PROBLEMA virus c:/windows/system32/service.exe

Pubblicità
A

Arkos71

Nuovo Utente
Messaggi
4
Reazioni
0
Punteggio
24
Buongiorno,
purtroppo stamattina ho beccato questo virus allocato su c:/windows/system32/service.exe con altre manifestazioni di malware..tra cui un certo win64/patched.a (avg non riesce ad eliminarlo e mi dice di farlo manualmente)

ho scaricato ed eseguito combofix, seguendo le procedure e sotto riporto il log:

ComboFix.txt

grazie a chiunque vorrà dirmi qualcosa in merito :)
 
Ciao Arkos71

si trattava di una variante del rootkit zeroAccess , eliminato da Combofix : services.exe era infettato ma ripristinato dallo strumento stesso.
Se vuoi un consiglio , rimuovi AVG e passa ad Antivir o Avast.
 
ok tolto avg e installato avast - ho fatto scansione con adwcleaner:

# AdwCleaner v1.604 - Logfile created 03/22/2013 at 12:33:09
# Updated 23/04/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Claudio - CLAUDIO-HP
# Running from : C:\Users\Claudio\Downloads\Installer AdwCleaner.exe
# Option [Delete]




***** [Services] *****




***** [Files / Folders] *****


Folder Deleted : C:\Users\Claudio\AppData\Local\Conduit
Folder Deleted : C:\Users\Claudio\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Claudio\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Claudio\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Claudio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Deleted : C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\g14pj3wl.default\ConduitCommon
Folder Deleted : C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\g14pj3wl.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\g14pj3wl.default\searchplugins\Askcom.xml


***** [Registry] *****


[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF


***** [Registre - GUID] *****


Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C86FF9FA-AEED-451B-A9CC-39A53173AE2E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}


***** [Internet Browsers] *****


-\\ Internet Explorer v9.0.8112.16421


[OK] Registry is clean.


-\\ Mozilla Firefox v9.0.1 (it)


Profile name : default
File : C:\Users\Claudio\AppData\Roaming\Mozilla\Firefox\Profiles\g14pj3wl.default\prefs.js


