Pubblicità
PROBLEMA computer semibloccato,virus;ho i file OTL,txt,adwclean _ cosa devo fare ?
Pubblicità
M
migraine
Ospite
ok.Come oggi ho fatto 3 scansioni prendo l'ultimo log che è questo:
"========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 01082014_125549"
o
http://01082014_125549.log
"========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 01082014_125549"
o
http://01082014_125549.log
M
migraine
Ospite
Ho rieseguito Avenger ma il log non lo trovao nel C.
Ho cercato nel C qualsiasi file nato esatamente alle 15.09 ora quandro ho fatto la scansione con Avenger e ci sono 2 file nominato pagefile.sys e hiberfile.sys .Ci possono aiutare?
Ho cercato nel C qualsiasi file nato esatamente alle 15.09 ora quandro ho fatto la scansione con Avenger e ci sono 2 file nominato pagefile.sys e hiberfile.sys .Ci possono aiutare?
menatwork
Utente Attivo
- Messaggi
- 1,303
- Reazioni
- 232
- Punteggio
- 77
non fa niente, vediamo cosa dice malwarebytes
Scaricalo da qui e installalo
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
Scaricalo da qui e installalo
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
M
migraine
Ospite
Buona sera, ho fatto il download del soft malwarebytes .Quando provo ad aprire...non si apre ."IMPOSSIBILE CREARE LA CARTELA.ACCESSO NEGATO."
:muro:
:muro:
menatwork
Utente Attivo
- Messaggi
- 1,303
- Reazioni
- 232
- Punteggio
- 77
ciao r16 si lo avevo notato, ma tieni presente che , molto probabilmente ( e sai a cosa mi riferisco) l'utente ha un S.O. non originale
[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71 b083fc0973\user32.dll
[-] 2011-01-16 00:01:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll
[7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde9 0685eb910636\winlogon.exe
[-] 2011-01-16 00:01:54 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe
M
migraine
Ospite
Si.Laptop nuovo comprato su ebay 2 mesi fa
menatwork
Utente Attivo
- Messaggi
- 1,303
- Reazioni
- 232
- Punteggio
- 77
R16 hai un P.M.
- - - Updated - - -
allora, dopo aver fatto 4 chiacchiere con r16 che e' il migliore :asd:
apri blocco note e incolla questo
Salva il file sul Desktop come CFScript.txt
Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix
al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt
- - - Updated - - -
allora, dopo aver fatto 4 chiacchiere con r16 che e' il migliore :asd:
apri blocco note e incolla questo
Salva il file sul Desktop come CFScript.txt
Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix
al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt
M
migraine
Ospite
Buona mattina, fatta l'operazione con Combofix allego qui il log txt risultato.(Wikisend non va in questo momento)
ComboFix 14-01-01.01 - User 09/01/2014 9:24:20.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3991.2923 [GMT 1:00]
Eseguito da: C:\Users\User\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
La copia infetta di C:\Windows\System32\winver.exe è stata trovata e disinfettata
ipristinata copia da - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
((((((((((((((((((((((((( Files Creati Da 2013-12-09 al 2014-01-09 )))))))))))))))))))))))))))))))))))
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-08 14:08:45 . 2014-01-08 14:08:45 61440 ----a-w- C:\Windows\SysWow64\drivers\teznb.sys
2014-01-08 13:57:36 . 2014-01-08 13:57:36 61440 ----a-w- C:\Windows\SysWow64\drivers\qcqybc.sys
2014-01-08 11:20:55 . 2014-01-08 11:20:55 61440 ----a-w- C:\Windows\SysWow64\drivers\rxpta.sys
2014-01-08 11:14:34 . 2014-01-08 11:14:34 61440 ----a-w- C:\Windows\SysWow64\drivers\antv.sys
2014-01-07 16:50:58 . 2014-01-07 17:11:38 -------- d-----w- C:\AdwCleaner
2014-01-05 14:28:26 . 2014-01-05 14:28:28 -------- d-----w- C:\Windows\7zSF087.tmp
2014-01-03 11:14:53 . 2014-01-03 11:14:55 -------- d-----w- C:\Windows\7zSD20E.tmp
2014-01-03 10:32:10 . 2014-01-03 10:32:10 -------- d-----w- C:\_OTL
2014-01-02 08:43:25 . 2014-01-02 08:43:27 -------- d-----w- C:\Windows\7zS5937.tmp
2014-01-01 16:04:55 . 2014-01-01 16:04:56 -------- d-----w- C:\Windows\7zSBC4D.tmp
2014-01-01 13:28:06 . 2014-01-01 15:45:11 -------- d-----w- C:\Windows\7zS760.tmp
2014-01-01 11:00:19 . 2014-01-01 15:45:26 -------- d-----w- C:\Windows\7zS3997.tmp
2013-12-31 14:23:25 . 2014-01-01 15:45:06 -------- d-----w- C:\Windows\7zSF91E.tmp
2013-12-31 10:44:45 . 2014-01-01 15:45:18 -------- d-----w- C:\Windows\7zS6DEF.tmp
2013-12-31 10:12:03 . 2013-12-31 10:12:03 -------- d-----w- C:\Users\User\AppData\Local\Avg2014
2013-12-31 10:11:59 . 2014-01-01 15:44:59 -------- d-----w- C:\Windows\7zSFBDC.tmp
2013-12-30 21:27:03 . 2013-12-30 21:27:03 422216 ----a-w- C:\Windows\system32\drivers\mdpvefwe.sys
2013-12-30 13:56:15 . 2013-12-30 13:56:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-29 21:38:26 . 2014-01-03 10:57:11 -------- d-----w- C:\ProgramData\Local Settings
