www.MegaLab.it

[Skymon.mars]

Ciao a tutti.
Oggi pomeriggio volevo informarmi meglio sulla sicurezza wireless, attacco e protezione reti wirelss.. quando incontro un programma russo e volevo saperne di piu comprando la versione pro.. morale della storia credo di essermi preso un bel virus infatti il computer non si avviava piu, ma si riavviava ogni volta subito dopo linserimento della password..
Allego il log di combo fix.. cosa ne dite del log?
Grazie MegaLab.

Uso un portatile samsung r60 plus, windows vista.

ComboFix 14-09-16.01 - T3O 16/09/2014 21.10.27.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.2549 [GMT 2:00]
Eseguito da: c:\users\T3O\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchProtect
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\NoteTecniche.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
c:\program files\WinRAR\SorgUnRAR.Txt
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\2
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\3
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\background.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\crossriderManifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\manifest.xml
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\17_jQuery.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\182_openUrl.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\183_tabsWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\22_resources.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\47_resources_background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\5_notifications.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\64_appApiMessage.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\7_hooks.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\72_appApiValidation.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\9_search_engine_hook.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\extension.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\actions\1.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon128.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon16.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon48.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\chrome.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\cookie.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\message.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageAction.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageActionBG.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\bg_app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\consts.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\cookie_store.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\delegate.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\events.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\extensionDataStore.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\installer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logFile.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logging.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\onBGDocumentLoad.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\newPopup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\popup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\reports.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\storageWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\updateManager.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\util.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\xhr.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\main.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\manifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\popup.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\version.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\setup.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-16 al 2014-09-16 )))))))))))))))))))))))))))))))))))
.
.
2014-09-16 19:27 . 2014-09-16 19:32 -------- d-----w- c:\users\T3O\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-16 15:30 . 2014-09-16 15:30 -------- d-----w- c:\program files\Common Files\Skype
2014-09-16 15:25 . 2014-09-11 11:16 92488 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-09-16 15:25 . 2014-09-11 11:16 73032 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-09-16 14:55 . 2014-09-11 11:16 54088 ----a-w- c:\windows\system32\drivers\BDSafeBrowser.sys
2014-09-16 14:54 . 2014-09-11 11:16 182088 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-09-16 14:52 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3560DF4-B2B9-4683-913A-CDFEECB3DEA2}\mpengine.dll
2014-09-16 14:43 . 2014-09-11 11:16 189128 ----a-w- c:\windows\system32\drivers\BDMWrench.sys
2014-09-16 14:42 . 2014-09-16 14:43 -------- d-----w- c:\users\T3O\AppData\Roaming\Baidu
2014-09-16 14:41 . 2014-09-16 14:54 -------- d-----w- c:\program files\Common Files\Baidu
2014-09-16 14:41 . 2014-09-16 14:55 -------- d-----w- c:\programdata\baidu
2014-09-16 14:41 . 2014-09-16 14:41 -------- d-----w- c:\program files\Baidu
2014-09-16 14:34 . 2014-09-16 15:47 -------- d-----w- c:\program files\test
2014-09-01 17:59 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-01 17:59 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 15:23 . 2014-07-13 19:12 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 21:50 . 2012-10-05 14:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-14 21:50 . 2012-01-30 14:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2009-10-02 16:11 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-16 09:45 . 2012-11-06 11:28 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-16 09:45 . 2012-11-06 11:28 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-16 09:45 . 2012-11-06 11:28 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-08 00:46 . 2014-08-16 10:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-06-26 22:17 . 2014-08-16 11:03 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-06-26 22:17 . 2014-08-16 11:03 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-26 22:17 . 2014-08-16 11:03 619664 ----a-w- c:\windows\system32\icardagt.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify Web Helper"="c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-10 1245752]
"Akamai NetSession Interface"="c:\users\T3O\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0230Ext.ax"="c:\windows\system32\V0230Ext.ax" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-16 751184]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-01 17:36 133104 ----atw- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-04-19 15:12 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-09-10 22:09 6621752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-09-10 22:09 1245752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
2006-09-06 23:01 32768 ----a-w- c:\windows\V0230Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 21:50]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
2014-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://zagugli.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.184.124.1
FF - ProfilePath - c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-08-08 03:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HW_OPENEYE_OUC_Chiavetta Internet Tre - c:\program files\Chiavetta Internet Tre.it\UpdateDog\ouc.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
scansione processi nascosti ...
.
c:\windows\System32\SearchFilterHost.exe [3424] 0x854274E8
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2879660449-3680605411-3994284484-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4466814C-905A-FF42-56EA-F30D82BD1253}*]
"naadbihniadognahhfjcjbkbnnml"=hex:69,61,69,69,63,67,6d,6a,6b,62,67,61,6a,6f,
62,70,6c,70,00,77
"oakddfhiblaifhcckceeibmblmmgmb"=hex:6a,61,67,64,6c,61,61,64,6f,67,6c,63,6e,69,
6f,61,6a,68,6f,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4844)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\ASUS\EZVCR\EZSERVICE.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\windows\system32\vssvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2014-09-16 21:43:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-09-16 19:41
ComboFix2.txt 2012-10-01 14:33
.
Pre-Run: 6.712.573.952 byte disponibili
Post-Run: 2.925.797.376 byte disponibili
.
- - End Of File - - A506964205B25063CB2E7DE4F3C75494
61A349592C4728853F4A90FF78F7628E

