Oggi pomeriggio volevo informarmi meglio sulla sicurezza wireless, attacco e protezione reti wirelss.. quando incontro un programma russo e volevo saperne di piu comprando la versione pro.. morale della storia credo di essermi preso un bel virus infatti il computer non si avviava piu, ma si riavviava ogni volta subito dopo linserimento della password..
Allego il log di combo fix.. cosa ne dite del log?
Grazie MegaLab.
Uso un portatile samsung r60 plus, windows vista.
ComboFix 14-09-16.01 - T3O 16/09/2014 21.10.27.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.2549 [GMT 2:00]
Eseguito da: c:\users\T3O\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchProtect
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\NoteTecniche.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
c:\program files\WinRAR\SorgUnRAR.Txt
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\2
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\3
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\background.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\crossriderManifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\manifest.xml
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\17_jQuery.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\182_openUrl.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\183_tabsWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\22_resources.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\47_resources_background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\5_notifications.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\64_appApiMessage.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\7_hooks.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\72_appApiValidation.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\9_search_engine_hook.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\extension.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\actions\1.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon128.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon16.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon48.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\chrome.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\cookie.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\message.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageAction.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageActionBG.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\bg_app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\consts.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\cookie_store.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\delegate.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\events.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\extensionDataStore.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\installer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logFile.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logging.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\onBGDocumentLoad.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\newPopup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\popup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\reports.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\storageWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\updateManager.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\util.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\xhr.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\main.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\manifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\popup.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\version.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\setup.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-16 al 2014-09-16 )))))))))))))))))))))))))))))))))))
.
.
2014-09-16 19:27 . 2014-09-16 19:32 -------- d-----w- c:\users\T3O\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-16 15:30 . 2014-09-16 15:30 -------- d-----w- c:\program files\Common Files\Skype
2014-09-16 15:25 . 2014-09-11 11:16 92488 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-09-16 15:25 . 2014-09-11 11:16 73032 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-09-16 14:55 . 2014-09-11 11:16 54088 ----a-w- c:\windows\system32\drivers\BDSafeBrowser.sys
2014-09-16 14:54 . 2014-09-11 11:16 182088 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-09-16 14:52 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3560DF4-B2B9-4683-913A-CDFEECB3DEA2}\mpengine.dll
2014-09-16 14:43 . 2014-09-11 11:16 189128 ----a-w- c:\windows\system32\drivers\BDMWrench.sys
2014-09-16 14:42 . 2014-09-16 14:43 -------- d-----w- c:\users\T3O\AppData\Roaming\Baidu
2014-09-16 14:41 . 2014-09-16 14:54 -------- d-----w- c:\program files\Common Files\Baidu
2014-09-16 14:41 . 2014-09-16 14:55 -------- d-----w- c:\programdata\baidu
2014-09-16 14:41 . 2014-09-16 14:41 -------- d-----w- c:\program files\Baidu
2014-09-16 14:34 . 2014-09-16 15:47 -------- d-----w- c:\program files\test
2014-09-01 17:59 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-01 17:59 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 15:23 . 2014-07-13 19:12 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 21:50 . 2012-10-05 14:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-14 21:50 . 2012-01-30 14:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2009-10-02 16:11 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-16 09:45 . 2012-11-06 11:28 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-16 09:45 . 2012-11-06 11:28 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-16 09:45 . 2012-11-06 11:28 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-08 00:46 . 2014-08-16 10:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-06-26 22:17 . 2014-08-16 11:03 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-06-26 22:17 . 2014-08-16 11:03 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-26 22:17 . 2014-08-16 11:03 619664 ----a-w- c:\windows\system32\icardagt.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify Web Helper"="c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-10 1245752]
"Akamai NetSession Interface"="c:\users\T3O\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0230Ext.ax"="c:\windows\system32\V0230Ext.ax" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-16 751184]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-01 17:36 133104 ----atw- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-04-19 15:12 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-09-10 22:09 6621752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-09-10 22:09 1245752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
2006-09-06 23:01 32768 ----a-w- c:\windows\V0230Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 21:50]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
2014-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://zagugli.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.184.124.1
FF - ProfilePath - c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-08-08 03:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HW_OPENEYE_OUC_Chiavetta Internet Tre - c:\program files\Chiavetta Internet Tre.it\UpdateDog\ouc.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
scansione processi nascosti ...