2013-12-27 17:44:13 . 2013-12-27 17:44:13 -------- d-----w- C:\Users\User\AppData\Local\Samsung
2013-12-27 17:44:11 . 2013-12-27 17:44:11 -------- d-----w- C:\Users\User\AppData\Roaming\Samsung
2013-12-27 17:40:59 . 2013-08-21 04:31:28 21320 ----a-w- C:\Windows\system32\drivers\ssadmdfl.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 188232 ----a-w- C:\Windows\system32\drivers\ssadmdm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwhnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwh.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcmnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 169288 ----a-w- C:\Windows\system32\drivers\ssadbus.sys
2013-12-27 17:40:58 . 2013-08-21 04:31:28 158024 ----a-w- C:\Windows\system32\drivers\ssadserd.sys
2013-12-27 17:34:38 . 2013-10-30 11:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-27 17:34:20 . 2013-10-30 11:06:44 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-27 17:33:00 . 2013-12-27 17:40:25 -------- d-----w- C:\Program Files (x86)\Samsung
2013-12-27 17:33:00 . 2013-12-27 17:39:41 -------- d-----w- C:\ProgramData\Samsung
2013-12-27 17:11:02 . 2013-12-27 17:11:02 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2013-12-27 10:19:55 . 2010-03-22 03:43:34 35840 ----a-r- C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2013-12-27 10:18:56 . 2013-12-27 10:56:59 -------- d-----w- C:\Netgear
2013-12-23 12:21:38 . 2013-12-23 13:43:55 -------- d-----w- C:\Users\User\idee papa
2013-12-13 17:55:53 . 2013-12-13 21:26:59 -------- d-----w- C:\Users\User\AppData\Roaming\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2013-10-30 11:07:00 . 2013-10-30 11:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 11:07:00 . 2013-10-30 11:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 11:07:00 . 2013-10-30 11:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2011-01-16 00:01:54 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe
[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-01-16 00:01:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 17:52:04 1564528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 00:54:00 4411952]
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 16:36:42 371976]
"Ulead AutoDetector v2"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead AutoDetector"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead Calendar Checker"="C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 08:10:54 69632]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 17:33:36 150528]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 17:52:06 311152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"24308"="C:\PROGRA~3\LOCALS~1\Temp\msvopfw.bat" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R0 ayxzl;ayxzl;C:\Windows\system32\drivers\rxpta.sys;C:\Windows\SYSNATIVE\drivers\rxpta.sys [x]
R0 bpaos;bpaos;C:\Windows\system32\drivers\antv.sys;C:\Windows\SYSNATIVE\drivers\antv.sys [x]
R0 gpuvsidx;gpuvsidx;C:\Windows\system32\drivers\qcqybc.sys;C:\Windows\SYSNATIVE\drivers\qcqybc.sys [x]
R0 shniqbpd;shniqbpd;C:\Windows\system32\drivers\teznb.sys;C:\Windows\SYSNATIVE\drivers\teznb.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\Windows\system32\srvany.exe;C:\Windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\system32\Drivers\BtL2caScoIf.sys;C:\Windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS;C:\Windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys;C:\Windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\system32\Drivers\BtAudioBus.sys;C:\Windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\system32\Drivers\IvtUrbBtFlt.sys;C:\Windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys;C:\Windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys;C:\Windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\system32\DRIVERS\rtbth.sys;C:\Windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys;C:\Windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:55:57 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
Contenuto della cartella 'Scheduled Tasks'
2014-01-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
2014-01-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-04-03 06:55:16 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-04-03 06:55:04 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-04-03 06:55:10 439064]
------- Scansione supplementare -------
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.ebay.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ebay.it\my
TCP: DhcpNameServer = 192.168.0.1
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3932492033-584424908-2357461149-1000_Classes\CLSID\{6FDFBEDD-7D7A-6448-A5A4-A43F74ACFC81}] @DenieD: (A 4) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