[Skymon.mars]

Qualcuno può darmi una mano?
Non riesco più ad accedere il computer, dopo la richiesta della password account va in schermata blu e si riavvia..
Help

[Skymon.mars]

Questa mattina stesso problema, ho riavviato in modalita provvisoria e ho fatto di nuovo girare Combo Fix, eseguito come amministratore (anche se devo dire che in uno degli stage, credo al 38esimo, mi ha detto che non avendo i diritti amministratore non potevo completare una fase..hmm) e poi ho fatto scansionare con Malwarebytes aggiornato ieri.
Allego i log di oggi di combofix e malwarebytes.
Attualmente sto facendo scansionare con Avira Free.
Il problema principale è che da quanto sembra, se non scansiono prima con combo fix e quindi lascio poi a lui il riavvio del pc stesso, questo altrimenti non si accende poiche dopo la password da schermata blu

ComboFix 14-09-16.01 - T3O 17/09/2014 10.57.50.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.2556 [GMT 2:00]
Eseguito da: c:\users\T3O\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\background.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\crossriderManifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\icons\actions\1.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\icons\icon128.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\icons\icon16.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\icons\icon48.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\api\chrome.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\api\cookie.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\api\message.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\async_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\bg_app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\cookie_store.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\data_store.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\delegate.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\events.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\onBGDocumentLoad.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\reports.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\js\lib\util.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\manifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.20.36_0\popup.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Preferences
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-17 al 2014-09-17 )))))))))))))))))))))))))))))))))))
.
.
2014-09-17 09:15 . 2014-09-17 09:19 -------- d-----w- c:\users\T3O\AppData\Local\temp
2014-09-17 09:15 . 2014-09-17 09:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-17 09:15 . 2014-09-17 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-16 15:30 . 2014-09-16 15:30 -------- d-----w- c:\program files\Common Files\Skype
2014-09-16 15:25 . 2014-09-11 11:16 92488 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-09-16 15:25 . 2014-09-11 11:16 73032 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-09-16 14:55 . 2014-09-11 11:16 54088 ----a-w- c:\windows\system32\drivers\BDSafeBrowser.sys
2014-09-16 14:54 . 2014-09-11 11:16 182088 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-09-16 14:52 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3560DF4-B2B9-4683-913A-CDFEECB3DEA2}\mpengine.dll
2014-09-16 14:43 . 2014-09-11 11:16 189128 ----a-w- c:\windows\system32\drivers\BDMWrench.sys
2014-09-16 14:42 . 2014-09-16 14:43 -------- d-----w- c:\users\T3O\AppData\Roaming\Baidu
2014-09-16 14:41 . 2014-09-16 14:54 -------- d-----w- c:\program files\Common Files\Baidu
2014-09-16 14:41 . 2014-09-16 14:55 -------- d-----w- c:\programdata\baidu
2014-09-16 14:41 . 2014-09-16 14:41 -------- d-----w- c:\program files\Baidu
2014-09-16 14:34 . 2014-09-16 15:47 -------- d-----w- c:\program files\test
2014-09-01 17:59 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-01 17:59 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 22:42 . 2014-07-13 19:12 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 21:50 . 2012-10-05 14:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-14 21:50 . 2012-01-30 14:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2009-10-02 16:11 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-16 09:45 . 2012-11-06 11:28 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-16 09:45 . 2012-11-06 11:28 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-16 09:45 . 2012-11-06 11:28 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-08 00:46 . 2014-08-16 10:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-06-26 22:17 . 2014-08-16 11:03 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-06-26 22:17 . 2014-08-16 11:03 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-26 22:17 . 2014-08-16 11:03 619664 ----a-w- c:\windows\system32\icardagt.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify Web Helper"="c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-10 1245752]
