www.MegaLab.it

da **mitrandir** » lun gen 14, 2013 2:37 pm

Salve! Sono circa tre giorni che mi avviene un fenomeno anomalo. Su qualsiasi browser(io ho mozilla,google chrome ed opera)se digito nel motore di ricerca una parola, mi appare come sempre la pagina con l'elenco dei siti; ma se clicco su uno di essi il motore mi rimanda ad altri siti che non c'entrano nulla con quello che avevo cliccato.Se non mi sono spiegato evolete altri dettagli, chiedete pure.Ho fatto un analisi con Spyboot ed ho ripulito un po' ma il fenomeno si ripete.Grazie.

da **farbix89** » lun gen 14, 2013 2:55 pm

che DNS usi? Alcuni reindirizzano le ricerche, come per esempio OpenDNS

da **mitrandir** » lun gen 14, 2013 3:10 pm

Io non ho cambiato DNS.Comunque per vederlo deveo entrare nel router?

da **crazy.cat** » lun gen 14, 2013 4:10 pm

Fai una scansione con hijackthis e pubblica il suo log.

da **mitrandir** » lun gen 14, 2013 5:08 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:09, on 14/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: BitAccelerator - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\BitAccelerator\BitAccelerator.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: foto.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll c:\progra~2\bandoo\bndhook.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11867 bytes

da **tecnico24** » lun gen 14, 2013 6:48 pm

Forse si tratta del rootkit Alureon.
Scarica sul desktop TDSS Killer:
http://support.kaspersky.com/downloads/ ... killer.exe
clicca sul pulsante Start Scan
Aspetta la scansione :
se viene rilevato un file sospetto , clicca Skip e poi continua
se invece viene rilevato un file infetto , clicca Cure e poi continua
posta il log.

Se non si avvia , il rootkit ha infettato il VBR.
seguiranno istruzioni.

da **crazy.cat** » lun gen 14, 2013 7:38 pm

Nel log di hijackthis si vedono varie schifezzuole, consiglio scansione completa con malwarebytes aggiornato e rimuovi quello che trova, poi riposta un log di hijackthis e vediamo cosa è rimasto.

da **mitrandir** » lun gen 14, 2013 8:32 pm

grazie dei consigli.Ora li metto in atto e poi vi posto i risultati.

da **mitrandir** » lun gen 14, 2013 10:07 pm

scansione con malware e poi risultato con hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:07:07, on 14/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId= ... nkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: BitAccelerator - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\BitAccelerator\BitAccelerator.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Dropbox.lnk = Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: foto.exe
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll c:\progra~2\bandoo\bndhook.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12172 bytes

EDIT by Andy94: per allegare il LOG bisogna usare il tag MEMO come da regolamento di sezione. [grazie]

da **mitrandir** » lun gen 14, 2013 10:11 pm

la scansione con TSSD da tutti ok, dopo malwarebytes

da **crazy.cat** » mar gen 15, 2013 10:53 am

Con hijackthis seleziona le caselle di queste righe e premi fix checked per eliminarle, magari prima vedi se tra gli applicativi installati trovi delle toolbar e rimuovile.
R3 - URLSearchHook: (no name) - {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - (no file)
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: UrlHelper Class - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
O3 - Toolbar: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll c:\progra~2\bandoo\bndhook.dll

Conosci questo programma?
O4 - Startup: foto.exe

da **mitrandir** » mar gen 15, 2013 2:52 pm

Per quanto riguara il file 02 BHO PowerOffer, mi appare una foinestra con questa scritta e nn me lo fa togliere.
https://picasaweb.google.com/lh/photo/V ... directlink

da **mitrandir** » mar gen 15, 2013 6:22 pm

Vi riporto il rapporto eseguito con Combifix.