------------------------ Altri processi in esecuzione ------------------------
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
**************************************************************************
Ora fine scansione: 2014-01-09 09:35:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-01-09 08:35:51
ComboFix2.txt 2014-01-08 10:20:10
ComboFix3.txt 2014-01-08 10:01:01
ComboFix4.txt 2014-01-08 08:08:20
ComboFix5.txt 2014-01-09 08:22:21
Pre-Run: 166.397.800.448 byte disponibili
Post-Run: 166.369.091.584 byte disponibili
- - End Of File - - 71796CDA878FE1AC2FD7473C7C4DC01C
A36C5E4F47E84449FF07ED3517B43A31
- - - Updated - - -
Buona mattina, fatta l'operazione con Combofix allego qui il log txt risultato.(Wikisend non va in questo momento)
ComboFix 14-01-01.01 - User 09/01/2014 9:24:20.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3991.2923 [GMT 1:00]
Eseguito da: C:\Users\User\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
La copia infetta di C:\Windows\System32\winver.exe è stata trovata e disinfettata
ipristinata copia da - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
((((((((((((((((((((((((( Files Creati Da 2013-12-09 al 2014-01-09 )))))))))))))))))))))))))))))))))))
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-08 14:08:45 . 2014-01-08 14:08:45 61440 ----a-w- C:\Windows\SysWow64\drivers\teznb.sys
2014-01-08 13:57:36 . 2014-01-08 13:57:36 61440 ----a-w- C:\Windows\SysWow64\drivers\qcqybc.sys
2014-01-08 11:20:55 . 2014-01-08 11:20:55 61440 ----a-w- C:\Windows\SysWow64\drivers\rxpta.sys
2014-01-08 11:14:34 . 2014-01-08 11:14:34 61440 ----a-w- C:\Windows\SysWow64\drivers\antv.sys
2014-01-07 16:50:58 . 2014-01-07 17:11:38 -------- d-----w- C:\AdwCleaner
2014-01-05 14:28:26 . 2014-01-05 14:28:28 -------- d-----w- C:\Windows\7zSF087.tmp
2014-01-03 11:14:53 . 2014-01-03 11:14:55 -------- d-----w- C:\Windows\7zSD20E.tmp
2014-01-03 10:32:10 . 2014-01-03 10:32:10 -------- d-----w- C:\_OTL
2014-01-02 08:43:25 . 2014-01-02 08:43:27 -------- d-----w- C:\Windows\7zS5937.tmp
2014-01-01 16:04:55 . 2014-01-01 16:04:56 -------- d-----w- C:\Windows\7zSBC4D.tmp
2014-01-01 13:28:06 . 2014-01-01 15:45:11 -------- d-----w- C:\Windows\7zS760.tmp
2014-01-01 11:00:19 . 2014-01-01 15:45:26 -------- d-----w- C:\Windows\7zS3997.tmp
2013-12-31 14:23:25 . 2014-01-01 15:45:06 -------- d-----w- C:\Windows\7zSF91E.tmp
2013-12-31 10:44:45 . 2014-01-01 15:45:18 -------- d-----w- C:\Windows\7zS6DEF.tmp
2013-12-31 10:12:03 . 2013-12-31 10:12:03 -------- d-----w- C:\Users\User\AppData\Local\Avg2014
2013-12-31 10:11:59 . 2014-01-01 15:44:59 -------- d-----w- C:\Windows\7zSFBDC.tmp
2013-12-30 21:27:03 . 2013-12-30 21:27:03 422216 ----a-w- C:\Windows\system32\drivers\mdpvefwe.sys
2013-12-30 13:56:15 . 2013-12-30 13:56:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-29 21:38:26 . 2014-01-03 10:57:11 -------- d-----w- C:\ProgramData\Local Settings
2013-12-27 17:44:13 . 2013-12-27 17:44:13 -------- d-----w- C:\Users\User\AppData\Local\Samsung
2013-12-27 17:44:11 . 2013-12-27 17:44:11 -------- d-----w- C:\Users\User\AppData\Roaming\Samsung
2013-12-27 17:40:59 . 2013-08-21 04:31:28 21320 ----a-w- C:\Windows\system32\drivers\ssadmdfl.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 188232 ----a-w- C:\Windows\system32\drivers\ssadmdm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwhnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwh.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcmnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 169288 ----a-w- C:\Windows\system32\drivers\ssadbus.sys
2013-12-27 17:40:58 . 2013-08-21 04:31:28 158024 ----a-w- C:\Windows\system32\drivers\ssadserd.sys
2013-12-27 17:34:38 . 2013-10-30 11:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-27 17:34:20 . 2013-10-30 11:06:44 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-27 17:33:00 . 2013-12-27 17:40:25 -------- d-----w- C:\Program Files (x86)\Samsung
2013-12-27 17:33:00 . 2013-12-27 17:39:41 -------- d-----w- C:\ProgramData\Samsung
2013-12-27 17:11:02 . 2013-12-27 17:11:02 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2013-12-27 10:19:55 . 2010-03-22 03:43:34 35840 ----a-r- C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2013-12-27 10:18:56 . 2013-12-27 10:56:59 -------- d-----w- C:\Netgear
2013-12-23 12:21:38 . 2013-12-23 13:43:55 -------- d-----w- C:\Users\User\idee papa
2013-12-13 17:55:53 . 2013-12-13 21:26:59 -------- d-----w- C:\Users\User\AppData\Roaming\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2013-10-30 11:07:00 . 2013-10-30 11:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 11:07:00 . 2013-10-30 11:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 11:07:00 . 2013-10-30 11:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2011-01-16 00:01:54 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe
[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-01-16 00:01:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 17:52:04 1564528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 00:54:00 4411952]
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 16:36:42 371976]
"Ulead AutoDetector v2"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead AutoDetector"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead Calendar Checker"="C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 08:10:54 69632]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 17:33:36 150528]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 17:52:06 311152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"24308"="C:\PROGRA~3\LOCALS~1\Temp\msvopfw.bat" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R0 ayxzl;ayxzl;C:\Windows\system32\drivers\rxpta.sys;C:\Windows\SYSNATIVE\drivers\rxpta.sys [x]
R0 bpaos;bpaos;C:\Windows\system32\drivers\antv.sys;C:\Windows\SYSNATIVE\drivers\antv.sys [x]
R0 gpuvsidx;gpuvsidx;C:\Windows\system32\drivers\qcqybc.sys;C:\Windows\SYSNATIVE\drivers\qcqybc.sys [x]
R0 shniqbpd;shniqbpd;C:\Windows\system32\drivers\teznb.sys;C:\Windows\SYSNATIVE\drivers\teznb.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\Windows\system32\srvany.exe;C:\Windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\system32\Drivers\BtL2caScoIf.sys;C:\Windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS;C:\Windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys;C:\Windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\system32\Drivers\BtAudioBus.sys;C:\Windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\system32\Drivers\IvtUrbBtFlt.sys;C:\Windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys;C:\Windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys;C:\Windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\system32\DRIVERS\rtbth.sys;C:\Windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys;C:\Windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:55:57 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
Contenuto della cartella 'Scheduled Tasks'
2014-01-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
2014-01-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-04-03 06:55:16 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-04-03 06:55:04 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-04-03 06:55:10 439064]
------- Scansione supplementare -------
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.ebay.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ebay.it\my
TCP: DhcpNameServer = 192.168.0.1
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3932492033-584424908-2357461149-1000_Classes\CLSID\{6FDFBEDD-7D7A-6448-A5A4-A43F74ACFC81}] @DenieD: (A 4) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
------------------------ Altri processi in esecuzione ------------------------
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
**************************************************************************
Ora fine scansione: 2014-01-09 09:35:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-01-09 08:35:51
ComboFix2.txt 2014-01-08 10:20:10
ComboFix3.txt 2014-01-08 10:01:01
ComboFix4.txt 2014-01-08 08:08:20
ComboFix5.txt 2014-01-09 08:22:21
Pre-Run: 166.397.800.448 byte disponibili
Post-Run: 166.369.091.584 byte disponibili
- - End Of File - - 71796CDA878FE1AC2FD7473C7C4DC01C
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-01-01.01 - User 09/01/2014 9:24:20.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3991.2923 [GMT 1:00]
Eseguito da: C:\Users\User\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
La copia infetta di C:\Windows\System32\winver.exe è stata trovata e disinfettata
ipristinata copia da - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
((((((((((((((((((((((((( Files Creati Da 2013-12-09 al 2014-01-09 )))))))))))))))))))))))))))))))))))
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-08 14:08:45 . 2014-01-08 14:08:45 61440 ----a-w- C:\Windows\SysWow64\drivers\teznb.sys
2014-01-08 13:57:36 . 2014-01-08 13:57:36 61440 ----a-w- C:\Windows\SysWow64\drivers\qcqybc.sys
2014-01-08 11:20:55 . 2014-01-08 11:20:55 61440 ----a-w- C:\Windows\SysWow64\drivers\rxpta.sys
2014-01-08 11:14:34 . 2014-01-08 11:14:34 61440 ----a-w- C:\Windows\SysWow64\drivers\antv.sys
2014-01-07 16:50:58 . 2014-01-07 17:11:38 -------- d-----w- C:\AdwCleaner
2014-01-05 14:28:26 . 2014-01-05 14:28:28 -------- d-----w- C:\Windows\7zSF087.tmp
2014-01-03 11:14:53 . 2014-01-03 11:14:55 -------- d-----w- C:\Windows\7zSD20E.tmp
2014-01-03 10:32:10 . 2014-01-03 10:32:10 -------- d-----w- C:\_OTL
2014-01-02 08:43:25 . 2014-01-02 08:43:27 -------- d-----w- C:\Windows\7zS5937.tmp
2014-01-01 16:04:55 . 2014-01-01 16:04:56 -------- d-----w- C:\Windows\7zSBC4D.tmp
2014-01-01 13:28:06 . 2014-01-01 15:45:11 -------- d-----w- C:\Windows\7zS760.tmp
2014-01-01 11:00:19 . 2014-01-01 15:45:26 -------- d-----w- C:\Windows\7zS3997.tmp
2013-12-31 14:23:25 . 2014-01-01 15:45:06 -------- d-----w- C:\Windows\7zSF91E.tmp
2013-12-31 10:44:45 . 2014-01-01 15:45:18 -------- d-----w- C:\Windows\7zS6DEF.tmp
2013-12-31 10:12:03 . 2013-12-31 10:12:03 -------- d-----w- C:\Users\User\AppData\Local\Avg2014
2013-12-31 10:11:59 . 2014-01-01 15:44:59 -------- d-----w- C:\Windows\7zSFBDC.tmp
2013-12-30 21:27:03 . 2013-12-30 21:27:03 422216 ----a-w- C:\Windows\system32\drivers\mdpvefwe.sys
2013-12-30 13:56:15 . 2013-12-30 13:56:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-29 21:38:26 . 2014-01-03 10:57:11 -------- d-----w- C:\ProgramData\Local Settings
2013-12-27 17:44:13 . 2013-12-27 17:44:13 -------- d-----w- C:\Users\User\AppData\Local\Samsung
2013-12-27 17:44:11 . 2013-12-27 17:44:11 -------- d-----w- C:\Users\User\AppData\Roaming\Samsung
2013-12-27 17:40:59 . 2013-08-21 04:31:28 21320 ----a-w- C:\Windows\system32\drivers\ssadmdfl.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 188232 ----a-w- C:\Windows\system32\drivers\ssadmdm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwhnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwh.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcmnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 169288 ----a-w- C:\Windows\system32\drivers\ssadbus.sys
2013-12-27 17:40:58 . 2013-08-21 04:31:28 158024 ----a-w- C:\Windows\system32\drivers\ssadserd.sys
2013-12-27 17:34:38 . 2013-10-30 11:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-27 17:34:20 . 2013-10-30 11:06:44 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-27 17:33:00 . 2013-12-27 17:40:25 -------- d-----w- C:\Program Files (x86)\Samsung
2013-12-27 17:33:00 . 2013-12-27 17:39:41 -------- d-----w- C:\ProgramData\Samsung
2013-12-27 17:11:02 . 2013-12-27 17:11:02 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2013-12-27 10:19:55 . 2010-03-22 03:43:34 35840 ----a-r- C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2013-12-27 10:18:56 . 2013-12-27 10:56:59 -------- d-----w- C:\Netgear
2013-12-23 12:21:38 . 2013-12-23 13:43:55 -------- d-----w- C:\Users\User\idee papa
2013-12-13 17:55:53 . 2013-12-13 21:26:59 -------- d-----w- C:\Users\User\AppData\Roaming\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2013-10-30 11:07:00 . 2013-10-30 11:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 11:07:00 . 2013-10-30 11:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 11:07:00 . 2013-10-30 11:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2011-01-16 00:01:54 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe
[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-01-16 00:01:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 17:52:04 1564528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 00:54:00 4411952]
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 16:36:42 371976]
"Ulead AutoDetector v2"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead AutoDetector"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead Calendar Checker"="C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 08:10:54 69632]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 17:33:36 150528]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 17:52:06 311152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"24308"="C:\PROGRA~3\LOCALS~1\Temp\msvopfw.bat" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R0 ayxzl;ayxzl;C:\Windows\system32\drivers\rxpta.sys;C:\Windows\SYSNATIVE\drivers\rxpta.sys [x]
R0 bpaos;bpaos;C:\Windows\system32\drivers\antv.sys;C:\Windows\SYSNATIVE\drivers\antv.sys [x]
R0 gpuvsidx;gpuvsidx;C:\Windows\system32\drivers\qcqybc.sys;C:\Windows\SYSNATIVE\drivers\qcqybc.sys [x]
R0 shniqbpd;shniqbpd;C:\Windows\system32\drivers\teznb.sys;C:\Windows\SYSNATIVE\drivers\teznb.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\Windows\system32\srvany.exe;C:\Windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\system32\Drivers\BtL2caScoIf.sys;C:\Windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS;C:\Windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys;C:\Windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\system32\Drivers\BtAudioBus.sys;C:\Windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\system32\Drivers\IvtUrbBtFlt.sys;C:\Windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys;C:\Windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys;C:\Windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\system32\DRIVERS\rtbth.sys;C:\Windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys;C:\Windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:55:57 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
Contenuto della cartella 'Scheduled Tasks'
2014-01-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
2014-01-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-04-03 06:55:16 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-04-03 06:55:04 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-04-03 06:55:10 439064]
------- Scansione supplementare -------
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.ebay.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ebay.it\my
TCP: DhcpNameServer = 192.168.0.1
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3932492033-584424908-2357461149-1000_Classes\CLSID\{6FDFBEDD-7D7A-6448-A5A4-A43F74ACFC81}] @DenieD: (A 4) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
------------------------ Altri processi in esecuzione ------------------------
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
**************************************************************************
Ora fine scansione: 2014-01-09 09:35:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-01-09 08:35:51
ComboFix2.txt 2014-01-08 10:20:10
ComboFix3.txt 2014-01-08 10:01:01
ComboFix4.txt 2014-01-08 08:08:20
ComboFix5.txt 2014-01-09 08:22:21
Pre-Run: 166.397.800.448 byte disponibili
Post-Run: 166.369.091.584 byte disponibili
- - End Of File - - 71796CDA878FE1AC2FD7473C7C4DC01C
A36C5E4F47E84449FF07ED3517B43A31
- - - Updated - - -
Buona mattina, fatta l'operazione con Combofix allego qui il log txt risultato.(Wikisend non va in questo momento)
ComboFix 14-01-01.01 - User 09/01/2014 9:24:20.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3991.2923 [GMT 1:00]
Eseguito da: C:\Users\User\Desktop\ComboFix.exe
Opzioni usate :: C:\Users\User\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
* Resident AV is active
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
La copia infetta di C:\Windows\System32\winver.exe è stata trovata e disinfettata
ipristinata copia da - C:\Windows\winsxs\amd64_microsoft-windows-winver_31bf3856ad364e35_6.1.7600.16385_none_12466fe3b629e036\winver.exe
((((((((((((((((((((((((( Files Creati Da 2013-12-09 al 2014-01-09 )))))))))))))))))))))))))))))))))))
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2014-01-09 08:29:46 . 2014-01-09 08:29:46 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-08 14:08:45 . 2014-01-08 14:08:45 61440 ----a-w- C:\Windows\SysWow64\drivers\teznb.sys
2014-01-08 13:57:36 . 2014-01-08 13:57:36 61440 ----a-w- C:\Windows\SysWow64\drivers\qcqybc.sys
2014-01-08 11:20:55 . 2014-01-08 11:20:55 61440 ----a-w- C:\Windows\SysWow64\drivers\rxpta.sys
2014-01-08 11:14:34 . 2014-01-08 11:14:34 61440 ----a-w- C:\Windows\SysWow64\drivers\antv.sys
2014-01-07 16:50:58 . 2014-01-07 17:11:38 -------- d-----w- C:\AdwCleaner
2014-01-05 14:28:26 . 2014-01-05 14:28:28 -------- d-----w- C:\Windows\7zSF087.tmp
2014-01-03 11:14:53 . 2014-01-03 11:14:55 -------- d-----w- C:\Windows\7zSD20E.tmp
2014-01-03 10:32:10 . 2014-01-03 10:32:10 -------- d-----w- C:\_OTL
2014-01-02 08:43:25 . 2014-01-02 08:43:27 -------- d-----w- C:\Windows\7zS5937.tmp
2014-01-01 16:04:55 . 2014-01-01 16:04:56 -------- d-----w- C:\Windows\7zSBC4D.tmp
2014-01-01 13:28:06 . 2014-01-01 15:45:11 -------- d-----w- C:\Windows\7zS760.tmp
2014-01-01 11:00:19 . 2014-01-01 15:45:26 -------- d-----w- C:\Windows\7zS3997.tmp
2013-12-31 14:23:25 . 2014-01-01 15:45:06 -------- d-----w- C:\Windows\7zSF91E.tmp
2013-12-31 10:44:45 . 2014-01-01 15:45:18 -------- d-----w- C:\Windows\7zS6DEF.tmp
2013-12-31 10:12:03 . 2013-12-31 10:12:03 -------- d-----w- C:\Users\User\AppData\Local\Avg2014
2013-12-31 10:11:59 . 2014-01-01 15:44:59 -------- d-----w- C:\Windows\7zSFBDC.tmp
2013-12-30 21:27:03 . 2013-12-30 21:27:03 422216 ----a-w- C:\Windows\system32\drivers\mdpvefwe.sys
2013-12-30 13:56:15 . 2013-12-30 13:56:15 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-29 21:38:26 . 2014-01-03 10:57:11 -------- d-----w- C:\ProgramData\Local Settings
2013-12-27 17:44:13 . 2013-12-27 17:44:13 -------- d-----w- C:\Users\User\AppData\Local\Samsung
2013-12-27 17:44:11 . 2013-12-27 17:44:11 -------- d-----w- C:\Users\User\AppData\Roaming\Samsung
2013-12-27 17:40:59 . 2013-08-21 04:31:28 21320 ----a-w- C:\Windows\system32\drivers\ssadmdfl.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 188232 ----a-w- C:\Windows\system32\drivers\ssadmdm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwhnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17736 ----a-w- C:\Windows\system32\drivers\ssadwh.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcmnt.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 17224 ----a-w- C:\Windows\system32\drivers\ssadcm.sys