"Akamai NetSession Interface"="c:\users\T3O\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0230Ext.ax"="c:\windows\system32\V0230Ext.ax" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-16 751184]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-01 17:36 133104 ----atw- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-04-19 15:12 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-09-10 22:09 6621752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-09-10 22:09 1245752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
2006-09-06 23:01 32768 ----a-w- c:\windows\V0230Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 21:50]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://zagugli.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.184.124.1
FF - ProfilePath - c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-08-08 03:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2879660449-3680605411-3994284484-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4466814C-905A-FF42-56EA-F30D82BD1253}*]
"naadbihniadognahhfjcjbkbnnml"=hex:69,61,69,69,63,67,6d,6a,6b,62,67,61,6a,6f,
62,70,6c,70,00,77
"oakddfhiblaifhcckceeibmblmmgmb"=hex:6a,61,67,64,6c,61,61,64,6f,67,6c,63,6e,69,
6f,61,6a,68,6f,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4256)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\ASUS\EZVCR\EZSERVICE.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\ASUS\EZVCR\ASUS_IRAppl.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\UI0Detect.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Ora fine scansione: 2014-09-17 11:30:13 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-09-17 09:28
ComboFix2.txt 2014-09-16 19:43
ComboFix3.txt 2012-10-01 14:33
.
Pre-Run: 7.120.855.040 byte disponibili
Post-Run: 3.757.133.824 byte disponibili
.
- - End Of File - - 52925BA31D317A9FFFDC54D980246EF8
61A349592C4728853F4A90FF78F7628E

Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 17/09/2014
Ora scansione: 11.34.43
File di log: log malwarebytes.txt
Amministratore: Si

Versione: 2.00.2.1012
Database malware: v2014.09.16.09
Database rootkit: v2014.09.15.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Self-protection: Disattivata

SO: Windows Vista Service Pack 2
CPU: x86
File system: NTFS
Utente: T3O

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 314622
Tempo impiegato: 15 min, 16 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Heuristics: Attivata
PUP: Avviso
PUM: Attivata

Processi: 0
(No malicious items detected)

Moduli: 0
(No malicious items detected)

Chiavi di registro: 0
(No malicious items detected)

Valori di registro: 0
(No malicious items detected)

Dati di registro: 0
(No malicious items detected)

Cartelle: 4
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\_metadata, , [05546886dd9e9b9bcd6b23c328dacd33],

File: 13
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\api.js, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\app.js, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\background.js, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\jquery.js, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\manifest.json, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\menu.html, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\update.js, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\128.png, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\16.png, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\19.png, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\38.png, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\images\48.png, , [05546886dd9e9b9bcd6b23c328dacd33],
PUP.Optional.PricePeep.A, C:\Users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.10_0\_metadata\verified_contents.json, , [05546886dd9e9b9bcd6b23c328dacd33],

Settori fisici: 0
(No malicious items detected)


(end)

[Skymon.mars]

Questo è il file log di Avira.

