Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

pubblicità invasiva

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

pubblicità invasiva

Messaggioda xalx67 » lun ago 24, 2009 11:11 pm

Windows vista home premium. Avira antivir personal free.
Si aprono spesso pagine pubblicitarie di vario tipo. Avira non segnala nulla. Ho provato con una scansione online con kaspersky ed ho eliminato i seguenti file:
C:\Program Files\Hotbar\bin\10.2.236.0\firefox\extensions\plugins\npclntax_HotbarSA.dll
C:\Program Files\Hotbar\bin\10.2.236.0\Wallpaper.dll
C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
Lasciando i seguenti:
C:\Program Files\Microsoft LifeCam\Driver32\VX6000\VX6000Xp.sys
C:\Windows\System32\DriverStore\FileRepository\vx6000.inf_eb0d6ed6\VX6000Xp.sys
Allego log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.49.38, on 24/08/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\vVX3000.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Andrea\AppData\Local\kgdavz.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [funkyemoticons] C:\Program Files\FunkyEmoticons\FunkyEmoticons.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [kgdavz] "c:\users\andrea\appdata\local\kgdavz.exe" kgdavz
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7229 bytes
in quanto ci sono elementi di cui non riesco a trovare informazioni chiare.
Altro problema riscontrato è il funzionamento parziale del ripristino configurazione di sistema, in quanto i punti di ripristino vengono creati solo quando si installano gli aggiornamenti. Crearne uno manuale restituisce questo messaggio: "impossibile creare l' attività pianificata per il motivo seguente: l' immagine dell' attività è danneggiata o è stata manomessa. (0x80041321)
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda Amantide » lun ago 24, 2009 11:32 pm

Per quanto riguarda la pubblicità, fai la scansione con Combofix, così ti eliminerà i file incriminati (scommeterei che i problemi hanno iniziato dopo aver installato FunkyEmoticons)
http://www.MegaLab.it/4612/favorit-netw ... i-gratuiti

Per il secondo problema invece dovresti aprire un argomento nuovo.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: pubblicità invasiva

Messaggioda crazy.cat » mar ago 25, 2009 6:51 am

Se ti sei installato anche Hotbar fai una scansione con malwarebytes o superantispyware, quello che hai tolto non basta ti installa un macello di schifezze.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Re: pubblicità invasiva

Messaggioda xalx67 » mar ago 25, 2009 9:01 am

Purtroppo non sò dirvi molto in quanto il pc non è mio.. di sicuro sò che aveva provato a scaricare un gioco con tanto di crack sù eMule. Seguirò i vostri consigli scaricando il necessario e poi vi farò sapere. Mi chiedo come mai Avira non segnalava nulla..
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda xalx67 » mar ago 25, 2009 11:09 am

Questo è il log di malwarebytes. Mi dite se ci sono falsi positivi prima di cancellare?

Malwarebytes' Anti-Malware 1.40
Versione del database: 2693
Windows 6.0.6000

25/08/2009 12.12.02
mbam-log-2009-08-25 (12-11-40).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 219965
Tempo trascorso: 53 minute(s), 36 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 2

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kgdavz (Trojan.Agent.H) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
c:\Users\Andrea\AppData\Local\kgdavz.exe (Trojan.Agent.H) -> No action taken.
C:\Windows\service.exe (Backdoor.Bot) -> No action taken.
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda Amantide » mar ago 25, 2009 11:23 am

Tutte le voci rilevate sono da rimuovere. Così dovrebbe sparire anche il problema delle pubblicità, anche se rimarranno ancora altri 3 file da eliminare, quindi la scansione con Combofix la farei lo stesso.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: pubblicità invasiva

Messaggioda xalx67 » mar ago 25, 2009 11:47 am

Ok.. procedo e appena posso torno qui
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda xalx67 » mar ago 25, 2009 8:39 pm

