater
2012-03-24 13:04 . 2012-03-24 13:04 -------- d-----w- c:\users\media\AppData\Local\PosService
2012-03-24 13:04 . 2012-03-24 13:04 -------- d-----w- c:\users\media\AppData\Local\PowerOffer
2012-03-24 13:04 . 2012-03-25 10:07 -------- d-----w- c:\program files (x86)\UltraTorrent
2012-03-24 09:11 . 2012-04-08 14:30 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-24 09:08 . 2012-04-10 13:33 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-24 09:06 . 2010-03-19 02:00 55856 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-03-24 09:06 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-03-24 09:06 . 2009-10-20 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-03-24 09:06 . 2012-03-24 09:06 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-03-24 09:06 . 2012-03-24 09:06 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-03-24 01:00 . 2012-03-24 01:02 -------- d-----w- c:\program files (x86)\FIFA 12
2012-03-23 18:54 . 2012-03-30 08:47 -------- d-----w- c:\users\media\AppData\Local\Diagnostics
2012-03-23 18:46 . 2012-03-23 18:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-23 18:46 . 2012-03-23 18:46 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-23 18:45 . 2012-04-05 13:58 -------- d-----w- c:\users\media\AppData\Roaming\DAEMON Tools Lite
2012-03-23 18:45 . 2012-03-23 18:45 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-23 17:23 . 2012-04-13 10:23 -------- d-----w- c:\users\media\AppData\Local\Microsoft Games
2012-03-23 17:18 . 2012-03-23 17:19 -------- d-----w- c:\users\media\AppData\Roaming\SprillRichiEng
2012-03-23 14:36 . 2012-03-24 09:08 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-23 12:55 . 2012-03-23 12:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-23 12:50 . 2012-04-08 14:30 -------- d-----w- c:\users\media\AppData\Local\Adobe
2012-03-23 12:21 . 2012-03-23 12:21 -------- d-----w- c:\users\media\AppData\Local\2DBoy
2012-03-23 12:21 . 2012-03-23 12:21 -------- d-----w- c:\programdata\2DBoy
2012-03-23 11:21 . 2012-03-23 11:21 -------- d-----w- c:\programdata\1912 Titanic Mystery
2012-03-23 11:21 . 2012-03-23 11:22 -------- d-----w- c:\users\media\AppData\Roaming\TitanicMystery
2012-03-23 11:10 . 2012-03-23 11:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-03-23 10:58 . 2012-04-06 07:49 -------- d-----w- c:\users\UpdatusUser
2012-03-23 08:25 . 2012-03-23 08:25 -------- d-----w- c:\programdata\WEBREG
2012-03-23 08:25 . 2012-03-23 08:26 -------- d-----w- c:\users\media\AppData\Roaming\HP
2012-03-23 08:25 . 2012-03-23 08:25 -------- d-----w- c:\users\media\AppData\Local\HP
2012-03-23 08:24 . 2012-03-23 08:24 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-23 08:24 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-23 08:21 . 2012-03-23 08:21 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-23 08:21 . 2012-03-23 08:21 -------- d-----w- c:\windows\SysWow64\spool
2012-03-23 08:21 . 2012-03-23 08:21 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-03-23 08:21 . 2012-03-23 08:21 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-03-23 08:20 . 2012-03-30 08:32 -------- d-----w- c:\program files (x86)\HP
2012-03-23 08:19 . 2012-03-23 08:19 -------- d-----w- c:\program files\HP
2012-03-23 08:18 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax5.dll
2012-03-23 08:18 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-03-23 08:18 . 2009-07-08 10:51 540672 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-23 08:18 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst12.dll
2012-03-23 08:18 . 2009-07-08 10:51 1403904 ----a-w- c:\windows\system32\hpotiop5.dll
2012-03-23 08:14 . 2012-03-23 08:14 -------- d-----w- c:\users\media\AppData\Roaming\Malwarebytes
2012-03-23 08:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-23 08:14 . 2012-03-23 08:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 08:14 . 2012-03-23 08:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 08:14 . 2010-04-29 14:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 08:03 . 2012-03-23 08:03 -------- d-----w- c:\windows\system32\Macromed
2012-03-23 00:30 . 2012-03-23 08:25 -------- d-----w- c:\programdata\HP
2012-03-23 00:26 . 2012-03-23 11:09 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-23 00:25 . 2012-03-23 00:25 -------- d-----w- c:\users\media\AppData\Local\Microsoft Help
2012-03-23 00:25 . 2012-04-11 14:50 -------- d-----w- c:\programdata\Microsoft Help
2012-03-23 00:24 . 2012-03-23 00:24 -------- d-----r- C:\MSOCache
2012-03-23 00:10 . 2012-03-23 00:11 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-03-23 00:10 . 2012-03-23 00:20 -------- d-----w- c:\program files (x86)\Nero
2012-03-22 23:50 . 2012-03-22 23:50 -------- d-----w- c:\programdata\dvdfab
2012-03-22 23:50 . 2012-03-22 23:50 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
2012-03-22 23:46 . 2012-03-22 23:46 -------- d-----w- c:\users\media\AppData\Roaming\NVIDIA
2012-03-22 23:37 . 2012-03-22 23:37 -------- d-----w- c:\users\media\AppData\Local\MicroVision Applications
2012-03-22 23:37 . 2012-03-22 23:37 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
2012-03-22 23:37 . 2006-09-21 06:42 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-03-22 23:37 . 2012-03-22 23:37 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5
2012-03-22 23:33 . 2012-03-22 23:53 -------- d-----w- c:\users\media\AppData\Roaming\Vso
2012-03-22 23:33 . 2012-03-22 23:53 82816 ----a-w- c:\users\media\AppData\Roaming\pcouffin.sys
2012-03-22 23:33 . 2012-03-22 23:33 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-03-22 23:18 . 2012-03-22 23:20 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-03-22 23:14 . 2012-03-22 23:14 -------- d-----w- c:\program files (x86)\Bit Che
2012-03-22 23:14 . 2012-03-22 23:14 -------- d-----w- c:\users\media\AppData\Roaming\Convivea
2012-03-22 23:14 . 2004-03-08 23:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.OCX
2012-03-22 23:14 . 2004-03-08 23:00 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx
2012-03-22 23:13 . 2012-03-22 23:13 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-22 23:12 . 2012-04-12 21:58 -------- d-----w- c:\users\media\AppData\Roaming\uTorrent
2012-03-22 23:11 . 2012-04-02 15:02 -------- d-----w- c:\users\media\AppData\Local\eMule
2012-03-22 23:06 . 2012-04-03 10:08 -------- d-----w- c:\program files\CCleaner
2012-03-22 23:02 . 2012-03-22 23:02 -------- d-----w- c:\users\media\AppData\Roaming\Nero
2012-03-22 22:18 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-22 22:18 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-22 22:18 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-22 19:53 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-01 00:02 . 2011-06-27 08:09 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2011-06-27 08:09 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2011-06-27 08:09 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2011-06-27 08:09 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-06-27 08:09 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-02-29 21:00 . 2011-01-26 16:52 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2011-01-26 16:52 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2011-01-26 16:53 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2011-01-26 16:53 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2011-01-26 16:53 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2011-01-26 16:53 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 12:26 . 2012-02-29 12:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-03 218624]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Norton Online Backup"=c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ServUpdater;Serv Updater;c:\users\media\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-02 156160]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 PowerOffer Service;Pos Service;c:\users\media\AppData\Local\PosService\Pos.exe [2011-12-02 164864]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:14]
.
2012-04-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-30 19:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{25C499D7-3333-4092-9F7F-A622703E0EFF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\media\AppData\Roaming\Mozilla\Firefox\Profiles\eyse1vi8.default\
FF - prefs.js: browser.startup.homepage - www.google.it
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PCShowServer - c:\users\media\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-04-16 18:32:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-04-16 16:32
.
Pre-Run: 420.711.104.512 byte disponibili
Post-Run: 420.534.870.016 byte disponibili
.
- - End Of File - - 37B49AAB8580C6821E2B8B5EF9AA4EAD