Deleted : user_pref("CT2849853..clientLogIsEnabled", false);
Deleted : user_pref("CT2849853..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2849853..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2849853.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2849853.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2849853.BrowserCompStateIsOpen_129642291293462295", true);
Deleted : user_pref("CT2849853.CTID", "CT2849853");
Deleted : user_pref("CT2849853.CurrentServerDate", "25-7-2012");
Deleted : user_pref("CT2849853.DSInstall", false);
Deleted : user_pref("CT2849853.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2849853.DialogsGetterLastCheckTime", "Wed Jul 25 2012 10:48:11 GMT+0200 (ora legale Eur[...]
Deleted : user_pref("CT2849853.DownloadReferralCookieData", "");
Deleted : user_pref("CT2849853.EMailNotifierPollDate", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale Europa o[...]
Deleted : user_pref("CT2849853.FeedLastCount129349796225594318", 322);
Deleted : user_pref("CT2849853.FeedPollDate129313974171006416", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313975698350231", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313976370850190", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313976648818968", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313977444757117", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313980389131455", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313980655381977", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313980886163259", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313981234756535", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313983226631720", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedPollDate129313983607725691", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale[...]
Deleted : user_pref("CT2849853.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2849853.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2849853.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2849853.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2849853.FirstServerDate", "21-5-2012");
Deleted : user_pref("CT2849853.FirstTime", true);
Deleted : user_pref("CT2849853.FirstTimeFF3", true);
Deleted : user_pref("CT2849853.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2849853.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2849853.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2849853.HPInstall", false);
Deleted : user_pref("CT2849853.HasUserGlobalKeys", true);
Deleted : user_pref("CT2849853.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2849853.HomepageBeforeUnload", "hxxp://www.gooofullsearch.com");
Deleted : user_pref("CT2849853.Initialize", true);
Deleted : user_pref("CT2849853.InitializeCommonPrefs", true);
Deleted : user_pref("CT2849853.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2849853.InstallationId", "fft19B8.tmp.exe");
Deleted : user_pref("CT2849853.InstallationType", "XPE");
Deleted : user_pref("CT2849853.InstalledDate", "Mon May 21 2012 11:20:17 GMT+0200 (ora legale Europa occidenta[...]
Deleted : user_pref("CT2849853.IsAlertDBUpdated", true);
Deleted : user_pref("CT2849853.IsGrouping", false);
Deleted : user_pref("CT2849853.IsInitSetupIni", true);
Deleted : user_pref("CT2849853.IsMulticommunity", false);
Deleted : user_pref("CT2849853.IsOpenThankYouPage", true);
Deleted : user_pref("CT2849853.IsOpenUninstallPage", false);
Deleted : user_pref("CT2849853.LanguagePackLastCheckTime", "Wed Jul 25 2012 10:48:10 GMT+0200 (ora legale Euro[...]
Deleted : user_pref("CT2849853.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2849853.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2849853.LastLogin_3.12.0.8", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale Europa occi[...]
Deleted : user_pref("CT2849853.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2849853.Locale", "it");
Deleted : user_pref("CT2849853.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2849853.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2849853.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2849853.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2849853.OriginalFirstVersion", "3.12.0.8");
Deleted : user_pref("CT2849853.SearchCaption", "BittorrentBar_IT Customized Web Search");
Deleted : user_pref("CT2849853.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2849853.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2849853.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2849853.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2849853.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2849853.SearchInNewTabLastCheckTime", "Wed Jul 25 2012 10:48:05 GMT+0200 (ora legale Eu[...]
Deleted : user_pref("CT2849853.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2849853.SearchProtectorEnabled", false);
Deleted : user_pref("CT2849853.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2849853.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2849853.ServiceMapLastCheckTime", "Wed Jul 25 2012 10:48:06 GMT+0200 (ora legale Europa[...]
Deleted : user_pref("CT2849853.SettingsLastCheckTime", "Wed Jul 25 2012 10:48:05 GMT+0200 (ora legale Europa o[...]
Deleted : user_pref("CT2849853.SettingsLastUpdate", "1339665146");
Deleted : user_pref("CT2849853.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849853&SearchSource=13");
Deleted : user_pref("CT2849853.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2849853.ThirdPartyComponentsLastCheck", "Wed Jul 25 2012 10:48:05 GMT+0200 (ora legale [...]
Deleted : user_pref("CT2849853.ThirdPartyComponentsLastUpdate", "1331806005");
Deleted : user_pref("CT2849853.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2849853.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849853");
Deleted : user_pref("CT2849853.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2849853.UserID", "UN00095151606600640");
Deleted : user_pref("CT2849853.WeatherNetwork", "");
Deleted : user_pref("CT2849853.WeatherPollDate", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legale Europa occiden[...]
Deleted : user_pref("CT2849853.WeatherUnit", "C");
Deleted : user_pref("CT2849853.alertChannelId", "1241894");
Deleted : user_pref("CT2849853.autoDisableScopes", 0);
Deleted : user_pref("CT2849853.backendstorage.cbcountry_000", "4954");
Deleted : user_pref("CT2849853.backendstorage.cbcountry_001", "4954");
Deleted : user_pref("CT2849853.backendstorage.cbfirsttime", "4D6F6E204D617920323120323031322031313A32303A31392[...]
Deleted : user_pref("CT2849853.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2849853.globalFirstTimeInfoLastCheckTime", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora lega[...]
Deleted : user_pref("CT2849853.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2849853.initDone", true);
Deleted : user_pref("CT2849853.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2849853.myStuffEnabled", true);
Deleted : user_pref("CT2849853.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2849853.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2849853.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2849853.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2849853.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2849853.oldAppsList", "129349796223406800,129349796223719301,1000234,129791459782529206[...]
Deleted : user_pref("CT2849853.revertSettingsEnabled", true);
Deleted : user_pref("CT2849853.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2849853.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2849853.testingCtid", "");
Deleted : user_pref("CT2849853.toolbarAppMetaDataLastCheckTime", "Wed Jul 25 2012 10:48:10 GMT+0200 (ora legal[...]
Deleted : user_pref("CT2849853.toolbarContextMenuLastCheckTime", "Wed Jul 25 2012 10:48:07 GMT+0200 (ora legal[...]
Deleted : user_pref("CT2849853.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849853/CT2849853[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849853", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849853",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=it", "\"b6a[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Claudio\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849853");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849853");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849853");
Deleted : user_pref("CommunityToolbar.globalUserId", "4b992e4e-e55c-444f-a051-264ef468e06d");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849853");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 25 2012 10:48:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Jul 25 2012 10:48:06 GMT+0200 (o[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9c51aff0-4f77-405c-9ee1-e941694cef64");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.gooofullsearch.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=2&q=[...]


-\\ Google Chrome v25.0.1364.172


File : C:\Users\Claudio\AppData\Local\Google\Chrome\User Data\Default\Preferences


[OK] File is clean.


*************************


AdwCleaner[R1].txt - [26631 octets] - [22/03/2013 12:28:53]
AdwCleaner[S1].txt - [286 octets] - [22/03/2013 12:29:00]
AdwCleaner[S2].txt - [24159 octets] - [22/03/2013 12:33:09]


########## EOF - C:\AdwCleaner[S2].txt - [24288 octets] ##########
 
Non hai scaricato l'ultima versione , ma va bene lo stesso.
Apri adwcleaner e clicca su Disinstalla.
 
ciao ragazioggi ho preso anchio lo stesso virus rootckit c:\windows\system32\services.exe ed ho provate con tuto quelo che avevo disponibile avast internet security pro 8 malwarebytes pro superantispyvare pro ma il problema persiste non mi resta che provare in mod.... provi...se qualquno mi sa dare una mano grazie
 
@FxPreto

Combofix ha eliminato il rootkit.
Attenzione alla navigazione web , controlla se l'antivirus si aggiorna correttamente e aggiorni le piattaforme Java.
 
salve a tutti, e mi scuso per il disturbo ma ho bisogno del vostro aiuto.
circa 2 mesi fa ho preso questo virus(quello che infetta il file services.exe) e ho dovuto formattare per risolvere, ma stavolta preferivo fare diversamente ma nn so dove mettere le mani.
premetto che nn ho ancora capito come fa ad infettarmi, nn vado su siti strani e nn ho nel pc programmi strani(credo) tipo cheat o cose che potrebbero essere virus, ma beccare 2 volte lo stesso virus nn è bello.
spero che qualk1 mi possa aiutare, come scritto sopra, ho copiato il report di combofix, aspetto risposte, grazie a tutti.