Posto il log di Combofix. Se per voi è tutto regolare fatemi sapere

ComboFix 09-08-24.06 - Andrea 25/08/2009 21.20.12.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.1790.1106 [GMT 2:00]
Eseguito da: D:\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-292214054-3889295820-745551110-500
c:\$recycle.bin\S-1-5-21-3450396369-1997837415-3888786090-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\program files\QUAD Utilities
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Andrea\AppData\Local\kgdavz.dat
c:\users\Andrea\AppData\Local\kgdavz_nav.dat
c:\users\Andrea\AppData\Local\kgdavz_navps.dat
c:\users\Andrea\ntuser.dat{22980dba-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{29118dd5-c529-11dd-a7f3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{5dabed32-a685-11dd-ac34-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{84ff134a-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{87039cf9-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{8ff21247-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{9a049f49-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{abb8e96f-e5ab-11dd-b07e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{acbd3e57-a1e8-11dd-a80e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{af49844a-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{b1a6b64a-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{df8f0bb2-7318-11de-b940-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{ef2ab3cb-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f49a0d86-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f90ba611-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{3c5da6ae-72ba-11dd-9db1-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{c1ad96bb-9165-11de-8c64-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{22980db8-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{84ff1348-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{87039cf7-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{8ff21245-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{9a049f42-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{af498448-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{b1a6b648-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{ef2ab3c9-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f49a0d84-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f90ba60f-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{22980db6-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{7737ab70-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{77e9a07c-3d7a-11de-96fa-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{84ff1346-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{87039cf5-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ff21243-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{9a049f40-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{a9d1a56b-ff28-11dd-baab-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{af498446-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1a6b646-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef2ab3c7-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{f90ba60d-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{d17a10b3-755e-11db-9150-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{7737ab74-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{7737ab72-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{53a0cdfb-85ed-11de-987c-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita

.
((((((((((((((((((((((((( Files Creati Da 2009-07-25 al 2009-08-25 )))))))))))))))))))))))))))))))))))
.

