Risultato del report di CombFix per eliminare la pubblicità

[FRANCESCOANTONIO]

Ciao ho eseguito CombFix per eliminare le pagine pubblicitarie, tipo ad.yieldmanager.com, che si aprono con Google Chrome e questo è il risultato del report:

ComboFix 12-06-03.01 - Francesco 05/06/2012 21.34.07.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1021.453 [GMT 2:00]
Eseguito da: c:\users\Francesco\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FRANCE~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Francesco\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
.
---- Esecuzione precedente -------
.
c:\programdata\Roaming
c:\users\FRANCE~1\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\Francesco\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-05 al 2012-06-05 )))))))))))))))))))))))))))))))))))
.
.
2012-06-05 19:45 . 2012-06-05 19:53 -------- d-----w- c:\users\Francesco\AppData\Local\temp
2012-06-05 19:45 . 2012-06-05 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 18:57 . 2012-05-31 18:57 -------- d-----w- c:\users\Francesco\AppData\Local\Deployment
2012-05-27 19:30 . 2012-05-27 19:30 -------- d-----w- c:\programdata\30340
2012-05-27 19:29 . 2012-05-27 19:38 -------- d-----w- c:\users\Francesco\AppData\Local\iMesh
2012-05-27 19:27 . 2012-05-31 18:55 -------- d-----w- c:\program files\iMesh Applications
2012-05-27 19:24 . 2012-05-27 19:24 -------- d-----w- c:\users\Francesco\AppData\Local\PackageAware
2012-05-21 19:17 . 2012-05-21 19:17 -------- d-----w- c:\users\Francesco\AppData\Local\Software della webcam Logitech®
2012-05-21 19:13 . 2012-05-21 19:13 -------- d-----w- c:\programdata\LogiShrd
2012-05-21 19:09 . 2012-05-21 19:09 -------- d-----w- c:\users\Francesco\AppData\Roaming\Leadertech
2012-05-21 19:09 . 2012-05-21 19:09 53248 ----a-r- c:\users\Francesco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-21 19:01 . 2012-05-21 19:01 -------- d-----w- c:\programdata\Logitech
2012-05-21 19:00 . 2012-05-21 19:00 -------- d-----w- c:\program files\Common Files\LWS
2012-05-21 18:58 . 2012-05-21 19:14 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-05-21 18:58 . 2012-05-21 19:09 -------- d-----w- c:\program files\Logitech
2012-05-16 20:16 . 2012-05-16 20:17 -------- d-----w- c:\program files\CCleaner
2012-05-11 18:17 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 18:16 . 2012-03-30 12:39 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 18:15 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 18:15 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 18:15 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-05-11 18:15 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 18:15 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 18:15 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-05-11 18:15 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 18:15 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-11 18:15 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-11 18:15 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-11 18:15 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-21 15:59 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-03 08:16 . 2012-05-11 18:14 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 18:14 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 13:36 . 2012-05-11 18:14 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-03-28 20:11 . 2012-05-02 16:23 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-03-28 20:11 . 2012-03-28 20:11 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-03-28 20:11 . 2012-03-28 20:11 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-03-28 20:11 . 2012-03-28 20:11 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-03-28 20:11 . 2012-03-28 20:11 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-03-28 20:11 . 2012-03-28 20:11 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-03-28 20:11 . 2012-03-28 20:11 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-03-28 20:11 . 2012-03-28 20:11 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-03-28 20:11 . 2012-03-28 20:11 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-03-28 20:11 . 2012-03-28 20:11 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-03-28 20:11 . 2012-03-28 20:11 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-03-28 20:11 . 2012-03-28 20:11 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-03-28 20:11 . 2012-03-28 20:11 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-03-28 20:11 . 2012-03-28 20:11 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-03-28 20:11 . 2012-03-28 20:11 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-03-28 20:11 . 2012-03-28 20:11 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-03-28 20:11 . 2012-03-28 20:11 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-03-28 20:11 . 2012-03-28 20:11 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-03-28 20:11 . 2012-03-28 20:11 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-03-28 20:11 . 2012-03-28 20:11 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-03-28 20:11 . 2012-03-28 20:11 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-03-28 20:11 . 2012-03-28 20:11 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-03-28 20:11 . 2012-03-28 20:11 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-03-28 20:11 . 2012-05-02 16:21 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-03-28 20:11 . 2012-05-02 16:21 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-03-28 20:11 . 2012-05-02 16:21 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-03-26 20:26 . 2011-05-15 17:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-11-21 04:35 . 2011-11-26 16:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2011-12-16 06:55 225584 ----a-w- c:\program files\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2009-11-08 08:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4619105f-8f56-4dc3-bb47-ede6e2993355}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Messenger_Plus_IT\prxtbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4619105f-8f56-4dc3-bb47-ede6e2993355}"= "c:\program files\Messenger_Plus_IT\prxtbMess.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4619105f-8f56-4dc3-bb47-ede6e2993355}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4619105F-8F56-4DC3-BB47-EDE6E2993355}"= "c:\program files\Messenger_Plus_IT\prxtbMess.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{4619105f-8f56-4dc3-bb47-ede6e2993355}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-03-31 954256]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-31 21392]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-12-07 483328]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mylbx"="d:\my lockbox\mylbx.exe" [2011-04-25 1901888]
"Browser companion helper"="c:\program files\BrowserCompanion\BCHelper.exe" [2011-08-08 182576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-03-31 3521424]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
c:\users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrazione prodotti.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-1-23 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll c:\windows\System32\eNetHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153312972-3515896029-4065625573-1000Core.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 18:57]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153312972-3515896029-4065625573-1000UA.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 18:57]
.
2012-02-14 c:\windows\Tasks\Norton Security Scan for Francesco.job
- c:\progra~1\NORTON~2\Engine\361~1.11\Nss.exe [2012-02-14 07:47]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\BrowserCompanion\tdataprotocol.dll
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\prvrjcg6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM_ActiveSetup-ccc-core-static - msiexec
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 21:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(1592)
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\conime.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\iPod\bin\iPodService.exe
c:\users\FRANCE~1\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-05 22:05:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-05 20:05
.
Pre-Run: 6.335.758.336 byte disponibili
Post-Run: 6.175.506.432 byte disponibili
.
- - End Of File - - 2865D341D58AC98D63C8132A51630259