ComboFix 13-01-15.02 - Andrea 15/01/2013 14:56:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4094.2052 [GMT 1:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\OfferBox
c:\program files (x86)\Tor\tor.exe
c:\programdata\ntuser.dat
c:\users\Andrea\AppData\Local\Temp\SASE744.tmp
c:\users\Andrea\AppData\Roaming\cacaoweb
c:\users\Andrea\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\Andrea\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0036D75BFEC8113FD53E22C3A10702AA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating01F08F4D876021AD99746C56B0CADD95.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating024EC902BABED5FD436B39DF82BD8640.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0A77F2719AC9F38E24FC7C0E662D1C9F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0AF6C8BB846532A6B980306C73F8FFC8.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0E7E8C2F2638B5B308536FF7196AF82B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1A4116EAFA875F9E3894174FAA2F8418.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1AEC305E40707907460EBBAB37729A6F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1E43CA7CD459A16C1E6E3EA6242F1B9E.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating23CEB95AD004C896811D1450E1395768.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating268027D236812F57B009342EF50DC652.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating28D5C3D5F918A07B0793293F0B7F3B89.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating29834048F7C21C8B866EE02B692DD685.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating2D575B7D790D9BACB044B552F23C193A.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating3669561B8ACBC3C6EB1B3D32F600EA66.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating37BD784C8DED7DD86E886B23BC06533B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating393D25BBF497B8E99AF7CEEDEE5787E5.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating4ACFD27B790A3D7AAE2DD5952E6D1957.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating50D63F991AC0779372DC5C70845162AA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating50E7BDD482EA2B815C753E3CC029C360.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5525E9576F221B9BCE265CED316E6ECA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating56C5C9A53639CEBE3C759E1B8CE72B03.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5B07D65C14C18656E2DF1A31E8D49316.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5BFEC80921EA9F53F4FCB10489D69DF5.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating6EB6FB192C1F06D2B1A783BA5FB90A37.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating723CAB60E79C6B6C75A0B1CCE8DD5602.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating73CFA045C8D769FF88E3C98764F056A1.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating79A7675438FFF95B32FFBC29F58A2E6C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating79D89BECC397AB73ADEF5B25897F3B49.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating81ED81E4465F92B32E0F64F06752DEFA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8A466F8B1955C27315CB5BBF16B78724.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8B80C7FEF36BBE74BFFF23E439654A01.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8DF25129D2B152CEFF1B257CB3FE83CC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating916B786EBE603353A98876727ED9C8A7.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating9321916BB1C2E3B1355B3ADD8758A00D.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingA32C744892789D2DFA0CB2D5EAED160A.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingA6536F19C9B282A933052E5662DD69AB.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingB2DAD0C95277C432176D859FC36E1CE9.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingB8C154C252E5FAF60D96CA8E047CEC70.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingC37CBE1160FBA849F75467A8AA28822B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingC6661D4B062D01640201290ECF0F3194.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingD024A28D19C449917B2B2927B6D6204C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingD0E935CFEE6DDA57562CBEE4786714F4.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingDFB7C58130C34E547C7A83471D2DE15F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE023E0782FF9862C0D694C23A0C873DD.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE63C0655D4AD268C6A77BCC6E4D4DFAC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingED82881908EA281E90DB3BAC6C1686CD.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingEF683DF2EA090D34635024EBC1264C8C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF0A58C919EBADB4770328450E5AAEEA9.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFBB11EF692C045803DBB295D911A9CB8.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFF0D013FE5D2BA9F4E53A982F67AB342.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFF33E8D1EE439E1AF1DB2BDBC7A3F1FC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\storage.db
c:\users\Andrea\AppData\Roaming\OfferBox
c:\users\Andrea\AppData\Roaming\OfferBox\config.xml
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_tor
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-15 al 2013-01-15 )))))))))))))))))))))))))))))))))))
.
.
2013-01-15 14:13 . 2013-01-15 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\programdata\Malwarebytes
2013-01-14 19:37 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\users\Andrea\AppData\Local\Programs
2013-01-14 15:39 . 2013-01-14 15:39 388096 ----a-r- c:\users\Andrea\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-14 15:39 . 2013-01-14 15:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-13 13:27 . 2012-12-13 10:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-01-13 11:20 . 2013-01-13 11:20 -------- d-----w- c:\users\Andrea\AppData\Roaming\SUPERAntiSpyware.com
2013-01-13 09:02 . 2013-01-13 09:02 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-01-13 00:24 . 2013-01-13 08:58 -------- d-----w- c:\programdata\SecTaskMan
2013-01-12 16:05 . 2013-01-12 16:05 126976 --sha-r- c:\windows\SysWow64\schedclip.dll
2013-01-12 15:39 . 2013-01-12 15:39 -------- d-----w- c:\users\Andrea\AppData\Roaming\desksware
2013-01-09 12:53 . 2013-01-09 21:43 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 13:50 . 2012-03-31 17:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 13:50 . 2011-05-19 16:50 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 07:20 . 2011-01-15 16:39 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:24 . 2012-12-06 06:19 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62B768F3-CEFE-4A69-A35F-0244795347F1}\mpengine.dll
2012-10-30 22:50 . 2012-01-31 02:29 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-18 18:25 . 2012-11-14 07:16 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 08:52 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:50]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 11:25]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 11:25]
.
2013-01-15 c:\windows\Tasks\IVYHTNJ.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\
FF - prefs.js: browser.startup.homepage - http://www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - ExtSQL: 2012-11-24 19:45; {5ddeb737-082c-48fb-8c06-aa4b38d61e5f}; c:\program files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
FF - ExtSQL: 2013-01-13 14:27; donottrack@checkpoint.com; c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\extensions\donottrack@checkpoint.com
FF - ExtSQL: 2013-01-13 14:27; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-13 21:06; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_de ... 020069a&q=
FF - user.js: extensions.BabylonToolbar.id - 5e931fa900000000000020cf3020069a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15668
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src= ... &Lan=it&q={searchTerms}&gu=e27bd25cb76d43058cb6c6432967c3d7&tu=10G9000665B000c&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbi ... sId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src= ... e2013&Lan={dfltLng}&gu=e27bd25cb76d43058cb6c6432967c3d7&tu=10G9000665B000c&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 5e931fa900000000000020cf3020069a
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15718
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1614:24
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116378072107920-1001
FF - user.js: extensions.zonealarm.dfltLng - it
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{CAC42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files (x86)\BitAccelerator\BitAccelerator.dll
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Toolbar-10 - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
AddRemove-ZoneAlarm Free Antivirus + Firewall - c:\program files (x86)\CheckPoint\Install\Install.exe
AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Ora fine scansione: 2013-01-15 15:40:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-01-15 14:40
.
Pre-Run: 857.651.056.640 byte disponibili
Post-Run: 857.621.401.600 byte disponibili
.
- - End Of File - - 321154FCB5AF55C4F73BF5565EB43582