2009-08-25 19:26 . 2009-08-25 19:30 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2009-08-25 08:49 . 2009-08-25 08:49 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-25 08:49 . 2009-08-25 08:49 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2009-08-25 08:49 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-25 08:49 . 2009-08-25 10:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-25 08:49 . 2009-08-25 08:49 -------- d-----w- c:\programdata\Malwarebytes
2009-08-25 08:49 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-11 20:04 . 2009-08-11 20:04 -------- d-----w- c:\program files\ESET
2009-08-11 11:41 . 2009-08-11 11:41 -------- d-----w- c:\users\Andrea\AppData\Roaming\FunkyEmoticons
2009-08-11 11:40 . 2009-08-25 06:38 90 ----a-w- c:\users\Andrea\AppData\Local\gaslm.bat
2009-08-11 11:40 . 2009-08-17 12:46 -------- d-----w- c:\program files\FunkyEmoticons
2009-08-11 07:04 . 2009-08-11 07:04 -------- d-----w- c:\windows\system32\wbem\en-US
2009-08-11 07:03 . 2006-11-02 09:45 99840 ----a-w- c:\windows\system32\poqexec.exe
2009-08-05 21:19 . 2009-08-05 21:19 -------- d-----w- c:\programdata\Electronic Arts
2009-08-05 21:17 . 2009-08-05 21:17 10134 ----a-r- c:\users\Andrea\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-08-05 21:17 . 2009-08-05 21:17 -------- d-----w- c:\program files\Microsoft WSE
2009-08-04 14:31 . 2009-08-10 20:47 -------- d-----w- c:\program files\HiYo
2009-08-04 14:31 . 2009-08-04 14:31 -------- d-----w- c:\program files\HiYo(15)
2009-08-04 14:31 . 2009-08-04 14:31 -------- d-----w- c:\programdata\HiYo
2009-08-02 20:11 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-02 20:11 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-02 20:11 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-02 20:11 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-02 20:11 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-02 20:11 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 16:10 . 2007-07-23 10:39 739418 ----a-w- c:\windows\system32\perfh010.dat
2009-08-25 16:10 . 2007-07-23 10:39 136940 ----a-w- c:\windows\system32\perfc010.dat
2009-08-22 23:11 . 2007-07-24 06:26 7428 ----a-w- c:\windows\bthservsdp.dat
2009-08-14 06:15 . 2008-08-29 12:40 -------- d-----w- c:\programdata\NOS
2009-08-14 06:15 . 2008-08-29 12:40 -------- d-----w- c:\program files\NOS
2009-08-13 11:25 . 2008-08-05 17:08 -------- d-----w- c:\users\Andrea\AppData\Roaming\Datalayer
2009-08-05 21:55 . 2007-07-24 06:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 21:55 . 2008-08-24 20:43 -------- d-----w- c:\program files\Java
2009-08-02 21:55 . 2008-08-02 15:16 -------- d-----w- c:\programdata\McAfee
2009-07-18 12:17 . 2009-07-29 06:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 12:10 . 2009-07-29 06:32 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-07-18 12:10 . 2009-07-29 06:32 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 12:07 . 2009-07-29 06:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-18 10:00 . 2009-07-29 06:32 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 08:34 . 2009-07-29 06:32 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-07-17 14:52 . 2009-08-12 06:24 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:02 . 2009-08-12 06:24 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 13:01 . 2009-08-12 06:24 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 13:00 . 2009-08-12 06:24 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 11:11 . 2009-08-12 06:24 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-13 20:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 19:42 . 2007-07-24 07:20 -------- d-----w- c:\programdata\Microsoft Help
2009-06-29 17:23 . 2008-07-13 14:01 1469 ----a-w- c:\windows\system32\dmlg.dat
2009-06-10 12:16 . 2009-08-12 06:24 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 12:10 . 2009-08-12 06:24 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-06-10 12:10 . 2009-08-12 06:24 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-06-10 12:09 . 2009-08-12 06:24 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-06-10 12:07 . 2009-08-12 06:24 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-06-10 12:04 . 2009-08-12 06:24 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 12:04 . 2009-08-12 06:24 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-06-04 12:47 . 2009-08-12 06:24 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-06-04 12:43 . 2009-08-12 06:24 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-04 12:36 . 2009-08-12 06:24 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-05-28 10:34 . 2008-08-25 16:20 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-25 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-24 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-23 857648]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"funkyemoticons"="c:\program files\FunkyEmoticons\FunkyEmoticons.exe" [2009-06-16 283360]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-06-13 4489216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoHotStart"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2678460D-99CF-4E82-A29F-B754DA30836F}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{2CAE3635-4861-4AB2-8103-57AF1E6D92A6}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B06ED532-2DB8-47A4-B09E-D2C286E3D1EC}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E6457DB7-AF38-4008-8AFC-38C39D9036F6}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EFAF95C7-A3F2-4825-83F0-4BE3F09E857C}"= UDP:c:\program files\eMule\emule.exe:eMule