2013-12-27 17:40:59 . 2013-08-21 04:31:28 169288 ----a-w- C:\Windows\system32\drivers\ssadbus.sys
2013-12-27 17:40:58 . 2013-08-21 04:31:28 158024 ----a-w- C:\Windows\system32\drivers\ssadserd.sys
2013-12-27 17:34:38 . 2013-10-30 11:13:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-12-27 17:34:20 . 2013-10-30 11:06:44 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-12-27 17:33:00 . 2013-12-27 17:40:25 -------- d-----w- C:\Program Files (x86)\Samsung
2013-12-27 17:33:00 . 2013-12-27 17:39:41 -------- d-----w- C:\ProgramData\Samsung
2013-12-27 17:11:02 . 2013-12-27 17:11:02 -------- d-----w- C:\Users\User\AppData\Local\Downloaded Installations
2013-12-27 10:19:55 . 2010-03-22 03:43:34 35840 ----a-r- C:\Windows\system32\drivers\BVRPMPR5a64.SYS
2013-12-27 10:18:56 . 2013-12-27 10:56:59 -------- d-----w- C:\Netgear
2013-12-23 12:21:38 . 2013-12-23 13:43:55 -------- d-----w- C:\Users\User\idee papa
2013-12-13 17:55:53 . 2013-12-13 21:26:59 -------- d-----w- C:\Users\User\AppData\Roaming\Media Player Classic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
2013-10-30 11:07:00 . 2013-10-30 11:07:00 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
2013-10-30 11:07:00 . 2013-10-30 11:07:00 330240 ----a-w- C:\Windows\MASetupCaller.dll
2013-10-30 11:07:00 . 2013-10-30 11:07:00 30568 ----a-w- C:\Windows\MusiccityDownload.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 974848 ----a-w- C:\Windows\SysWow64\cis-2.4.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 81920 ----a-w- C:\Windows\SysWow64\issacapi_bs-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 65536 ----a-w- C:\Windows\SysWow64\issacapi_pe-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MTXSYNCICON.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\MK_Lyric.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 57344 ----a-w- C:\Windows\SysWow64\issacapi_se-2.3.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 569344 ----a-w- C:\Windows\SysWow64\muzdecode.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 491520 ----a-w- C:\Windows\SysWow64\muzapp.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 49152 ----a-w- C:\Windows\SysWow64\MaJGUILib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45320 ----a-w- C:\Windows\SysWow64\MAMACExtract.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MaXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 45056 ----a-w- C:\Windows\SysWow64\MACXMLProto.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 40960 ----a-w- C:\Windows\SysWow64\MTTELECHIP.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 352256 ----a-w- C:\Windows\SysWow64\MSLUR71.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 258048 ----a-w- C:\Windows\SysWow64\muzoggsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 245760 ----a-w- C:\Windows\SysWow64\MSCLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 24576 ----a-w- C:\Windows\SysWow64\MASetupCleaner.exe
2013-10-30 11:06:54 . 2013-10-30 11:06:54 200704 ----a-w- C:\Windows\SysWow64\muzwmts.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 155648 ----a-w- C:\Windows\SysWow64\MSFLib.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 143360 ----a-w- C:\Windows\SysWow64\3DAudio.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 135168 ----a-w- C:\Windows\SysWow64\muzaf1.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 131072 ----a-w- C:\Windows\SysWow64\muzmpgsp.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 122880 ----a-w- C:\Windows\SysWow64\muzeffect.ax
2013-10-30 11:06:54 . 2013-10-30 11:06:54 118784 ----a-w- C:\Windows\SysWow64\MaDRM.dll
2013-10-30 11:06:54 . 2013-10-30 11:06:54 110592 ----a-w- C:\Windows\SysWow64\muzmp4sp.ax
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2011-01-16 00:01:54 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe
[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-01-16 00:01:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 17:52:04 1564528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2013-11-20 00:54:00 4411952]
"BtTray"="C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 16:36:42 371976]
"Ulead AutoDetector v2"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead AutoDetector"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe" [2007-08-02 19:08:00 95504]
"Ulead Calendar Checker"="C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe" [2005-08-22 08:10:54 69632]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24:20 54840]
"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 17:33:36 150528]
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 17:52:06 311152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"24308"="C:\PROGRA~3\LOCALS~1\Temp\msvopfw.bat" [BU]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R0 ayxzl;ayxzl;C:\Windows\system32\drivers\rxpta.sys;C:\Windows\SYSNATIVE\drivers\rxpta.sys [x]