ComboFix 13-07-20.01 - Gioacchino 20/07/2013 14:36:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3949.2358 [GMT 2:00]
Eseguito da: c:\users\Gioacchino\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini
C:\install.exe
c:\programdata\FullRemove.exe
c:\users\GIOACC~1\AppData\Local\Temp\sfamcc00001.dll
c:\users\GIOACC~1\AppData\Local\Temp\sfareca00001.dll
c:\users\Gioacchino\AppData\Local\Temp\sfamcc00001.dll
c:\users\Gioacchino\AppData\Local\Temp\sfareca00001.dll
c:\windows\Installer\{26f87b4b-db78-91af-e523-b45b7c2411be}\@
c:\windows\Installer\{26f87b4b-db78-91af-e523-b45b7c2411be}\U\00000004.@
c:\windows\Installer\{26f87b4b-db78-91af-e523-b45b7c2411be}\U\00000008.@
c:\windows\Installer\{26f87b4b-db78-91af-e523-b45b7c2411be}\U\000000cb.@
c:\windows\Installer\{26f87b4b-db78-91af-e523-b45b7c2411be}\U\80000032.@
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-06-20 al 2013-07-20 )))))))))))))))))))))))))))))))))))
.
.
2013-07-20 12:45 . 2013-07-20 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-20 12:28 . 2013-07-20 12:33 -------- d-----w- c:\programdata\ParetoLogic
2013-07-20 11:28 . 2013-07-20 11:28 -------- d-----w- c:\program files\Enigma Software Group
2013-07-20 11:28 . 2013-07-20 12:27 -------- d-----w- c:\windows\67E1227ED5534A6A96CD40CCBBC705D8.TMP
2013-07-20 11:28 . 2013-07-20 11:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-07-20 11:09 . 2013-07-20 11:09 225280 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll
2013-07-20 11:09 . 2013-07-20 11:29 -------- d-----w- c:\program files (x86)\x264 Video Codec
2013-07-20 10:03 . 2013-07-20 12:30 -------- d-----w- c:\program files (x86)\SpeedFan
2013-07-11 08:57 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 08:57 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 08:57 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 08:57 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 08:57 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 08:57 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 08:57 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 08:57 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 08:46 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 08:46 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 08:46 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 08:46 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 08:46 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 08:46 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 08:46 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-07-11 08:46 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-07-11 08:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 08:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-09 13:12 . 2013-07-09 13:12 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-09 13:07 . 2013-07-09 13:07 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-09 12:54 . 2013-07-09 12:54 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-07-09 10:21 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2013-07-09 10:21 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2013-07-09 10:21 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2013-07-09 10:21 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2013-07-09 10:21 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-07-09 10:21 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-07-09 10:21 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2013-07-09 10:21 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2013-07-09 10:21 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2013-07-09 10:21 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-07-09 10:21 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2013-07-09 10:19 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-09 10:19 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-07-09 10:19 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-07-09 10:19 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-07-09 10:19 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-07-09 10:19 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-07-09 10:18 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-07-09 10:18 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-07-09 10:18 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2013-07-09 10:18 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2013-07-09 10:13 . 2013-07-09 10:13 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-09 10:02 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-07-09 10:02 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-07-09 10:02 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-07-09 09:59 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-09 09:48 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-07-09 09:48 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-07-09 09:48 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-07-09 09:48 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-07-09 09:46 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-07-09 09:35 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-07-09 09:35 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-07-09 09:35 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-07-09 09:35 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-07-09 09:35 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-07-09 09:31 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 09:31 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 09:31 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-07-09 09:31 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-07-09 09:31 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 09:31 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 09:31 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-07-09 09:31 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 09:31 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-09 09:31 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-07-09 09:30 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-07-09 09:30 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-07-08 15:14 . 2013-07-08 15:14 -------- d-----w- c:\windows\system32\SPReview
2013-07-08 14:46 . 2010-11-20 03:34 3584 ----a-w- c:\windows\system32\drivers\it-IT\tsusbflt.sys.mui
2013-07-08 14:45 . 2010-11-20 03:44 2560 ----a-w- c:\windows\system32\drivers\it-IT\rdpwd.sys.mui
2013-07-08 14:40 . 2010-11-20 03:27 749568 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2013-07-08 14:40 . 2010-11-20 03:27 114688 ----a-w- c:\program files\Common Files\System\msadc\msadcf.dll
2013-07-08 14:40 . 2010-11-20 03:27 211456 ----a-w- c:\windows\system32\mprddm.dll
2013-07-08 14:40 . 2010-11-20 03:24 102400 ----a-w- c:\windows\system32\mobsync.exe
2013-07-08 14:40 . 2010-11-20 02:19 226304 ----a-w- c:\windows\SysWow64\MSAC3ENC.DLL
2013-07-08 14:40 . 2010-11-20 02:17 101376 ----a-w- c:\windows\SysWow64\mobsync.exe
2013-07-08 14:40 . 2010-11-20 03:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2013-07-08 14:40 . 2010-11-20 03:27 399360 ----a-w- c:\windows\system32\wbem\msiprov.dll
2013-07-08 14:40 . 2010-11-20 02:19 209920 ----a-w- c:\windows\SysWow64\mstask.dll
2013-07-08 14:40 . 2010-11-20 02:19 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2013-07-08 14:40 . 2010-11-20 02:19 213504 ----a-w- c:\windows\SysWow64\MMDevAPI.dll
2013-07-08 14:38 . 2010-11-20 03:27 781312 ----a-w- c:\windows\system32\wmdrmsdk.dll
2013-07-08 14:37 . 2010-11-20 03:26 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-07-08 12:54 . 2013-07-08 12:54 -------- d-----w- c:\program files\CCleaner
2013-07-02 22:13 . 2008-10-15 04:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2013-07-02 22:12 . 2006-02-03 06:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2013-07-02 22:12 . 2005-12-05 16:09 3815120 ----a-w- c:\windows\system32\d3dx9_28.dll
2013-07-02 22:12 . 2005-07-22 17:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll
2013-07-02 22:12 . 2005-05-26 13:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-07-02 22:12 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2013-07-02 22:12 . 2005-03-18 15:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2013-07-02 22:12 . 2005-02-05 17:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2013-07-02 12:50 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-07-02 12:50 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-07-02 12:50 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-07-02 12:50 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-07-02 12:50 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2013-07-02 12:50 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-07-02 12:50 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2013-07-01 21:54 . 2013-07-01 21:54 -------- d-----w- c:\program files (x86)\dumps
2013-07-01 21:39 . 2013-07-02 22:18 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-07-01 21:39 . 2013-07-20 12:47 -------- d-----w- c:\program files (x86)\Steam
2013-07-01 11:10 . 2013-07-01 11:10 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin7.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin6.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin5.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin4.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin3.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin2.dll
2013-07-01 11:09 . 2013-07-01 11:09 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugin\npqtplugin.dll
2013-07-01 11:09 . 2013-07-01 11:25 -------- d-----w- c:\programdata\Apple Computer
2013-07-01 11:09 . 2013-07-01 11:09 -------- d-----w- c:\program files (x86)\QuickTime
2013-07-01 11:08 . 2013-07-01 11:13 -------- d-----w- c:\programdata\Apple
2013-07-01 10:56 . 2013-07-01 10:56 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-01 10:56 . 2013-07-01 10:56 -------- d-----w- c:\programdata\AVG Secure Search
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-08 15:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-07-08 15:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-06-29 16:21 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-01-12 15:50 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-10 1672616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-12 98304]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-07-01 2236080]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-1-12 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe;c:\program files\Trend Micro\Titanium\TiMiniService.exe [x]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 17:49 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-01-12 15:50 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2013-07-20 14:53:00 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-07-20 12:52
.
Pre-Run: 78.285.877.248 byte disponibili
Post-Run: 77.818.109.952 byte disponibili
.
- - End Of File - - FEDAA7CE7529272705D457BAAE9A8EE9
D41D8CD98F00B204E9800998ECF8427E
 
Pubblicità
Pubblicità
Indietro
Top