Avira Free Antivirus
Report file date: mercoledì 17 settembre 2014 12:10


The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Antivirus Free
Serial number : 0000149996-AVHOE-0000001
Platform : Windows Vista (TM) Home Premium
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-T3O

Version information:
BUILD.DAT : 14.0.6.570 92022 Bytes 15/08/2014 10:30:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 16/08/2014 09:45:45
AVSCANRC.DLL : 14.0.6.522 52816 Bytes 16/08/2014 09:45:45
LUKE.DLL : 14.0.6.522 57936 Bytes 16/08/2014 09:46:02
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 16/08/2014 09:45:45
AVREG.DLL : 14.0.6.522 262224 Bytes 16/08/2014 09:45:44
avlode.dll : 14.0.6.526 603728 Bytes 16/08/2014 09:45:43
avlode.rdf : 14.0.4.46 64835 Bytes 16/09/2014 15:24:28
XBV00010.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:12
XBV00011.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:12
XBV00012.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:12
XBV00013.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:12
XBV00014.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:12
XBV00015.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00016.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00017.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00018.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00019.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00020.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00021.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:13
XBV00022.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00023.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00024.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00025.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00026.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00027.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00028.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00029.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00030.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00031.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00032.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00033.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00034.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:14
XBV00035.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00036.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00037.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00038.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00039.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00040.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00041.VDF : 8.11.165.190 2048 Bytes 07/08/2014 09:46:15
XBV00054.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00055.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00056.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00057.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00058.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00059.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00060.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00061.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00062.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00063.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00064.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00065.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00066.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00067.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:42
XBV00068.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00069.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00070.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00071.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00072.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00073.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00074.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00075.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00076.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00077.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00078.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00079.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00080.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:43
XBV00081.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:44
XBV00082.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:44
XBV00083.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:46
XBV00084.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:47
XBV00085.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:47
XBV00086.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:47
XBV00087.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:47
XBV00088.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00089.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00090.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00091.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00092.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00093.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:48
XBV00094.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:49
XBV00095.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:49
XBV00096.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:49
XBV00097.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00098.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00099.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00100.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00101.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00102.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00103.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00104.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00105.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00106.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00107.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00108.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00109.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00110.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00111.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00112.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00113.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00114.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00115.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00116.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:50
XBV00117.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00118.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00119.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00120.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00121.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00122.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00123.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00124.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00125.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00126.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00127.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00128.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00129.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00130.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00131.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:51
XBV00132.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00133.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00134.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00135.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00136.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00137.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00138.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00139.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00140.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00141.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00142.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00143.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00144.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00145.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00146.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00147.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00148.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00149.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00150.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00151.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00152.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:52