"{EA8394C2-884E-4757-A517-D65118FBA5D1}"= TCP:c:\program files\eMule\emule.exe:eMule
"{2C0CA1C5-679D-4A54-8720-4715B8D734E3}"= UDP:4662:emule
"{B833CCFE-4AF2-4163-A200-3619008935E8}"= TCP:4672:emule
"{2578937F-2030-48E3-8989-7E82B119C18D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CBE76F0F-0ABA-4220-B52C-6A6C44AB9E94}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{09FEE12B-09D5-4C68-82BD-7858C18C4D35}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4A3FA78A-565A-4AEC-9E7E-E2E84340DBFD}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{AD632BD9-713D-4033-B40C-25ED311F4DB5}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{48968542-F5F6-4CA8-BAF3-125FCB53405C}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{CE418E73-6ADB-4799-921A-8C377343A078}c:\\program files\\microsoft lifecam\\lifecam.exe"= UDP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"UDP Query User{B24910AF-E010-4734-981E-AC4AF856DD4A}c:\\program files\\microsoft lifecam\\lifecam.exe"= TCP:c:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe
"{A2472324-6CE2-4411-8B4C-11413CFC92DD}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{4CB7199A-8DC9-4E5F-9895-6869129271D2}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"TCP Query User{2AFC5046-7666-4BE7-BC55-AE2A80CF6842}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{567CD6BA-0BDC-44CD-80AE-4A248D758284}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{8810595A-D5C0-49EF-B50F-A80CFE3D057E}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{28397C4B-2E78-4E2E-9D55-05DF90A97E9E}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{1CC5E430-3565-4FC9-864E-13CD0BC98E35}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{BB0C4316-53EF-4878-B470-531A014F88DE}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{1CC9E3FA-4CED-46B1-9750-ECD4143ABF66}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{26D3B96A-E310-4E1B-9712-82278FDDA55B}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{D0826226-31A4-4A61-AA0A-EA605EAEE811}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{DADAFDED-0FAD-4E0F-993F-783F31C88881}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 BcmSqlStartupSvc;Servizio di avvio SQL Server di Business Contact Manager;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 10.41.32 30312]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\System32\drivers\KMDFMEMIO.sys [24/07/2007 8.47.36 13312]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22.31.10 29263712]
S3 NETw2v32;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 12.25.17 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-25 c:\windows\Tasks\User_Feed_Synchronization-{B336C6D4-5DE7-4FCC-B5EF-5611F88722CF}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\c8ho9gga.default\
FF - prefs.js: browser.search.selectedEngine - Trova Rapido
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 21:29
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\TEMP\TMP0000000C2AB4F2574B183A76 524288 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="26B776B63C5CA2F961E0F68D48CC4A6CCAF1420D8430DF54DCF0D1AB75DEA9EBD47AE753458C703031A9D90377B3354290922FF6E717385E58BE8C609B4AC9DAAB506FB6E05871B9BA9BBD8AC06A60D0CEE71E75BC8D3772BE312812657A9BBA21FE6088B1F8995BD64B80A43ACA5B81637A99862F2FAA4313DD7ED732EAC929F94F7E986D6B92BBB253F4FA0FF36C267F53A2C97F5B966BAE60DB6876DB34A7530D06D7DE7136E24FD063FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407FEBC9E127BECC74C375D31A7EC65959FC484FE59CB1C709693960D1B9122DF23B728AC41FB1701F880AAF5CE0966591E06C1ADDC4A53BD3E437BAEC9C64EC749414D6A45EC20DDD94EE7F89C98DEC6F1CCD2B167A03AD0900BE260F47E118B812F7502937ADA0C93B0019029F362410FE27C638E324ADF880E861E4C456751759F6C2E1C78EB429FDD785A3DD959B3DBB492E019C3D0A39B132F243689A442475193EC00A048BB6AADE236DA69FE083056000A84016D5A30053E764C9FED0F8AA85F03970EBAB7D61DE9C7352B62B0DB7CC38580F795C5A1F22559DABD3D6947ACD7766BC2627B38CD4AF6B18668222002EF3CF29A132BBC90EAD8E5806007790A1813BA2133CDD70456F1EE4948D33463A9DA74BE0154C7B22D42A0E778249090D26777F273F9732A72A53AA48E44BF432C524FA0D08F7855992776D47C7FF0B3C9C6C9E4BCD03B4A97C9982D1AF263E7C5D786DDC6AEF99873DD0291355A730CD6C98A857E24D518D3D3405E9E642FBA5965CC787D856ABC128118C6C0FCE2D4E549494BFB4D59E5C7809D95A521AACADBB68CD65FEF5DAB61EF3D068F31806E76E4480DCAA7552FA9504F1288B7CE47D8CEDFC3AE49DAED60CA29416A447E5D9E02FD885712CA8EC208A97A783689886D7099ED7F755BB321F8CBD0688B07C7844494DDDEF02C476EAE34D7F7333E08CB27BDE6BB5851CF4D24457078DBB57B651A6A9075AB65BC9F902B18E045C1E2BB3F04251EDC9CB71E3AEBBE5C9098661230130901ADD1F6DC3F7B0D5D8B5E5C96495984B8F0968863ECC8BE2A08B59EEE7BD5943D664425BB8D4BEA6E255259C99BDD41F0840900013399D8CA2585D972B22AE337CA0096EC13F1CB66B6CFE2D9CDE67F7E0F34016DC7CED7FBCD71F52A4FC10AD350BDC0B02DF8AC6D69FBA8DA3E7C44EE88C91335A7106B50ED5CF1B793FC8048F4ABBC5BFAA16F806AF1FBF70D5B7B23EFF0DFF51635A62DF218F14C7FF22420B7EAC6D662DED9ED69BD526FA0F3724EC5C437E3974D01CC50EE3DB25CEEB3B91B1041A00AD8935B1BE4C51422E95B7A11550C46F797D5BCFC1B40C6B46E54C7A825AECA5E6AAB"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3656)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\oodag.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
c:\program files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-25 21.36.37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-25 19:36