.
c:\windows\System32\SearchFilterHost.exe [3424] 0x854274E8
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2879660449-3680605411-3994284484-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4466814C-905A-FF42-56EA-F30D82BD1253}*]
"naadbihniadognahhfjcjbkbnnml"=hex:69,61,69,69,63,67,6d,6a,6b,62,67,61,6a,6f,
62,70,6c,70,00,77
"oakddfhiblaifhcckceeibmblmmgmb"=hex:6a,61,67,64,6c,61,61,64,6f,67,6c,63,6e,69,
6f,61,6a,68,6f,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4844)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\ASUS\EZVCR\EZSERVICE.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\windows\system32\vssvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2014-09-16 21:43:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-09-16 19:41
ComboFix2.txt 2012-10-01 14:33
.
Pre-Run: 6.712.573.952 byte disponibili
Post-Run: 2.925.797.376 byte disponibili
.
- - End Of File - - A506964205B25063CB2E7DE4F3C75494
61A349592C4728853F4A90FF78F7628E
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.2549 [GMT 2:00]
Eseguito da: c:\users\T3O\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchProtect
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\NoteTecniche.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
c:\program files\WinRAR\SorgUnRAR.Txt
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\2
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0\3
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\background.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\crossriderManifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\manifest.xml
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\1_base.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\17_jQuery.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\182_openUrl.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\183_tabsWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\21_debug.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\22_resources.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\28_initializer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\47_resources_background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\5_notifications.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\64_appApiMessage.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\7_hooks.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\72_appApiValidation.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\9_search_engine_hook.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\extensionData\userCode\extension.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\actions\1.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon128.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon16.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\icons\icon48.png
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\chrome.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\cookie.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\message.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageAction.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\api\pageActionBG.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\background.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\bg_app_api.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\consts.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\cookie_store.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\crossriderAPI.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\delegate.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\events.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\extensionDataStore.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\installer.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logFile.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\logging.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\onBGDocumentLoad.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\newPopup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\popupResource\popup.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\reports.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\storageWrapper.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\updateManager.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\util.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\lib\xhr.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\js\main.js
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\manifest.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\popup.html
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.26.70_0\version.json
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_llmfehnfojojfamjjijjciopbjimcffa_0.localstorage
c:\users\T3O\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\setup.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-16 al 2014-09-16 )))))))))))))))))))))))))))))))))))
.
.
2014-09-16 19:27 . 2014-09-16 19:32 -------- d-----w- c:\users\T3O\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-09-16 19:27 . 2014-09-16 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-16 15:30 . 2014-09-16 15:30 -------- d-----w- c:\program files\Common Files\Skype
2014-09-16 15:25 . 2014-09-11 11:16 92488 ----a-w- c:\windows\system32\drivers\BDArKit.sys
2014-09-16 15:25 . 2014-09-11 11:16 73032 ----a-w- c:\windows\system32\drivers\bd0001.sys
2014-09-16 14:55 . 2014-09-11 11:16 54088 ----a-w- c:\windows\system32\drivers\BDSafeBrowser.sys
2014-09-16 14:54 . 2014-09-11 11:16 182088 ----a-w- c:\windows\system32\drivers\bd0004.sys