XBV00153.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00154.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00155.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00156.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00157.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00158.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00159.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00160.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00161.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00162.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00163.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:53
XBV00164.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00165.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00166.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00167.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00168.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00169.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00170.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00171.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00172.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:54
XBV00173.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00174.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00175.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00176.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00177.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00178.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00179.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00180.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:55
XBV00181.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00182.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00183.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00184.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00185.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00186.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00187.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00188.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:56
XBV00189.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00190.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00191.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00192.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00193.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00194.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00195.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00196.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00197.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00198.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00199.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:57
XBV00200.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00201.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00202.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00203.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00204.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00205.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00206.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00207.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00208.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00209.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:58
XBV00210.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00211.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00212.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00213.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00214.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00215.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00216.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00217.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00218.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:24:59
XBV00219.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00220.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00221.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00222.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00223.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00224.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00225.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:00
XBV00226.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00227.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00228.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00229.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00230.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00231.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00232.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00233.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:01
XBV00234.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00235.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00236.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00237.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00238.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00239.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00240.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:02
XBV00241.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00242.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00243.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00244.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00245.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00246.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:03
XBV00247.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00248.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00249.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00250.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00251.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00252.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00253.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00254.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00255.VDF : 8.11.172.30 2048 Bytes 15/09/2014 15:25:04
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 17:01:17
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 22:58:55
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 16:47:53
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 13:45:59
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23/07/2013 21:02:13
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29/08/2013 23:04:40
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27/03/2014 16:37:40
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02/06/2014 09:46:10
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07/08/2014 09:46:12
XBV00009.VDF : 8.11.172.30 2094080 Bytes 15/09/2014 15:24:39
XBV00042.VDF : 8.11.172.54 36864 Bytes 15/09/2014 15:24:40
XBV00043.VDF : 8.11.172.78 8704 Bytes 15/09/2014 15:24:40
XBV00044.VDF : 8.11.172.102 2048 Bytes 15/09/2014 15:24:40
XBV00045.VDF : 8.11.172.128 23040 Bytes 15/09/2014 15:24:41
XBV00046.VDF : 8.11.172.132 2048 Bytes 15/09/2014 15:24:41
XBV00047.VDF : 8.11.172.136 13824 Bytes 15/09/2014 15:24:41
XBV00048.VDF : 8.11.172.140 13312 Bytes 16/09/2014 15:24:41
XBV00049.VDF : 8.11.172.142 6144 Bytes 16/09/2014 15:24:41
XBV00050.VDF : 8.11.172.144 4608 Bytes 16/09/2014 15:24:41
XBV00051.VDF : 8.11.172.146 9216 Bytes 16/09/2014 15:24:41
XBV00052.VDF : 8.11.172.148 16384 Bytes 16/09/2014 15:24:42
XBV00053.VDF : 8.11.172.150 9728 Bytes 16/09/2014 15:24:42
LOCAL000.VDF : 8.11.172.150 110131712 Bytes 16/09/2014 15:26:15
Engine version : 8.3.24.24
AEVDF.DLL : 8.3.1.6 133992 Bytes 20/08/2014 16:22:44
AESCRIPT.DLL : 8.2.0.22 436136 Bytes 16/09/2014 15:24:28
AESCN.DLL : 8.3.2.2 139456 Bytes 16/08/2014 09:45:38
AESBX.DLL : 8.2.20.24 1409224 Bytes 16/05/2014 16:36:18
AERDL.DLL : 8.2.0.138 704888 Bytes 17/01/2014 16:27:16
AEPACK.DLL : 8.4.0.50 792488 Bytes 16/08/2014 09:45:38
AEOFFICE.DLL : 8.3.0.24 223144 Bytes 16/09/2014 15:24:27
AEHEUR.DLL : 8.1.4.1282 7477160 Bytes 16/09/2014 15:24:27
AEHELP.DLL : 8.3.1.0 278728 Bytes 01/06/2014 16:26:51
AEGEN.DLL : 8.1.7.28 450752 Bytes 16/08/2014 09:45:35
AEEXP.DLL : 8.4.2.32 247712 Bytes 16/09/2014 15:24:28
AEEMU.DLL : 8.1.3.4 399264 Bytes 16/08/2014 09:45:35
AEDROID.DLL : 8.4.2.24 442568 Bytes 16/08/2014 09:45:38
AECORE.DLL : 8.3.2.6 243712 Bytes 16/08/2014 09:45:35
AEBB.DLL : 8.1.2.0 60448 Bytes 16/08/2014 09:45:35
AVWINLL.DLL : 14.0.6.522 24144 Bytes 16/08/2014 09:45:35
AVPREF.DLL : 14.0.6.522 50256 Bytes 16/08/2014 09:45:43
AVREP.DLL : 14.0.6.522 219216 Bytes 16/08/2014 09:45:44
AVARKT.DLL : 14.0.5.368 226384 Bytes 16/08/2014 09:45:40
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 16/08/2014 09:45:42
SQLITE3.DLL : 14.0.6.522 452176 Bytes 16/08/2014 09:46:06
AVSMTP.DLL : 14.0.6.522 76368 Bytes 16/08/2014 09:45:45
NETNT.DLL : 14.0.6.522 13392 Bytes 16/08/2014 09:46:03
RCIMAGE.DLL : 14.0.6.522 4864080 Bytes 16/08/2014 09:45:35
RCTEXT.DLL : 14.0.6.558 76536 Bytes 16/09/2014 15:24:15