Pre-Run: 60.177.027.072 byte disponibili
Post-Run: 60.005.810.176 byte disponibili

424 --- E O F --- 2009-08-22 20:23

Grazie
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda Amantide » mar ago 25, 2009 11:23 pm

Per quanto riguarda le seguenti rimozioni ne sono sicura al 100%

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-292214054-3889295820-745551110-500
c:\$recycle.bin\S-1-5-21-3450396369-1997837415-3888786090-500
c:\$recycle.bin\S-1-5-21-562593655-1936356248-2708367035-500
c:\program files\QUAD Utilities
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Reset Cursor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Uninstall Hotbar.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar\Weather.lnk
c:\users\Andrea\AppData\Local\kgdavz.dat
c:\users\Andrea\AppData\Local\kgdavz_nav.dat
c:\users\Andrea\AppData\Local\kgdavz_navps.dat


Invece questi mi sanno tanto di file di sistema (anche se non uso Vista), e quindi forse sarà meglio ripristinarli dov'erano, restituendoli l'estensione originale [uhm]

c:\users\Andrea\ntuser.dat{22980dba-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{29118dd5-c529-11dd-a7f3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{5dabed32-a685-11dd-ac34-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{84ff134a-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{87039cf9-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{8ff21247-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{9a049f49-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{abb8e96f-e5ab-11dd-b07e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{acbd3e57-a1e8-11dd-a80e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{af49844a-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{b1a6b64a-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{df8f0bb2-7318-11de-b940-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{ef2ab3cb-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f49a0d86-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{f90ba611-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Default\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{3c5da6ae-72ba-11dd-9db1-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\users\Public\NTUSER.DAT{c1ad96bb-9165-11de-8c64-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{22980db8-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{84ff1348-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{87039cf7-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{8ff21245-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{9a049f42-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{af498448-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{b1a6b648-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{ef2ab3c9-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f49a0d84-b4f7-11dd-8b3f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{f90ba60f-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{22980db6-0af0-11de-aa1f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{7737ab70-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{77e9a07c-3d7a-11de-96fa-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{84ff1346-e5af-11dd-8df0-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{87039cf5-c54c-11dd-8641-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{8ff21243-1176-11de-b45f-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{9a049f40-fb81-11dd-a97e-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{a9d1a56b-ff28-11dd-baab-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{af498446-d7e4-11dd-9b7c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1a6b646-7872-11dd-9c3c-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{ef2ab3c7-010b-11de-9074-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{f90ba60d-7d98-11de-b1eb-000278782dae}.TMContainer00000000000000000001.regtrans-ms
c:\windows\system32\config\systemprofile\ntuser.dat{d17a10b3-755e-11db-9150-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
c:\users\Andrea\ntuser.dat{7737ab74-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\LocalService\NTUSER.DAT{7737ab72-8250-11de-aef3-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita
c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT{53a0cdfb-85ed-11de-987c-000278782dae}.TMContainer00000000000000000001.regtrans-ms . . . . Eliminazione Fallita


Sinceramente è la prima volta che vedo Combofix ad eliminare questi file [8)]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: pubblicità invasiva

Messaggioda xalx67 » mer ago 26, 2009 8:40 am

Si Amantide.. qualcosa è andato storto in quanto dopo la pulizia il pc era impallato alla grande. Era la prima volta che usavo Combofix e, da quello che ho visto, fà tutto in automatico, quindi non ho sbagliato settaggi io. Fortunatamente ha creato un punto di ripristino che poi ho utilizzato. Quando avrò il pc sotto mano procederò con una pulitura manuale dei file che mi hai indicato come sicura zozzeria. Resta il fatto che non riesco a creare punti di ripristino in manuale e non se ne creano neanche in automatico, tranne se vengono fatte installazioni di aggiornamenti o software tipo Combofix. L' errore restituito è riportato ad inizio post.
Grazie per l' aiuto
Avatar utente
xalx67
Bronze Member
Bronze Member
 
Messaggi: 670
Iscritto il: sab nov 08, 2008 5:58 pm

Re: pubblicità invasiva

Messaggioda Amantide » mer ago 26, 2009 12:19 pm

xalx67 ha scritto: L' errore restituito è riportato ad inizio post.

L'unico consiglio che ti posso dare e vedere se trovi qualcosa di utile qui [boh]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising