Non riesco ad installare alcun antivirus sul PC (AVG si blocca poco dopo che comincia l'installazione e con Avira mi appare il messaggio in cui c'è scritto che non ho i permessi per accedere al file "percorso")...come faccio a risolvere questo problema?
Ho provato ad utilizzare ComboFix ma nulla, questo è il report, ho supposto che il problema fosse il file "winlogon.exe" ma non me lo cancella, ho utilizzato ComboFix sia normalmnte che con la modalità provvisoria, nel pc non ho alcun antivirus anche se mi dice che AVG è presente come si vede anche nel report:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 16-06-01.01 - User_2 02/06/2016 13.04.51.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2422 [GMT 2:00]
Eseguito da: c:\documents and settings\User_2\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\User_2\Documenti\93.tmp
C:\Documents
C:\LIL2D6.tmp
c:\programmi\%sysdir%
c:\programmi\%sysdir%\winlogon.exe
c:\programmi\WinRAR\Leggimi.Txt
c:\programmi\WinRAR\Leggimi_1a.Txt
c:\programmi\WinRAR\Licenza.Txt
c:\programmi\WinRAR\NoteTecniche.Txt
c:\programmi\WinRAR\Ordin.htm
c:\programmi\WinRAR\Ordina.htm
c:\programmi\WinRAR\SorgUnRAR.Txt
c:\windows\system32\winlogon.bak
c:\windows\wininit.ini
.
c:\windows\system32\winlogon.exe . . . è infetto!!
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_asl
-------\Service_asl
.
.
((((((((((((((((((((((((( Files Creati Da 2016-05-02 al 2016-06-02 )))))))))))))))))))))))))))))))))))
.
.
2016-06-02 10:41 . 2016-06-02 10:56 -------- d-----w- c:\programmi\Avira
2016-06-01 15:40 . 2016-06-01 15:40 -------- d-----w- c:\programmi\AVG
2016-06-01 14:02 . 2016-06-01 14:02 -------- d-----w- c:\documents and settings\User_2\Dati applicazioni\TuneUp Software
2016-06-01 14:00 . 2016-06-01 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2016-06-01 14:00 . 2016-06-01 14:00 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\MFAData
2016-06-01 13:25 . 2016-06-02 10:36 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\AvgSetupLog
2016-06-01 13:08 . 2016-06-01 13:08 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\VS Revo Group
2016-06-01 12:56 . 2016-06-02 11:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Package Cache
2016-06-01 12:43 . 2016-06-01 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VS Revo Group
2016-06-01 12:43 . 2009-12-30 08:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-06-01 12:43 . 2016-06-01 12:43 -------- d-----w- c:\programmi\VS Revo Group
2016-06-01 11:17 . 2016-06-01 11:18 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 15:51 . 2015-04-01 15:51 6103040 ----a-w- c:\programmi\GUT192.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-09-13 . FD46B348FCA32A1987B9A32B6BA81D2E . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2009-04-07 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"="c:\programmi\AVG\Framework\Common\avguirnx.exe" [2016-05-18 186640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe" [2016-01-01 1163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\User_2\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\User_2\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
.
R2 avgsvc;AVG Service;c:\programmi\AVG\Framework\Common\avgsvcx.exe [18/05/2016 13.08.38 890128]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/09/2013 22.01.34 103040]
S1 nomflcck;nomflcck;\??\c:\windows\system32\drivers\nomflcck.sys --> c:\windows\system32\drivers\nomflcck.sys [?]
S1 tbfd_1_10_0_15;tbfd_1_10_0_15;c:\windows\system32\drivers\tbfd_1_10_0_15.sys --> c:\windows\system32\drivers\tbfd_1_10_0_15.sys [?]
S2 66e06c3b;SuperOptimizer Stats;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S2 91a0a9f8;SystemOptimizer Stats;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S2 ab89d031;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/09/2013 22.05.21 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\User_2\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\User_2\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24/12/2013 17.14.54 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [12/10/2013 13.26.47 20032]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [01/06/2016 14.43.53 27064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24/12/2013 17.14.54 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [24/12/2013 17.14.54 181432]
S3 uzsvc;UltraZip Service;c:\programmi\UltraZip\uzsvc.exe [07/05/2015 18.08.28 531648]
S3 uzupd;UltraZip Updater;c:\programmi\UltraZip\uzupd.exe [07/05/2015 18.08.29 69824]
S3 WsDrvInst;Wondershare Driver Install Service;c:\programmi\Wondershare\Dr.Fone per Android\DriverInstall.exe [07/07/2015 11.55.38 103824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-01 14:30 1106072 ----a-w- c:\programmi\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-03-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2016-01-01 08:48]
.