da **mitrandir** » mar gen 15, 2013 6:28 pm

Non mi si aprono i "Mostra" Voi li leggete?

da GERONIMO* » mar gen 15, 2013 6:39 pm

fai uno scan con AdwCleaner
http://www.bleepingcomputer.com/downloa ... er/dl/125/

clicca su Search
attendi lo scan
poi clicchi su Delete
Riavvia il pc quando te lo chiede

da **mitrandir** » mar gen 15, 2013 7:00 pm

Fatto la scansione e l'eliminazione.Posto il rapporto:

# AdwCleaner v2.105 - Logfile creato il 15/01/2013 alle 18:51:50
# Aggiornamento 08/01/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Andrea - ANDREA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Andrea\Downloads\AdwCleaner.exe
# Opzioni [Cerca]

***** [Servizi] *****

***** [File / Cartelle] *****

Cartella Trovato : C:\Program Files (x86)\Bandoo
Cartella Trovato : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Cartella Trovato : C:\ProgramData\Bandoo
Cartella Trovato : C:\ProgramData\boost_interprocess
Cartella Trovato : C:\Users\Andrea\AppData\Local\Ilivid Player
Cartella Trovato : C:\Users\Andrea\AppData\LocalLow\BabylonToolbar
Cartella Trovato : C:\Users\Andrea\AppData\LocalLow\Conduit
Cartella Trovato : C:\Users\Andrea\AppData\LocalLow\PriceGong
Cartella Trovato : C:\Users\Andrea\AppData\LocalLow\searchquband
Cartella Trovato : C:\Users\Andrea\AppData\LocalLow\uTorrentBar_IT
Cartella Trovato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\extensions\cacaoweb@cacaoweb.org
Cartella Trovato : C:\Users\Andrea\AppData\Roaming\yourfiledownloader
Cartella Trovato : C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
File Trovato : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Trovato : C:\user.js
File Trovato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\extensions\pricepeep@getpricepeep.com.xpi
File Trovato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\searchplugins\Search_Results.xml
File Trovato : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\searchplugins\zonealarm.xml
File Trovato : C:\Windows\SysWOW64\bandoolmx.dll
File Trovato : C:\Windows\SysWOW64\conduitEngine.tmp

***** [Registro] *****

Chiave Trovata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Trovata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Trovata : HKCU\Software\AppDataLow\Software\Crossrider
Chiave Trovata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Trovata : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Trovata : HKCU\Software\AppDataLow\Software\ShopperReports3
Chiave Trovata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Trovata : HKCU\Software\AppDataLow\Software\uTorrentBar_IT
Chiave Trovata : HKCU\Software\AppDataLow\Toolbar
Chiave Trovata : HKCU\Software\cacaoweb
Chiave Trovata : HKCU\Software\InstallCore
Chiave Trovata : HKCU\Software\Microsoft\Babylon
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Chiave Trovata : HKLM\SOFTWARE\Classes\b
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\Software\Conduit
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Chiave Trovata : HKLM\Software\uTorrentBar_IT
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5822F1EB-DD4C-4B5F-A137-BD9AA602F214}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1BD6B6D-9AD7-4510-B7FF-6C32BFD9CED6}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Trovata : HKU\S-1-5-21-693151470-3803375822-4199782297-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKU\S-1-5-21-693151470-3803375822-4199782297-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Valore Trovata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1}]
Valore Trovata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registro Pulito.

-\\ Mozilla Firefox v17.0.1 (it)

File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\prefs.js

Trovata : user_pref("extensions.BabylonToolbar.admin", false);
Trovata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Trovata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Trovata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Trovata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Trovata : user_pref("extensions.BabylonToolbar.id", "5e931fa900000000000020cf3020069a");
Trovata : user_pref("extensions.BabylonToolbar.instlDay", "15668");
Trovata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Trovata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Trovata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Trovata : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Trovata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Trovata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Trovata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Trovata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Trovata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:10:26");
Trovata : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

-\\ Opera v12.12.1707.0

File : C:\Users\Andrea\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [11073 octets] - [15/01/2013 18:51:50]

########## EOF - C:\AdwCleaner[R1].txt - [11134 octets] ##########

da GERONIMO* » mar gen 15, 2013 8:04 pm

ok
ha rimosso un bel po' di schifezze
hai risolto? oppure no?

da **mitrandir** » mar gen 15, 2013 10:43 pm

Purtroppo no.

da **mitrandir** » mar gen 15, 2013 11:35 pm

Rapporto OTL.

OTL logfile created on: 15/01/2013 23:25:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Downloads\Sicurezza
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,91% Memory free
7,99 Gb Paging File | 6,26 Gb Available in Paging File | 78,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 808,42 Gb Free Space | 86,80% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 176,77 Gb Free Space | 18,98% Space Free | Partition Type: NTFS

Computer Name: ANDREA-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andrea\Downloads\Sicurezza\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL ()
MOD - C:\Windows\SysWOW64\sqlite3.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (IswSvc) -- C:\Programmi\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ISWKL) -- C:\Programmi\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (eusk2par) -- C:\Windows\SysWOW64\drivers\eusk2par.sys (EUTRON)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 0A 3C EE CA B4 CB 01 [binary data]
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_it
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\..\SearchScopes\{AD22F1D6-20B6-4DFE-BBAF-4209FCEBCBDB}: "URL" = http://search.zonealarm.com/search?src= ... &Lan=it&q={searchTerms}&gu=e27bd25cb76d43058cb6c6432967c3d7&tu=10G9000665B000c&sku=&tstsId=&ver=&&r=685
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledAddons: rpnetdownloadhelper%40gmail.com:3.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: donottrack%40checkpoint.com:2.2.5.1213
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.25
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/01/13 14:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/01/13 14:27:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/13 14:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 13:53:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 13:53:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/11/25 12:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions
[2011/01/19 18:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/01/15 18:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\70m1lu9u.default\extensions
[2013/01/11 08:18:44 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\70m1lu9u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/01/15 15:12:32 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\70m1lu9u.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/01/13 14:27:19 | 000,000,000 | ---D | M] (ZoneAlarm Do Not Track) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\70m1lu9u.default\extensions\donottrack@checkpoint.com
[2012/11/20 01:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-693151470-3803375822-4199782297-1000\FireFox\extensions
[2013/01/13 20:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-693151470-3803375822-4199782297-1000\FireFox\extensions\staged
[2012/11/13 07:29:29 | 000,005,903 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\70m1lu9u.default\extensions\rpnetdownloadhelper@gmail.com.xpi
[2013/01/13 14:24:14 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\mozilla\firefox\profiles\70m1lu9u.default\extensions\donottrack@checkpoint.com\chrome\content\ff\view_expiry.js
[2013/01/15 18:54:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/01/10 20:34:26 | 000,000,000 | ---D | M] ("BitAccelerator") -- C:\Program Files (x86)\mozilla firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
[2013/01/13 20:47:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 12:46:58 | 000,001,606 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-it.xml
[2012/11/29 12:46:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 12:46:58 | 000,000,957 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml
[2012/11/29 12:46:58 | 000,001,030 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml
[2012/11/29 12:46:59 | 000,001,395 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/11/29 12:46:59 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