2014-09-16 14:52 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B3560DF4-B2B9-4683-913A-CDFEECB3DEA2}\mpengine.dll
2014-09-16 14:43 . 2014-09-11 11:16 189128 ----a-w- c:\windows\system32\drivers\BDMWrench.sys
2014-09-16 14:42 . 2014-09-16 14:43 -------- d-----w- c:\users\T3O\AppData\Roaming\Baidu
2014-09-16 14:41 . 2014-09-16 14:54 -------- d-----w- c:\program files\Common Files\Baidu
2014-09-16 14:41 . 2014-09-16 14:55 -------- d-----w- c:\programdata\baidu
2014-09-16 14:41 . 2014-09-16 14:41 -------- d-----w- c:\program files\Baidu
2014-09-16 14:34 . 2014-09-16 15:47 -------- d-----w- c:\program files\test
2014-09-01 17:59 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-01 17:59 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 15:23 . 2014-07-13 19:12 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 21:50 . 2012-10-05 14:33 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-14 21:50 . 2012-01-30 14:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2009-10-02 16:11 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-08-16 09:45 . 2012-11-06 11:28 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-08-16 09:45 . 2012-11-06 11:28 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-08-16 09:45 . 2012-11-06 11:28 97648 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-08 00:46 . 2014-08-16 10:13 2048 ----a-w- c:\windows\system32\tzres.dll
2014-06-26 22:17 . 2014-08-16 11:03 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-06-26 22:17 . 2014-08-16 11:03 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-26 22:17 . 2014-08-16 11:03 619664 ----a-w- c:\windows\system32\icardagt.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Spotify Web Helper"="c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-10 1245752]
"Akamai NetSession Interface"="c:\users\T3O\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0230Ext.ax"="c:\windows\system32\V0230Ext.ax" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2007-03-29 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-08-16 751184]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ModemListener"="c:\program files\HSPA USB MODEM\ModemListener.exe" [2012-12-10 110248]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
2013-01-30 03:34 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2013-02-13 02:37 1263952 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2006-10-12 14:57 102400 ------w- c:\program files\epson\Creativity Suite\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-10-01 17:36 133104 ----atw- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-08 13:17 52256 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-04-19 15:12 408576 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 13:26 68640 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-09-10 22:09 6621752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-09-10 22:09 1245752 ----a-w- c:\users\T3O\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 07:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0230Mon.exe]
2006-09-06 23:01 32768 ----a-w- c:\windows\V0230Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-05 21:50]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-12 13:18]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003Core.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
2014-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2879660449-3680605411-3994284484-1003UA.job
- c:\users\T3O\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-01 17:36]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://zagugli.com
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.184.124.1
FF - ProfilePath - c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - ExtSQL: 2049-12-31 15:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\T3O\AppData\Roaming\Mozilla\Firefox\Profiles\4c9zli6h.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-08-08 03:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HW_OPENEYE_OUC_Chiavetta Internet Tre - c:\program files\Chiavetta Internet Tre.it\UpdateDog\ouc.exe
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
MSConfigStartUp-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
.
.
**************************************************************************
scansione processi nascosti ...
.
c:\windows\System32\SearchFilterHost.exe [3424] 0x854274E8
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2879660449-3680605411-3994284484-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4466814C-905A-FF42-56EA-F30D82BD1253}*]
"naadbihniadognahhfjcjbkbnnml"=hex:69,61,69,69,63,67,6d,6a,6b,62,67,61,6a,6f,
62,70,6c,70,00,77
"oakddfhiblaifhcckceeibmblmmgmb"=hex:6a,61,67,64,6c,61,61,64,6f,67,6c,63,6e,69,
6f,61,6a,68,6f,6c,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(4844)
c:\windows\system32\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.443\BaiduProtect.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Common Files\DeviceHelper\DeviceManager.exe
c:\program files\ASUS\EZVCR\EZSERVICE.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\ASUS\EZVCR\Agent.exe
c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\program files\Avira\AntiVir Desktop\avscan.exe
c:\windows\system32\vssvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2014-09-16 21:43:24 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-09-16 19:41
ComboFix2.txt 2012-10-01 14:33
.
Pre-Run: 6.712.573.952 byte disponibili
Post-Run: 2.925.797.376 byte disponibili
.
- - End Of File - - A506964205B25063CB2E7DE4F3C75494
61A349592C4728853F4A90FF78F7628E