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................: C:\Users\T3O\Desktop\Aircrack-ng.exe, C:\Users\T3O\Desktop\alice\Alice WPA Calculator.exe, C:\Users\T3O\Desktop\alice\Alice_WPA_calculator.jpg, C:\Users\T3O\Downloads\Adobe Photoshop Lightroom 4.0 Final Multilingual (keygen-CORE) [ChingLiu]\Keygen - CORE, D:\Alice calculator aggiornato e tools, D:\Alice calculator aggiornato e tools\Alice WPA Calculator 2.0.exe, G:\Adobe photoshop CS6 13.0 [Extended x86+x64] (2012) PC\Patch,
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercoledì 17 settembre 2014 12:10

Start scanning boot sectors:
Boot sector 'HDD0(C:, D:)'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '20' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_14_0_0_179.exe' - '55' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_14_0_0_179.exe' - '44' Module(s) have been scanned
Scan process 'plugin-container.exe' - '69' Module(s) have been scanned
Scan process 'firefox.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '98' Module(s) have been scanned
Scan process 'avscan.exe' - '50' Module(s) have been scanned
Scan process 'avcenter.exe' - '124' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '78' Module(s) have been scanned
Scan process 'Taskmgr.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'Explorer.exe' - '192' Module(s) have been scanned
Scan process 'notepad.exe' - '20' Module(s) have been scanned
Scan process 'AAM Updates Notifier.exe' - '84' Module(s) have been scanned
Scan process 'WPFFontCache_v0400.exe' - '18' Module(s) have been scanned
Scan process 'CCC.exe' - '151' Module(s) have been scanned
Scan process 'netsession_win.exe' - '61' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '14' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'netsession_win.exe' - '37' Module(s) have been scanned
Scan process 'ehmsas.exe' - '19' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '119' Module(s) have been scanned
Scan process 'ModemListener.exe' - '26' Module(s) have been scanned
Scan process 'avgnt.exe' - '105' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '36' Module(s) have been scanned
Scan process 'MOM.EXE' - '54' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '45' Module(s) have been scanned
Scan process 'conime.exe' - '16' Module(s) have been scanned
Scan process 'WCScheduler.exe' - '39' Module(s) have been scanned
Scan process 'MagicDoctorKbdHk.exe' - '20' Module(s) have been scanned
Scan process 'taskeng.exe' - '25' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'Agent.exe' - '19' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'UI0Detect.exe' - '24' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'VmbService.exe' - '85' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '118' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned
Scan process 'ASUS_IRAppl.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'Agent.exe' - '19' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'oodag.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'EZSERVICE.exe' - '22' Module(s) have been scanned
Scan process 'DeviceManager.exe' - '12' Module(s) have been scanned
Scan process 'CTDevSrv.exe' - '12' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'avguard.exe' - '124' Module(s) have been scanned
Scan process 'agrsmsvc.exe' - '16' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '62' Module(s) have been scanned
Scan process 'spoolsv.exe' - '86' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '151' Module(s) have been scanned
Scan process 'svchost.exe' - '114' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'BaiduProtect.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '5952' files ).