========== Chrome ==========

CHR - homepage: https://www.google.it/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: https://www.google.it/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: PowerOffer (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahljkfjmfmncehepcbmjfgdjnlfajeig\1.0_0\npPowerOffer.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Skype Click to Call = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\

O1 HOSTS File: ([2013/01/15 15:20:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PowerOffer) - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BitAcceleratorBHO Class) - {CAC42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\BitAccelerator\BitAccelerator.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-693151470-3803375822-4199782297-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CDDF822-63F5-4AB5-97A9-257BFB393051}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 60 Days ==========

[2013/01/15 18:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/01/15 15:20:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/15 14:55:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/14 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Malwarebytes
[2013/01/14 20:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/14 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Programs
[2013/01/14 16:39:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/01/14 16:39:56 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/01/13 14:38:39 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\ForceField Shared Files
[2013/01/13 14:27:32 | 000,450,136 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2013/01/13 14:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013/01/13 12:20:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/13 10:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013/01/13 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/01/13 01:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/01/12 16:39:20 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\desksware
[2013/01/10 20:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/09 13:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/01/04 18:55:49 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\Materiale per bambini
[2012/12/26 09:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/11/26 22:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor
[2012/11/24 19:45:39 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\Downloads
[2012/11/20 01:54:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2013/01/15 23:24:55 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2013/01/15 23:24:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 23:14:49 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 23:14:45 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\IVYHTNJ.job
[2013/01/15 23:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/15 23:14:36 | 3219,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 23:13:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 23:13:35 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 22:50:03 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 15:20:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/14 16:39:56 | 000,002,981 | ---- | M] () -- C:\Users\Andrea\Desktop\HiJackThis.lnk
[2013/01/13 14:27:30 | 000,417,406 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/01/13 12:17:28 | 002,405,886 | ---- | M] () -- C:\Users\Andrea\Desktop\INTERACT_PLUS_ITA_manual.pdf
[2013/01/13 01:00:28 | 000,445,095 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\#hosts
[2013/01/12 17:05:31 | 000,126,976 | RHS- | M] () -- C:\Windows\SysWow64\schedclip.dll
[2013/01/10 08:01:06 | 000,731,930 | ---- | M] () -- C:\Users\Andrea\Desktop\k180014700a - issimo pure 9-11.pdf
[2013/01/09 14:50:44 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 14:50:44 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/03 11:59:50 | 001,565,668 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/03 11:59:50 | 000,706,880 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/01/03 11:59:50 | 000,624,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/03 11:59:50 | 000,131,170 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/01/03 11:59:50 | 000,109,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/24 16:11:49 | 000,001,051 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysNative\drivers\vsdatant.sys
[2012/11/25 12:50:08 | 000,444,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130113-010028.backup
[2012/11/25 12:19:43 | 000,444,883 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121125-125008.backup
[2 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/14 16:39:56 | 000,002,981 | ---- | C] () -- C:\Users\Andrea\Desktop\HiJackThis.lnk
[2013/01/13 14:27:30 | 000,417,406 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013/01/13 12:17:28 | 002,405,886 | ---- | C] () -- C:\Users\Andrea\Desktop\INTERACT_PLUS_ITA_manual.pdf
[2013/01/12 17:05:31 | 000,126,976 | RHS- | C] () -- C:\Windows\SysWow64\schedclip.dll
[2013/01/12 17:05:31 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\IVYHTNJ.job
[2013/01/10 08:01:06 | 000,731,930 | ---- | C] () -- C:\Users\Andrea\Desktop\k180014700a - issimo pure 9-11.pdf
[2011/06/17 06:33:25 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2011/06/17 06:33:25 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2011/06/17 06:33:25 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2011/02/18 17:37:43 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/02/18 17:37:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/02/08 19:36:03 | 001,593,188 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/06 21:14:59 | 000,071,680 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

da **crazy.cat** » mer gen 16, 2013 5:14 am

Visto la quantità industriale di schifezzuole che avevi installato, sarà meglio che impari a leggere cosa ti viene aggiunto quando installi programmi presunti gratuiti, ma che ti aggiungono toolbar e altre porcherie varie.
Sono da rifiutare.

Passiamo alle armi pesanti e vediamo se esce fuori qualcosa
http://www.MegaLab.it/7628/kaspersky-re ... -su-cd-rom

www.MegaLab.it

Rinvio a siti non richiesti

Rinvio a siti non richiesti

Re: R: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Re: Rinvio a siti non richiesti

Chi c’è in linea