[crazy.cat]

Rifai la scansione con hijackthis, selezioni le caselle di queste righe e premi fix checked per eliminarle.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_0
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

E questo che ti mostra le pubblicità. Controlla nella lista delle applicazioni installate ci dovrebbe essere poweroffer e disinstallala. Dopo riavvia il pc e controlla che questo servizio non ci sia più.
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\media\AppData\Local\PosService\Pos.exe

Fai controllare questo file sul sito www.virustotal.com per vedere di cosa si tratta.
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\media\AppData\Local\ServUpdater\ServiceUpd.exe

[Perulli]

Ho fatto il primo passaggio che mi hai detto ma appena ho disinstallato poweoffer il modem si è spento e nenache al riavvio successivo si è ripreso così ho fatto un ripristino ed è tornato tutto alla normalità (con il file poweroffer). Ho letto su internet che è un programma che si occupa di gestire i download e come mai il modem si è spento? O_o Comunque con il power offer installato ed il primo procedimento fatto il problema delle pubblicità continua ad esserci

[Perulli]

Ho controllato anche il file che mi hai detto: C:\Users\media\AppData\Local\PosService\Pos.exe e dal sito non risulta dannoso

[hashcat]

Consiglio la lettura di questo articolo:

http://www.MegaLab.it/7845/pulizia-appr ... adwcleaner

Segui la procedura indicata per utilizzare Adwcleaner correttamente e posta qui il log.

[Perulli]

Come non detto, ho risolto il problema con la procedura di crazy cat. Grazie a tutti!!