R0 bpaos;bpaos;C:\Windows\system32\drivers\antv.sys;C:\Windows\SYSNATIVE\drivers\antv.sys [x]
R0 gpuvsidx;gpuvsidx;C:\Windows\system32\drivers\qcqybc.sys;C:\Windows\SYSNATIVE\drivers\qcqybc.sys [x]
R0 shniqbpd;shniqbpd;C:\Windows\system32\drivers\teznb.sys;C:\Windows\SYSNATIVE\drivers\teznb.sys [x]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;C:\Windows\system32\srvany.exe;C:\Windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\system32\Drivers\BtL2caScoIf.sys;C:\Windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS;C:\Windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys;C:\Windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys;C:\Windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe;C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys;C:\Windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys;C:\Windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys;C:\Windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys;C:\Windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;C:\Windows\system32\Drivers\BtAudioBus.sys;C:\Windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\system32\Drivers\IvtUrbBtFlt.sys;C:\Windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys;C:\Windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys;C:\Windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\system32\DRIVERS\RtsP2Stor.sys;C:\Windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\system32\DRIVERS\rtbth.sys;C:\Windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;C:\Windows\system32\DRIVERS\Smb_driver.sys;C:\Windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 19:55:57 1210320 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
Contenuto della cartella 'Scheduled Tasks'
2014-01-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
2014-01-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-01 10:58:58 . 2013-02-01 10:58:56]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-04-03 06:55:16 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-04-03 06:55:04 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-04-03 06:55:10 439064]
------- Scansione supplementare -------
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.ebay.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: ebay.it\my
TCP: DhcpNameServer = 192.168.0.1
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_USERS\S-1-5-21-3932492033-584424908-2357461149-1000_Classes\CLSID\{6FDFBEDD-7D7A-6448-A5A4-A43F74ACFC81}] @DenieD: (A 4) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
------------------------ Altri processi in esecuzione ------------------------
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
**************************************************************************
Ora fine scansione: 2014-01-09 09:35:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-01-09 08:35:51
ComboFix2.txt 2014-01-08 10:20:10
ComboFix3.txt 2014-01-08 10:01:01
ComboFix4.txt 2014-01-08 08:08:20
ComboFix5.txt 2014-01-09 08:22:21
Pre-Run: 166.397.800.448 byte disponibili
Post-Run: 166.369.091.584 byte disponibili
- - End Of File - - 71796CDA878FE1AC2FD7473C7C4DC01C
A36C5E4F47E84449FF07ED3517B43A31
menatwork
Utente Attivo
- Messaggi
- 1,303
- Reazioni
- 232
- Punteggio
- 77
vediamo se cosi' funziona
segui questo percorso
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde9 0685eb910636\winlogon.exe
quando vedi winlogon.exe vai col tasto destro del mouse e scegli copia
ora recati nel percorso
C:\Windows\system32
apri la cartella system32 e sempre col tasto destro scegli incolla
accetta le modifiche
segui questo percorso
C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde9 0685eb910636\winlogon.exe
quando vedi winlogon.exe vai col tasto destro del mouse e scegli copia
ora recati nel percorso
C:\Windows\system32
apri la cartella system32 e sempre col tasto destro scegli incolla
accetta le modifiche
M
migraine
Ospite
Ho fatto ,ma quando devo incollare winlog.exe nel syst 32 ho 3 possibilità :
1.copia e sustituisci
2.non copiare
3.copia, ma mantieni entrambi i file.
Ho scelto la prima variante e mi dice :"impossibile copletare l'operazione perche la cartella o un file all'interno di essa è aperto in un altro programma .."
Cosa faccio?
(Ho chiuso tutti i programmi prima di fare questa operazione)
1.copia e sustituisci
2.non copiare
3.copia, ma mantieni entrambi i file.
Ho scelto la prima variante e mi dice :"impossibile copletare l'operazione perche la cartella o un file all'interno di essa è aperto in un altro programma .."
Cosa faccio?
(Ho chiuso tutti i programmi prima di fare questa operazione)
Pubblicità