Prima di tutto (sono nuovo) buon giorno a tutti.
Il mio problema non è dei più gravi poichè il pc funziona egreggiamente.
Però da 3/4 giorni quando utilizzo Pdf24 creator dopo aver caricato il file da modificare passano 5-10 secondi e il programma si blocca e con esso il pc (tanto che devo spegnerlo da pulsante d'alimentazione perchè non risponde ai comandi come si deve)
Allora disistallo il programma e poichè mi trovo bene ad utilizzarlo lo riscarico, ma non cambia nulla.
Poichè dopo mesi e mesi che lo utilizzo ed e sempre stato veloce e non ha dato mai problemi, cerco di fare un ripristino del sistema, ma a fine operazione mi dice che è impossibile ripristinare il sistema.
Utilizzo una guida di microsoft per risolvere il problema del ripristino ma niente a fine operazione mi dice che è impossibile ripristinare il sistema.
Scatta il campanello d'allarme! Avvio la scansione con il mio AVG I.S. 2013 ma non trova niente. Ricerca rootkit sempre con AVG ma niente. Allora seguo una vostra guida per identificare "ospiti" indesiderati: http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
1) Utilizzo Malwarebytes ma non tova niente;
2) Utilizzo Kaspersky tdsskiller ma non trova niente;
3) Infine utilizzo ComboFix e ho bisogno che qualcuno mi legga il risultato (dato che non capito un gran che, scusate ma è abbastanza lungo) che incollo qui sotto (premetto che pdf24 creator lo sostituirò con un altro programma simile e ringrazio anticipatamente per l'attenzione) :
ComboFix 13-04-27.04 - Salvatore 27/04/2013 15:20:04.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1013.298 [GMT 2:00]
Eseguito da: c:\users\Salvatore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USMJU7DB\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-27 al 2013-04-27 )))))))))))))))))))))))))))))))))))
.
.
2013-04-27 13:41 . 2013-04-27 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 10:55 . 2013-04-27 08:21 -------- d-----w- c:\program files\PDF24
2013-04-24 13:46 . 2013-04-12 13:58 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 09:58 . 2013-04-23 09:58 -------- d-----w- c:\users\Salvatore\AppData\Roaming\gtk-2.0
2013-04-18 21:31 . 2013-04-18 21:31 -------- d-----w- c:\program files\Common Files\Java
2013-04-18 21:30 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 19:05 . 2013-04-16 19:24 -------- d-----w- c:\users\Salvatore\AppData\Roaming\multilizer
2013-04-10 21:28 . 2009-02-18 14:31 89600 ----a-w- c:\windows\system32\GRID32.OCX
2013-04-10 21:28 . 2013-04-27 08:21 -------- d-----w- c:\program files\Common Files\Microsoft condivisa
2013-04-10 21:28 . 2009-06-03 20:37 45056 ----a-w- c:\windows\system32\MFC40LOC.DLL
2013-04-10 21:28 . 2009-02-18 14:31 59504 ----a-w- c:\windows\system32\VBDB32.DLL
2013-04-10 21:28 . 2009-02-18 14:31 39936 ----a-w- c:\windows\system32\CCTLIT32.DLL
2013-04-10 21:28 . 2009-02-18 14:31 608448 ----a-w- c:\windows\system32\comctl32.ocx
2013-04-10 21:28 . 2009-02-18 14:31 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2013-04-10 21:28 . 2013-04-10 21:28 -------- d-----w- c:\program files\rette
2013-04-10 21:28 . 2009-02-18 14:31 198656 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-10 21:24 . 2009-06-03 20:37 76288 ----a-w- c:\windows\system32\ODBCTL32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 244496 ----a-w- c:\windows\system32\VBAR2232.DLL
2013-04-10 21:24 . 2009-06-03 20:37 309520 ----a-w- c:\windows\system32\MSWNG300.DLL
2013-04-10 21:24 . 2009-06-03 20:37 98356 ----a-w- c:\windows\system32\MSJTER32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 37648 ----a-w- c:\windows\system32\MSJINT32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 245520 ----a-w- c:\windows\system32\MSRD2X32.DLL
2013-04-10 21:24 . 2009-02-18 14:31 950272 ----a-w- c:\windows\system32\MSJT3032.DLL
2013-04-10 14:45 . 2009-02-18 14:31 35136 ----a-w- c:\windows\system32\VB4IT32.DLL
2013-04-10 14:45 . 2009-02-18 14:31 722192 ----a-w- c:\windows\system32\VB40032.DLL
2013-04-10 14:40 . 2009-06-03 20:37 61952 ----a-w- c:\windows\ST4UNST.EXE
2013-04-10 13:56 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 13:56 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:56 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:56 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:56 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:55 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:55 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 13:55 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 13:53 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 20:08 . 2013-04-04 20:10 -------- d-----w- c:\programdata\Freemake
2013-04-04 20:07 . 2013-04-04 20:08 -------- d-----w- c:\program files\Freemake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 22:50 . 2012-12-22 12:04 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 22:50 . 2012-12-22 12:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 00:19 . 2012-12-19 21:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 00:19 . 2012-12-19 21:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 13:51 . 2013-03-20 20:54 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-01-15 09:36 . 2012-12-19 20:45 75040 ----a-w- c:\program files\Common Files\SpeechUninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Facebook Update"="c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-30 138096]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 715296]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-02-05 421888]
"Argente Utilities"="c:\program files\Argente Utilities\Argente Utilities.exe" [2011-02-10 2832896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\eMachines\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 37713251
*NewlyCreated* - 45057676
*Deregistered* - 37713251
*Deregistered* - 45057676
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:19]
.
2013-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624118157-3594656290-1850813847-1000Core.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 19:21]
.
2013-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624118157-3594656290-1850813847-1000UA.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 19:21]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 21:19]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 21:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://emachines.msn.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-45057676.sys
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2013-04-27 15:51:21
ComboFix-quarantined-files.txt 2013-04-27 13:51
.
Pre-Run: 196.710.084.608 byte disponibili
Post-Run: 196.648.329.216 byte disponibili
.
- - End Of File - - 6B0DFD82B54097A8AF39DCD69324A1B6
Il mio problema non è dei più gravi poichè il pc funziona egreggiamente.
Però da 3/4 giorni quando utilizzo Pdf24 creator dopo aver caricato il file da modificare passano 5-10 secondi e il programma si blocca e con esso il pc (tanto che devo spegnerlo da pulsante d'alimentazione perchè non risponde ai comandi come si deve)
Allora disistallo il programma e poichè mi trovo bene ad utilizzarlo lo riscarico, ma non cambia nulla.
Poichè dopo mesi e mesi che lo utilizzo ed e sempre stato veloce e non ha dato mai problemi, cerco di fare un ripristino del sistema, ma a fine operazione mi dice che è impossibile ripristinare il sistema.
Utilizzo una guida di microsoft per risolvere il problema del ripristino ma niente a fine operazione mi dice che è impossibile ripristinare il sistema.
Scatta il campanello d'allarme! Avvio la scansione con il mio AVG I.S. 2013 ma non trova niente. Ricerca rootkit sempre con AVG ma niente. Allora seguo una vostra guida per identificare "ospiti" indesiderati: http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
1) Utilizzo Malwarebytes ma non tova niente;
2) Utilizzo Kaspersky tdsskiller ma non trova niente;
3) Infine utilizzo ComboFix e ho bisogno che qualcuno mi legga il risultato (dato che non capito un gran che, scusate ma è abbastanza lungo) che incollo qui sotto (premetto che pdf24 creator lo sostituirò con un altro programma simile e ringrazio anticipatamente per l'attenzione) :
ComboFix 13-04-27.04 - Salvatore 27/04/2013 15:20:04.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.39.1040.18.1013.298 [GMT 2:00]
Eseguito da: c:\users\Salvatore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USMJU7DB\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-03-27 al 2013-04-27 )))))))))))))))))))))))))))))))))))
.
.