Starting the file scan:

Begin scan in 'C:\'
[0] Archive type: Runtime Packed
C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe
[1] Archive type: Runtime Packed
C:\Qoobox\Quarantine\C\Windows\setup.exe.vir
[2] Archive type: Inno Setup
{app}\Bind.exe
[DETECTION] Is the TR/Kryptik.loina.37 Trojan
[WARNING] Infected files in archives cannot be repaired
C:\Qoobox\Quarantine\C\Windows\setup.exe.vir
[DETECTION] Is the TR/Kryptik.loina.37 Trojan
Begin scan in 'D:\'
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\32 Bit.tgz
[2] Archive type: GZ
32 Bit.tar
[3] Archive type: TAR (tape archiver)
32 Bit/~Get Your Software Here/Keygen/keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] Infected files in archives cannot be repaired
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\32 Bit.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\64 Bit.tgz
[2] Archive type: GZ
64 Bit.tar
[3] Archive type: TAR (tape archiver)
64 Bit/~Get Your Software Here/Keygen/keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] Infected files in archives cannot be repaired
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\64 Bit.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\Keygen Only.tgz
[2] Archive type: GZ
Keygen Only.tar
[3] Archive type: TAR (tape archiver)
Keygen Only/~Get Your Software Here/keygen.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] Infected files in archives cannot be repaired
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\Keygen Only.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
The directory 'D:\Alice calculator aggiornato e tools\' was excluded from scanning!

Beginning disinfection:
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\Keygen Only.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '50470a8b.qua'!
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\64 Bit.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '487b2524.qua'!
D:\Adobe Photoshop Lightroom v5.3 Multilingual (32 bit + 64 bit) + Keygen\32 Bit.tgz
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1a247f77.qua'!
C:\Qoobox\Quarantine\C\Windows\setup.exe.vir
[DETECTION] Is the TR/Kryptik.loina.37 Trojan
[NOTE] The file was moved to the quarantine directory under the name '7ca7336d.qua'!


End of the scan: mercoledì 17 settembre 2014 17:15
Used time: 5:02:16 Hour(s)

The scan has been done completely.

50987 Scanned directories
904166 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
904158 Files not concerned
7699 Archives were scanned
4 Warnings
4 Notes
1109551 Objects were scanned with rootkit scan
0 Hidden objects were found

Mentre questo è di Hijack This

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17.24.08, on 17/09/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16575)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Program Files\ASUS\EZVCR\ASUS_IRAppl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\EZVCR\Agent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HSPA USB MODEM\ModemListener.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\T3O\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\T3O\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\T3O\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zagugli.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.2\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [C:\Windows\system32\V0230Ext.ax] C:\Windows\system32\RegSvr32.exe /s C:\Windows\system32\V0230Ext.ax
O4 - HKLM\..\Run: [ModemListener] C:\Program Files\HSPA USB MODEM\ModemListener.exe start
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\T3O\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-2879660449-3680605411-3994284484-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '?')
O4 - HKUS\S-1-5-21-2879660449-3680605411-3994284484-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Spotify Web Helper] "C:\Users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" (User '?')
O4 - HKUS\S-1-5-21-2879660449-3680605411-3994284484-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Akamai NetSession Interface] "C:\Users\T3O\AppData\Local\Akamai\netsession_win.exe" (User '?')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
O23 - Service: BDSGRTP Service (BDSGRTP) - ????????(??)???? - C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
O23 - Service: EZSERVICE - Unknown owner - C:\Program Files\ASUS\EZVCR\EZSERVICE.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: O&O Defrag Agent (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - Unknown owner - C:\Program Files\TunnelBear\TBear.Maintenance.exe
O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 9582 bytes

[lorenaino]

Ciao, il mio consiglio è di chiedere aiuto o su Turbolab (dove si sono "trasferiti" gli esperti di sicurezza ) o su Olimpo Informatico, ache li molto bravi nel risolvere problemi come il tuo.


Turbolab: https://turbolab.it/forum/ucp.php?mode=register

Olimpo Informatico: http://forum.zeusnews.com/viewforum.php?f=32

[Skymon.mars]

Ti ringrazio molto per la tua risposta.. non sapevo che gli esperti di sicurezza di MegaLab non fossero piu presenti.
Infatti ero abituato a ricevere aiuto, mentre questa volta ho dovuto fare da solo e spero di aver fatto bene.
Grazie ancora.