2016-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 08:48]
.
2015-11-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017Core.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Dropbox\Update\DropboxUpdate.exe [2015-07-07 09:07]
.
2015-11-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017UA.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Dropbox\Update\DropboxUpdate.exe [2015-07-07 09:07]
.
2015-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017Core.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-02-02 20:52]
.
2015-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017UA.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-02-02 20:52]
.
2016-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2016-01-01 08:50]
.
2016-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2016-01-01 08:50]
.
2015-11-13 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2015-11-13 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2016-06-02 c:\windows\Tasks\Opera scheduled Autoupdate 1431026027.job
- c:\programmi\Opera\launcher.exe [2015-05-07 07:09]
.
2016-06-02 c:\windows\Tasks\User_Feed_Synchronization-{930C511A-7EB3-4FBE-B167-8FC5467F7A96}.job
- c:\windows\system32\msfeedssync.exe [2013-09-12 02:31]
.
2015-11-13 c:\windows\Tasks\User_Feed_Synchronization-{A615F48B-7B79-484B-BBBF-89F3FADB7577}.job
- c:\windows\system32\msfeedssync.exe [2013-09-12 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-01_Simmental - c:\programmi\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programmi\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programmi\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programmi\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programmi\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programmi\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programmi\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programmi\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programmi\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programmi\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programmi\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programmi\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programmi\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programmi\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programmi\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programmi\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programmi\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programmi\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programmi\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-Samsung Kies Packages - c:\documents and settings\User_2\Dati applicazioni\0F1F1C2Y1H1P1C0I0T\Samsung Kies Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2016-06-02 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @DenieD: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\Framework\Common\avguix.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Ora fine scansione: 2016-06-02 13:12:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2016-06-02 11:12
.
Pre-Run: 459.494.047.744 byte disponibili
Post-Run: 459.618.414.592 byte disponibili
.
- - End Of File - - 9CBF2ABDF64E25787C4694C87B84DC3F
8F558EB6672622401DA993E1E865C861
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ho provato ad utilizzare ComboFix ma nulla, questo è il report, ho supposto che il problema fosse il file "winlogon.exe" ma non me lo cancella, ho utilizzato ComboFix sia normalmnte che con la modalità provvisoria, nel pc non ho alcun antivirus anche se mi dice che AVG è presente come si vede anche nel report:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 16-06-01.01 - User_2 02/06/2016 13.04.51.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2422 [GMT 2:00]
Eseguito da: c:\documents and settings\User_2\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\All Users\ntuser.pol
c:\documents and settings\User_2\Documenti\93.tmp
C:\Documents
C:\LIL2D6.tmp
c:\programmi\%sysdir%
c:\programmi\%sysdir%\winlogon.exe
c:\programmi\WinRAR\Leggimi.Txt
c:\programmi\WinRAR\Leggimi_1a.Txt
c:\programmi\WinRAR\Licenza.Txt
c:\programmi\WinRAR\NoteTecniche.Txt
c:\programmi\WinRAR\Ordin.htm
c:\programmi\WinRAR\Ordina.htm
c:\programmi\WinRAR\SorgUnRAR.Txt
c:\windows\system32\winlogon.bak
c:\windows\wininit.ini
.
c:\windows\system32\winlogon.exe . . . è infetto!!
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_asl
-------\Service_asl
.
.
((((((((((((((((((((((((( Files Creati Da 2016-05-02 al 2016-06-02 )))))))))))))))))))))))))))))))))))
.
.
2016-06-02 10:41 . 2016-06-02 10:56 -------- d-----w- c:\programmi\Avira
2016-06-01 15:40 . 2016-06-01 15:40 -------- d-----w- c:\programmi\AVG
2016-06-01 14:02 . 2016-06-01 14:02 -------- d-----w- c:\documents and settings\User_2\Dati applicazioni\TuneUp Software
2016-06-01 14:00 . 2016-06-01 15:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2016-06-01 14:00 . 2016-06-01 14:00 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\MFAData
2016-06-01 13:25 . 2016-06-02 10:36 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\AvgSetupLog
2016-06-01 13:08 . 2016-06-01 13:08 -------- d-----w- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\VS Revo Group
2016-06-01 12:56 . 2016-06-02 11:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Package Cache
2016-06-01 12:43 . 2016-06-01 12:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\VS Revo Group
2016-06-01 12:43 . 2009-12-30 08:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2016-06-01 12:43 . 2016-06-01 12:43 -------- d-----w- c:\programmi\VS Revo Group
2016-06-01 11:17 . 2016-06-01 11:18 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-01 15:51 . 2015-04-01 15:51 6103040 ----a-w- c:\programmi\GUT192.tmp
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-09-13 . FD46B348FCA32A1987B9A32B6BA81D2E . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
.