2013-04-27 13:41 . 2013-04-27 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 10:55 . 2013-04-27 08:21 -------- d-----w- c:\program files\PDF24
2013-04-24 13:46 . 2013-04-12 13:58 1210728 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 09:58 . 2013-04-23 09:58 -------- d-----w- c:\users\Salvatore\AppData\Roaming\gtk-2.0
2013-04-18 21:31 . 2013-04-18 21:31 -------- d-----w- c:\program files\Common Files\Java
2013-04-18 21:30 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 19:05 . 2013-04-16 19:24 -------- d-----w- c:\users\Salvatore\AppData\Roaming\multilizer
2013-04-10 21:28 . 2009-02-18 14:31 89600 ----a-w- c:\windows\system32\GRID32.OCX
2013-04-10 21:28 . 2013-04-27 08:21 -------- d-----w- c:\program files\Common Files\Microsoft condivisa
2013-04-10 21:28 . 2009-06-03 20:37 45056 ----a-w- c:\windows\system32\MFC40LOC.DLL
2013-04-10 21:28 . 2009-02-18 14:31 59504 ----a-w- c:\windows\system32\VBDB32.DLL
2013-04-10 21:28 . 2009-02-18 14:31 39936 ----a-w- c:\windows\system32\CCTLIT32.DLL
2013-04-10 21:28 . 2009-02-18 14:31 608448 ----a-w- c:\windows\system32\comctl32.ocx
2013-04-10 21:28 . 2009-02-18 14:31 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2013-04-10 21:28 . 2013-04-10 21:28 -------- d-----w- c:\program files\rette
2013-04-10 21:28 . 2009-02-18 14:31 198656 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-04-10 21:24 . 2009-06-03 20:37 76288 ----a-w- c:\windows\system32\ODBCTL32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 244496 ----a-w- c:\windows\system32\VBAR2232.DLL
2013-04-10 21:24 . 2009-06-03 20:37 309520 ----a-w- c:\windows\system32\MSWNG300.DLL
2013-04-10 21:24 . 2009-06-03 20:37 98356 ----a-w- c:\windows\system32\MSJTER32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 37648 ----a-w- c:\windows\system32\MSJINT32.DLL
2013-04-10 21:24 . 2009-06-03 20:37 245520 ----a-w- c:\windows\system32\MSRD2X32.DLL
2013-04-10 21:24 . 2009-02-18 14:31 950272 ----a-w- c:\windows\system32\MSJT3032.DLL
2013-04-10 14:45 . 2009-02-18 14:31 35136 ----a-w- c:\windows\system32\VB4IT32.DLL
2013-04-10 14:45 . 2009-02-18 14:31 722192 ----a-w- c:\windows\system32\VB40032.DLL
2013-04-10 14:40 . 2009-06-03 20:37 61952 ----a-w- c:\windows\ST4UNST.EXE
2013-04-10 13:56 . 2013-01-24 04:51 195816 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 13:56 . 2013-03-19 05:06 3902312 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 13:56 . 2013-03-19 05:06 3958120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 13:56 . 2013-03-19 04:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 13:56 . 2013-03-19 02:50 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 13:55 . 2013-02-12 15:13 2691072 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 13:55 . 2013-02-12 15:07 131072 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 13:55 . 2013-02-12 13:59 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 13:53 . 2013-03-01 03:11 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 20:08 . 2013-04-04 20:10 -------- d-----w- c:\programdata\Freemake
2013-04-04 20:07 . 2013-04-04 20:08 -------- d-----w- c:\program files\Freemake
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 22:50 . 2012-12-22 12:04 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-26 22:50 . 2012-12-22 12:04 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 00:19 . 2012-12-19 21:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 00:19 . 2012-12-19 21:45 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 13:51 . 2013-03-20 20:54 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2010-01-15 09:36 . 2012-12-19 20:45 75040 ----a-w- c:\program files\Common Files\SpeechUninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"Facebook Update"="c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-12-30 138096]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-12-20 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-03 9398888]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2010-06-11 715296]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-02-05 421888]
"Argente Utilities"="c:\program files\Argente Utilities\Argente Utilities.exe" [2011-02-10 2832896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-03-20 162856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\eMachines\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 37713251
*NewlyCreated* - 45057676
*Deregistered* - 37713251
*Deregistered* - 45057676
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 00:19]
.
2013-04-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624118157-3594656290-1850813847-1000Core.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 19:21]
.
2013-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-624118157-3594656290-1850813847-1000UA.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-30 19:21]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 21:19]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 21:19]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://emachines.msn.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-45057676.sys
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2013-04-27 15:51:21
ComboFix-quarantined-files.txt 2013-04-27 13:51
.
Pre-Run: 196.710.084.608 byte disponibili
Post-Run: 196.648.329.216 byte disponibili
.
- - End Of File - - 6B0DFD82B54097A8AF39DCD69324A1B6