Grazie per l'aiuto!

[FrancescoFDAC]

Scarica Malwarebytes' Anti-Malware - Free Edition: http://www.malwarebytes.org
● doppio click su mbam-setup.exe per avviare il setup
● in fase di installazione, lascia la spunta alle voci b]Aggiorna Malwarebytes' Anti-Malware[/b] e Avvia Malwarebytes' Anti-Malware

Una volta eseguiti i passaggi indicati sopra:
● collega tutte le periferiche esterne che possiedi ( Chiavette USB, HDD Esterni, Lettori MP3... )
● verrà mostrata la schermata principale del tool: al messaggio che appare, clicca sul pulsante No
● clicca sul pulsante Scansione completa, e conferma cliccando il pulsante Scansione
● verrà richiesto quali drive scansionare; selezionali tutti, e clicca nuovamente su Scansione
● attendi pazientemente il termine della scansione
● una volta terminata, clicca sul pulsante OK e Mostra Risultati per visionare il Report
● verrà rilasciato automaticamente un file di testo: salvalo sul Desktop ed allegalo
● assicurati che tutte le voci siano selezionate, e clicca sul pulsante Rimuovi selezionati, in basso a sinistra
● il log può essere visionati cliccando sul tab Log dall'interfaccia principale del programma

Nota - riguardo al programma:
● se MalwareBytes incontrasse delle difficoltà nel rimuovere alcuni file, verranno mostrate delle finestre aggiuntive: clicca sul pulsante OK, e lascia procedere il programma alla disinfezione. Se MalwareBytes chiedesse di riavviare il sistema, fallo immediatamente