[-] 2009-04-07 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvgUi"="c:\programmi\AVG\Framework\Common\avguirnx.exe" [2016-05-18 186640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe" [2016-01-01 1163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\User_2\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Documents and Settings\\User_2\\Dati applicazioni\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
.
R2 avgsvc;AVG Service;c:\programmi\AVG\Framework\Common\avgsvcx.exe [18/05/2016 13.08.38 890128]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [12/09/2013 22.01.34 103040]
S1 nomflcck;nomflcck;\??\c:\windows\system32\drivers\nomflcck.sys --> c:\windows\system32\drivers\nomflcck.sys [?]
S1 tbfd_1_10_0_15;tbfd_1_10_0_15;c:\windows\system32\drivers\tbfd_1_10_0_15.sys --> c:\windows\system32\drivers\tbfd_1_10_0_15.sys [?]
S2 66e06c3b;SuperOptimizer Stats;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S2 91a0a9f8;SystemOptimizer Stats;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S2 ab89d031;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe [12/09/2013 21.49.12 33280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/09/2013 22.05.21 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\User_2\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\User_2\IMPOST~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [24/12/2013 17.14.54 80824]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [12/10/2013 13.26.47 20032]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [01/06/2016 14.43.53 27064]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [24/12/2013 17.14.54 181432]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudserd.sys [24/12/2013 17.14.54 181432]
S3 uzsvc;UltraZip Service;c:\programmi\UltraZip\uzsvc.exe [07/05/2015 18.08.28 531648]
S3 uzupd;UltraZip Updater;c:\programmi\UltraZip\uzupd.exe [07/05/2015 18.08.29 69824]
S3 WsDrvInst;Wondershare Driver Install Service;c:\programmi\Wondershare\Dr.Fone per Android\DriverInstall.exe [07/07/2015 11.55.38 103824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-01 14:30 1106072 ----a-w- c:\programmi\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-03-05 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_20_0_0_267_pepper.exe [2016-01-01 08:48]
.
2016-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 08:48]
.
2015-11-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017Core.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Dropbox\Update\DropboxUpdate.exe [2015-07-07 09:07]
.
2015-11-13 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017UA.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Dropbox\Update\DropboxUpdate.exe [2015-07-07 09:07]
.
2015-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017Core.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-02-02 20:52]
.
2015-11-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-299502267-920026266-1801674531-1017UA.job
- c:\documents and settings\User_2\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-02-02 20:52]
.
2016-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2016-01-01 08:50]
.
2016-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2016-01-01 08:50]
.
2015-11-13 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2015-11-13 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-21 23:28]
.
2016-06-02 c:\windows\Tasks\Opera scheduled Autoupdate 1431026027.job
- c:\programmi\Opera\launcher.exe [2015-05-07 07:09]
.
2016-06-02 c:\windows\Tasks\User_Feed_Synchronization-{930C511A-7EB3-4FBE-B167-8FC5467F7A96}.job
- c:\windows\system32\msfeedssync.exe [2013-09-12 02:31]
.
2015-11-13 c:\windows\Tasks\User_Feed_Synchronization-{A615F48B-7B79-484B-BBBF-89F3FADB7577}.job
- c:\windows\system32\msfeedssync.exe [2013-09-12 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{05bf0e05-a298-4d0a-b6eb-f55b30a2e662} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-01_Simmental - c:\programmi\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programmi\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programmi\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programmi\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programmi\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programmi\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programmi\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programmi\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programmi\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programmi\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programmi\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programmi\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programmi\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programmi\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programmi\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programmi\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programmi\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programmi\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programmi\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
AddRemove-Samsung Kies Packages - c:\documents and settings\User_2\Dati applicazioni\0F1F1C2Y1H1P1C0I0T\Samsung Kies Packages\uninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2016-06-02 13:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @DenieD: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3364)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVG\Framework\Common\avguix.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
.
**************************************************************************
.
Ora fine scansione: 2016-06-02 13:12:21 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2016-06-02 11:12
.
Pre-Run: 459.494.047.744 byte disponibili
Post-Run: 459.618.414.592 byte disponibili
.
- - End Of File - - 9CBF2ABDF64E25787C4694C87B84DC3F
8F558EB6672622401DA993E1E865C861
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ultima modifica: