UFFICIALE Virus Polizia di Stato/Guardia di Finanzia/Ukash : rimozione e supporto

Pubblicità
@iltala
Il DNS che hai postato è esattamente quello che, anche a me, reindirizza alla famosa pagina... Se leggi l'intero thread vedrai che ci sono tutte le operazioni necessarie da fare in questi casi, specialmente per eliminare il virus... Io ho formattato ma il problema persisteva, ho notato però che il DNS predefinito del router era quello che hai postato, quindi l'ho modificato nel router, ma non so ancora se il problema è risolto...
 
Buongiorno a tutti!
sono stato infettato anche io da questo virus.
In particolare si manifesta quando apro il browser dopo una o due pagine di navigaione. Precedentemente si verificava in tutti i pc che avevo collegato ad un router tp link, adesso ho bloccato le modifiche al router e gli altri pc funzionAno tutti. Il laptop (windows 8.1) dal quale è partit l infezione peró persiste nel presentare la pagina di law enforcement etc etc. Ho provato malawarebyte combofix e in ultimo un programma che consigliavate su questo forum. Vi allego i log di frst!
FRST.txt
Addition.txt
 
Davide Mosca ha detto:
@iltala
Il DNS che hai postato è esattamente quello che, anche a me, reindirizza alla famosa pagina... Se leggi l'intero thread vedrai che ci sono tutte le operazioni necessarie da fare in questi casi, specialmente per eliminare il virus... Io ho formattato ma il problema persisteva, ho notato però che il DNS predefinito del router era quello che hai postato, quindi l'ho modificato nel router, ma non so ancora se il problema è risolto...
Clicca per espandere...

Ciao Davide,
premettendo che soni alquanto disinformato in materia, la mia connessione utilizza l'opzione di DNS automatico; nei dettagli compare proprio l'IP indicato.
Ora mi leggerò con calma tutti i post della discussione e vedrò come risolverla. Tu non sei ancora sicuro di averlo fatto?
Ciao
 
@iltala
Dovresti togliere il DNS automatico e impostare i DNS manualmente, questo lo fai nella pagina di configurazione del router. Ad ogni modo devi prima preoccuparti di togliere il virus, io ho formattato ma mi rendo conto che avrei potuto risolvere in altro modo se avessi letto prima questo thread.

Non so se il problema è risolto perché la modifica l'ho fatta solo ieri, meglio aspettare prima di cantar vittoria...
 
- - - Updated - - -
@silvia
con il pc scollegato dal router l'infezione si manifesta ugualmente?
Allega un log di Farbar recovery scan tool e minitoolbox. Trovi i link qualche discussione prima.[/QUOTE]

Adesso sono due ore che non si ripropone.

Ecco il log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Silvia (administrator) on HP on 28-07-2014 13:36:54
Running from C:\Users\Silvia\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Barracuda Networks, Inc.) C:\Users\Silvia\AppData\Roaming\Copy\CopyAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\Windows\system32\M-AudioTaskBarIcon.exe [798216 2009-10-02] (Avid Technology, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Run: [Copy] => C:\Users\Silvia\AppData\Roaming\Copy\CopyAgent.exe [15367312 2014-06-19] (Barracuda Networks, Inc.)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1179527703-3337571367-911048166-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Silvia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 1aCopyShExtError -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 2aCopyShExtSynced -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 3aCopyShExtSyncing -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 4aCopyShExtSyncingProg1 -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 5aCopyShExtSyncingProg2 -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 6aCopyShExtSyncingProg3 -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 7aCopyShExtSyncingProg4 -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: 8aCopyShExtSyncingProg5 -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Silvia\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Silvia\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Guida per l'accesso a Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\Silvia\AppData\Roaming\Mozilla\Firefox\Profiles\e7utaoef.default-1406498175208
FF Plugin: @Adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer - C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Musicnotes.com/Musicnotes Viewer - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin-x32: @Sibelius.com/Scorch Plugin - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Silvia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: adobe.com/AdobeExManCCDetect32 - C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll (Adobe Systems)
FF Plugin HKCU: adobe.com/AdobeExManCCDetect64 - C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect64.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-it.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\hoepli.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-it.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-06-18]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-18]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-28]
FF HKLM-x32\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync [2011-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF Extension: Firefox Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension [2011-03-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-05-25]
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-03-06]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage:
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (AdobeExManCCDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CC\npAdobeExManCCDetect32.dll (Adobe Systems)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Silvia\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (YouTube) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (Ricerca Google) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (Skype Click to Call) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26]
CHR Extension: (Google Wallet) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Silvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-12-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 DiinoService; C:\Users\Silvia\AppData\Roaming\Diino\DiinoService_win7_amd64.exe [57968 2012-10-20] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S4 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S4 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2009-10-02] (Avid Technology, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 YMIDUSBW; C:\Windows\System32\drivers\ymidusbx64.sys [48200 2009-08-04] (Yamaha Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 13:36 - 2014-07-28 13:37 - 00031216 _____ () C:\Users\Silvia\Desktop\FRST.txt
2014-07-28 13:36 - 2014-07-28 13:36 - 00000000 ____D () C:\FRST
2014-07-28 13:16 - 2014-07-28 11:04 - 02093568 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\ProgramData\ESET
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-27 23:58 - 2014-07-28 00:00 - 70995968 _____ () C:\Users\Silvia\Downloads\eav_nt64_ita.msi
2014-07-27 20:13 - 2014-07-27 20:13 - 00029061 _____ () C:\ComboFix.txt
2014-07-27 02:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-27 02:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-27 02:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-27 02:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-27 02:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-27 02:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-27 02:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-27 02:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-27 02:05 - 2014-07-27 20:13 - 00000000 ____D () C:\Qoobox
2014-07-27 02:04 - 2014-07-27 02:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-27 01:39 - 2014-07-28 10:29 - 00123918 _____ () C:\Windows\WindowsUpdate.log
2014-07-27 01:35 - 2014-07-27 23:42 - 00000360 ____N () C:\Windows\mlkumidi.log
2014-07-22 19:51 - 2014-07-22 19:51 - 00000132 _____ () C:\Users\Silvia\AppData\Roaming\Preferenze Adobe Formato PNG CC
2014-07-19 13:14 - 2014-07-27 23:56 - 00000000 ____D () C:\Users\Silvia\Desktop\Dati precedenti di Firefox
2014-07-18 20:34 - 2014-07-18 20:34 - 00000000 _____ () C:\autoexec.bat
2014-07-18 20:33 - 2014-07-18 20:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-15 20:33 - 2013-05-24 10:51 - 00000000 ____D () C:\Users\Silvia\Desktop\joomspirit18_unzip_first
2014-07-15 12:35 - 2014-07-15 12:35 - 00001792 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 12:35 - 2014-07-15 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 12:34 - 2014-07-15 12:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 12:34 - 2014-07-15 12:35 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 12:34 - 2014-07-15 12:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 12:34 - 2014-07-15 12:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-12 21:17 - 2014-07-12 21:17 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-07-12 21:13 - 2014-07-12 21:17 - 00000000 ____D () C:\xampp
2014-07-10 11:04 - 2014-07-10 11:04 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-10 09:41 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 09:41 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 09:41 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 09:39 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 09:39 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 09:39 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 09:39 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 09:39 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 09:39 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 09:39 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 09:39 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 09:39 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 09:39 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 09:39 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 09:39 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 09:39 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 09:39 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 09:39 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 09:39 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 09:39 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 09:39 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 09:39 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 09:39 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 09:39 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 09:39 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 09:39 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 09:39 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 09:39 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 09:39 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 09:39 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 09:39 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 09:39 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 09:39 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 09:39 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 09:39 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 09:39 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 09:39 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 09:39 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 09:39 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 09:39 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 09:39 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 09:39 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 09:39 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 09:39 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 09:39 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 09:39 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 09:39 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 09:39 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 09:39 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 09:39 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 09:39 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 09:39 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 09:39 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 09:39 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 09:39 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 09:39 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 09:39 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 09:39 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 09:39 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 09:38 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 09:38 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 09:38 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 09:38 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 09:38 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 09:38 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 09:38 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 09:38 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 09:38 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 09:38 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-06 20:21 - 2014-07-06 20:22 - 00000000 ____D () C:\Users\Silvia\Desktop\Alice - Samsara G-AsTrA (2012)
2014-07-05 15:59 - 2014-07-05 16:26 - 01198006 _____ () C:\Users\Silvia\Downloads\Glenn Cooper - I custodi della biblioteca.epub
2014-07-05 15:55 - 2014-07-05 16:33 - 00868461 _____ () C:\Users\Silvia\Downloads\-Cooper Glenn- I custodi della biblioteca.epub
2014-06-28 08:40 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Silvia\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-28 13:37 - 2014-07-28 13:36 - 00031216 _____ () C:\Users\Silvia\Desktop\FRST.txt
2014-07-28 13:36 - 2014-07-28 13:36 - 00000000 ____D () C:\FRST
2014-07-28 13:21 - 2012-12-10 21:16 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 13:18 - 2009-12-31 19:05 - 00746358 _____ () C:\Windows\system32\perfh010.dat
2014-07-28 13:18 - 2009-12-31 19:05 - 00149432 _____ () C:\Windows\system32\perfc010.dat
2014-07-28 13:18 - 2009-07-14 07:13 - 01675692 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-28 13:04 - 2012-04-02 21:05 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-28 11:32 - 2013-12-17 23:56 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Copy
2014-07-28 11:04 - 2014-07-28 13:16 - 02093568 _____ (Farbar) C:\Users\Silvia\Desktop\FRST64.exe
2014-07-28 10:29 - 2014-07-27 01:39 - 00123918 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 09:21 - 2012-12-10 21:16 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-28 07:31 - 2014-03-30 21:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\ProgramData\ESET
2014-07-28 00:02 - 2014-07-28 00:02 - 00000000 ____D () C:\Program Files\ESET
2014-07-28 00:00 - 2014-07-27 23:58 - 70995968 _____ () C:\Users\Silvia\Downloads\eav_nt64_ita.msi
2014-07-27 23:56 - 2014-07-19 13:14 - 00000000 ____D () C:\Users\Silvia\Desktop\Dati precedenti di Firefox
2014-07-27 23:54 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-27 23:54 - 2009-07-14 06:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-27 23:47 - 2010-03-27 20:18 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Skype
2014-07-27 23:46 - 2012-10-31 19:51 - 00000000 ___RD () C:\Users\Silvia\Desktop\Dropbox
2014-07-27 23:43 - 2012-10-19 23:06 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Dropbox
2014-07-27 23:43 - 2009-12-31 10:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-07-27 23:42 - 2014-07-27 01:35 - 00000360 ____N () C:\Windows\mlkumidi.log
2014-07-27 23:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-27 20:59 - 2014-03-30 21:07 - 00000000 ____D () C:\AdwCleaner
2014-07-27 20:13 - 2014-07-27 20:13 - 00029061 _____ () C:\ComboFix.txt
2014-07-27 20:13 - 2014-07-27 02:05 - 00000000 ____D () C:\Qoobox
2014-07-27 20:09 - 2009-07-14 04:34 - 00000234 _____ () C:\Windows\system.ini
2014-07-27 02:25 - 2012-11-16 22:55 - 00000000 ____D () C:\Users\Alberto
2014-07-27 02:25 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-27 02:23 - 2014-07-27 02:04 - 00000000 ____D () C:\Windows\erdnt
2014-07-27 02:19 - 2010-03-28 13:42 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-07-27 01:39 - 2013-07-10 13:24 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSilvia
2014-07-27 01:39 - 2013-07-10 13:24 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForSilvia.job
2014-07-26 14:58 - 2011-05-21 18:08 - 00007423 _____ () C:\Windows\EASYC.INI
2014-07-26 14:58 - 2011-05-21 18:08 - 00000000 ____D () C:\EASYC
2014-07-22 20:19 - 2014-06-28 08:40 - 00000000 ____D () C:\Users\Silvia\AppData\Local\Adobe
2014-07-22 19:51 - 2014-07-22 19:51 - 00000132 _____ () C:\Users\Silvia\AppData\Roaming\Preferenze Adobe Formato PNG CC
2014-07-22 09:19 - 2012-10-19 23:07 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-20 16:50 - 2014-06-18 03:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-20 09:24 - 2011-05-27 14:33 - 00000000 ____D () C:\Windows\Minidump
2014-07-19 14:32 - 2012-01-17 01:55 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-07-18 20:34 - 2014-07-18 20:34 - 00000000 _____ () C:\autoexec.bat
2014-07-18 20:33 - 2014-07-18 20:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-15 12:35 - 2014-07-15 12:35 - 00001792 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-15 12:35 - 2014-07-15 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 12:35 - 2014-07-15 12:34 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 12:35 - 2014-07-15 12:34 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 12:35 - 2014-07-15 12:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 12:34 - 2014-07-15 12:34 - 00000000 ____D () C:\Program Files\iPod
2014-07-14 22:00 - 2013-08-22 17:45 - 00000000 ____D () C:\Users\Silvia\Documents\Corso JOOMLA
2014-07-12 21:17 - 2014-07-12 21:17 - 00000000 ____D () C:\Users\Silvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
2014-07-12 21:17 - 2014-07-12 21:13 - 00000000 ____D () C:\xampp
2014-07-12 18:04 - 2011-09-08 22:05 - 00000156 _____ () C:\Users\Silvia\AppData\default.pls
2014-07-12 18:04 - 2010-06-06 16:02 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-07-10 21:16 - 2014-01-18 21:15 - 00000000 ____D () C:\Users\Silvia\Documents\Biblioteca di calibre
2014-07-10 12:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:04 - 2014-07-10 11:04 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-10 11:04 - 2012-04-02 21:05 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 11:04 - 2012-04-02 21:05 - 00003916 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 11:04 - 2011-05-17 19:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 10:55 - 2009-07-14 06:45 - 06082736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 10:52 - 2014-05-02 13:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 10:52 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 10:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 10:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 09:58 - 2013-07-11 19:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 09:52 - 2010-03-26 20:52 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 20:22 - 2014-07-06 20:21 - 00000000 ____D () C:\Users\Silvia\Desktop\Alice - Samsara G-AsTrA (2012)
2014-07-06 14:34 - 2013-03-12 22:14 - 00000000 ____D () C:\Users\Silvia\Documents\Punto croce
2014-07-05 16:33 - 2014-07-05 15:55 - 00868461 _____ () C:\Users\Silvia\Downloads\-Cooper Glenn- I custodi della biblioteca.epub
2014-07-05 16:26 - 2014-07-05 15:59 - 01198006 _____ () C:\Users\Silvia\Downloads\Glenn Cooper - I custodi della biblioteca.epub
2014-06-30 04:09 - 2014-07-10 09:39 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 09:39 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Silvia\AppData\Local\Temp\InstHelper.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 09:18

==================== End Of Log ============================
 
condor67 ha detto:
@silvia
manca il log di minitoolbox. Trovi il link alls pag72 di questa discussione.
Clicca per espandere...
@condor67
Appena riesco lo mando, grazie mille. Mi sorge una domanda: da ieri il mio pc non fa più la pagina dell'arma dei carabinieri. L'unica differenza dalle altre pulizie che ho fatto è che non ho ancora aperto Skype. Non sarà per caso quello il problema o il canale attraverso cui arriva sto malware?
Silvia
 
Salve a tutti, anche io mi trovo a dover affrontare lo stesso nemico e davvero nn so come comportarmi perchè non sono granchè versato nelle arti informatiche.
L'infenzione si è manifestata tempo fa quando col mio nuovo Samsung navigavo sul sito di Repubblica e sono stato reindirizzato alla pagina con Napolitano mentre a casa già si verificavano rallentamenti alla rete e in alcuni casi impossibilità ad accedere ad alcuni siti.
Io a casa navigo con un Mac, mia sorella con un windows XP e mio padre esclusivamente su iPad. Stavo già per hardresettare il telefono quando alla pagina sono stato reindirizzato anche da Google Chrome su Mac. Così ho scoperto che avevo i DNS del router stravolti e mi è bastato resettare per tornare alla normalità di connessione su pc e su telefono (ho dovuto però cancellare dati e cache dell'applicazione altrimenti continuavo ad essere reindirizzato). Tutto bene finche la cosa non si è ripresentata dopo 3-4 giorni, "risolta" di nuovo resettando il router e impostando stavolta manualmente i DNS che prima erano automaitici. Bene, tutto questo una settimana fa e oggi di nuovo noto rallentamenti sulla connessione e subito dopo mia sorella che urla dicendomi che dal suo computer nuovo acceso per la prima volta ieri è comparsa la famosa pagina. Ho controllato ancora i DNS e ho notato che il primario era stato cambiato con un indirizzo ancora diverso da quello delle precedenti volte (il primo indirizzava ad un server tedesco, questo ad uno ucraino mi pare di aver capito ma indirizzanti entrambi a quella pagina). Ora è chiaro che da qualche parte mi sono beccato un ransomware e cercherò di seguire quanto detto fino ad ora sul forum ma in particolare mi premeva sapere se il pc nuovo di mia sorella è stato effettivamente infettato oppure no. Nonostante abbia risettato i dns Google Chrome ancora la reindirizza a quella pagina mentre altri browser non lo fanno. Ho provato a farle cancellare la cache ma non va. Cosa le posso farle fare per il momento?
 
Ultima modifica:
Salve a tutti!, anch'io ho beccato oggi questo fastidioso virus (la versione "presidente napolitano" per l'esattezza!) e sono riuscito a rimuoverlo ma solo in parte, nel senso che ora non mi si apre più la pagine incriminata ma questa finestra che mi impedisce il corretto caricamento di molti siti (facebook, ad esempio):
2014-07-31_232210.webp

ho usato malwarebytes, spyhunter, virlt e per ultimo combofix (in modalità provvisoria) di cui posto il report:

ComboFix 14-07-31.02 - Paolo 31/07/14 23.04.24.1.8 - x64 NETWORK
Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.39.2057.18.6055.5057 [GMT 2:00]
Eseguito da: c:\users\Paolo\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paolo\AppData\Local\Adobe\gccheck.exe
c:\users\Paolo\AppData\Local\Adobe\gtbcheck.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2014-06-28 al 2014-07-31 )))))))))))))))))))))))))))))))))))
.
.
2014-07-31 21:11 . 2014-07-31 21:11 -------- d-----w- c:\users\Paolo\AppData\Local\temp
2014-07-31 21:11 . 2014-07-31 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-31 20:31 . 2014-07-31 20:31 -------- dc-h--w- c:\programdata\{A767D980-39BC-4EDA-9CC4-EC194BDC754E}
2014-07-31 20:31 . 2013-11-29 12:04 65328 ----a-w- c:\windows\system32\drivers\VIAGLT64.SYS
2014-07-31 20:31 . 2014-07-31 20:52 -------- d-----w- C:\VEXPLite
2014-07-31 20:28 . 2012-06-22 09:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2014-07-31 20:28 . 2014-07-31 20:28 110080 ----a-r- c:\users\Paolo\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-07-31 20:28 . 2014-07-31 20:28 110080 ----a-r- c:\users\Paolo\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-07-31 20:28 . 2014-07-31 20:28 110080 ----a-r- c:\users\Paolo\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-07-31 20:28 . 2014-07-31 20:28 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-07-31 20:28 . 2014-07-31 20:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-07-31 20:09 . 2014-07-31 20:09 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-07-31 17:57 . 2014-07-31 18:49 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-31 17:57 . 2014-07-31 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-31 17:57 . 2014-05-12 05:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-31 17:57 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-31 17:57 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-31 17:46 . 2014-07-31 17:46 -------- d-----w- c:\windows\SMinidump
2014-07-31 17:46 . 2014-07-31 17:46 -------- d-----w- c:\windows\system32\log
2014-07-31 17:46 . 2014-07-25 10:13 45248 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-07-31 15:00 . 2014-07-31 20:09 -------- d-----w- c:\programdata\HitmanPro
2014-07-31 14:06 . 2014-07-31 17:06 -------- d-----w- c:\windows\LastGood.Tmp
2014-07-31 13:59 . 2014-07-31 13:59 -------- d-----w- c:\programdata\SonicFocus
2014-07-31 13:59 . 2014-07-31 13:59 -------- d-----w- c:\program files\Realtek
2014-07-31 13:43 . 2014-07-31 13:43 -------- d-----w- c:\programdata\ProductData
2014-07-31 13:43 . 2014-07-31 13:43 -------- d-----w- c:\programdata\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-07-31 13:43 . 2014-07-31 13:43 -------- d-----w- C:\sh4ldr
2014-07-31 13:43 . 2014-07-31 13:43 -------- d-----w- c:\program files\Enigma Software Group
2014-07-31 13:40 . 2014-07-31 17:17 -------- d-----w- c:\programdata\IObit
2014-07-31 13:40 . 2014-07-31 17:17 -------- d-----w- c:\users\Paolo\AppData\Roaming\IObit
2014-07-31 13:40 . 2014-07-31 13:43 -------- d-----w- c:\program files (x86)\IObit
2014-07-31 13:34 . 2014-07-31 17:57 -------- d-----w- c:\programdata\Malwarebytes
2014-07-31 13:34 . 2014-07-31 13:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-07-31 13:11 . 2014-07-31 13:11 -------- d-----w- c:\users\Paolo\AppData\Roaming\QuickScan
2014-07-15 13:39 . 2014-06-24 06:41 10115584 ----a-w- c:\windows\system32\twinui.dll
2014-07-15 13:39 . 2014-06-24 07:36 703440 ----a-w- c:\windows\system32\NotificationUI.exe
2014-07-15 13:39 . 2014-06-24 06:39 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-07-15 13:39 . 2014-06-24 04:08 8858624 ----a-w- c:\windows\SysWow64\twinui.dll
2014-07-15 13:39 . 2014-06-24 06:41 694784 ----a-w- c:\windows\system32\WSShared.dll
2014-07-15 13:39 . 2014-06-24 06:40 125952 ----a-w- c:\windows\system32\WinSetupUI.dll
2014-07-15 13:39 . 2014-06-24 06:39 2307072 ----a-w- c:\windows\system32\authui.dll
2014-07-15 13:39 . 2014-06-24 04:06 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-07-15 13:39 . 2014-06-24 06:41 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-15 13:39 . 2014-06-24 04:08 567808 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-07-15 13:39 . 2014-06-24 04:08 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-15 13:39 . 2014-06-24 04:06 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-07-13 18:21 . 2014-06-26 20:53 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 18:21 . 2014-06-26 20:53 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 07:39 . 2014-05-03 06:34 6974808 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-07-12 07:38 . 2014-06-19 02:12 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-07-11 23:24 . 2014-07-11 23:24 -------- d-----w- c:\program files (x86)\Andrea Sabbatini
2014-07-03 21:58 . 2014-07-03 21:58 -------- d-----w- c:\users\Paolo\AppData\Roaming\CompEd
2014-07-03 21:58 . 2014-07-03 21:58 -------- d-----w- c:\program files (x86)\CompEd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 22:00 . 2013-06-01 19:05 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 22:00 . 2013-06-01 18:57 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-11 10:51 . 2013-06-01 17:15 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-08 16:59 . 2014-03-11 17:59 5659136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-06-25 15:00 . 2014-06-25 15:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-03 14:28 . 2013-06-01 18:57 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-09 16:04 . 2014-06-07 07:30 59384 ----a-w- c:\windows\system32\drivers\networx.sys
2014-05-03 05:47 . 2014-06-11 06:42 3246592 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-03 03:34 . 2014-06-11 06:42 235520 ----a-w- c:\windows\system32\rdpudd.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-07-21 109784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-07-14 750160]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-08-19 2236816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2014-07-17 471856]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
R2 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 Nemesys;NeMeSys Service;c:\program files (x86)\Nemesys\dist\Nemesys.exe;c:\program files (x86)\Nemesys\dist\Nemesys.exe [x]
R2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R2 pgmille;pgmille;C:/Program Files (x86)/Millewin/PostgreSQL/bin/pg_ctl.exe runservice -N pgmille -D C:/Program Files (x86)/Millewin/Dati/database_postgresql;C:/Program Files (x86)/Millewin/PostgreSQL/bin/pg_ctl.exe runservice -N pgmille -D C:/Program Files (x86)/Millewin/Dati/database_postgresql [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 MIRUSB;MIRUsb.Sys MIR driver;c:\windows\System32\Drivers\mirusb.sys;c:\windows\SYSNATIVE\Drivers\mirusb.sys [x]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 usbrndis6;Scheda RNDIS6 USB;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 networx;networx;c:\windows\system32\drivers\networx.sys;c:\windows\SYSNATIVE\drivers\networx.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 16:59]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 17:46]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-07 17:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-08-16 22:32 3357040 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-08-16 22:32 3357040 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-08-16 22:32 3357040 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~3\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 12:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-13 472984]
"StartIsBackTR"="c:\program files (x86)\StartIsBack\SIBTR.exe" [2013-03-04 319435]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-02-05 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-02-05 1179576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: Block frame with Ad Muncher - Ad Muncher
IE: Block image with Ad Muncher - Ad Muncher
IE: Block link with Ad Muncher - Ad Muncher
IE: Compila Modulo - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Don't filter page with Ad Muncher - Ad Muncher
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~3\Office15\ONBttnIE.dll/105
IE: Personalizza - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Report page to the Ad Muncher developers - Ad Muncher
IE: RF Barra strumenti - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: Salva Moduli - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
LSP: c:\program files (x86)\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\d9njhmh6.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bce000f56-4ef4-43ff-9c82-3bc426de69fa%7D&mid=bd9d8fceb6b347d0a7d0d1456fef8f40-62560122d99802b1e8f68855d89e36039449cc0d&ds=od011&v=10.2.0.3&lang=it&pr=sa&d=2012-04-07%2014%3A51%3A44&sap=ku&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgmille]
"ImagePath"="C:/Program Files (x86)/Millewin/PostgreSQL/bin/pg_ctl.exe runservice -N \"pgmille\" -D \"C:/Program Files (x86)/Millewin/Dati/database_postgresql\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pgmille]
"ImagePath"="C:/Program Files (x86)/Millewin/PostgreSQL/bin/pg_ctl.exe runservice -N \"pgmille\" -D \"C:/Program Files (x86)/Millewin/Dati/database_postgresql\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2014-07-31 23:15:31
ComboFix-quarantined-files.txt 2014-07-31 21:15
.
Pre-Run: 573.445.591.040 byte disponibili
Post-Run: 573.438.455.808 byte disponibili
.
- - End Of File - - 0599407FBF450ECB852A6D76F9E59BE4
A36C5E4F47E84449FF07ED3517B43A31





cosa posso fare ancora? mi spiegate come rimuoverlo manualmente?
grazie mille
 
Ciao a tutti,
oggi è capitato anche a me di beccare questo virus, ma ero in modalità in incognito di chrome, e dopo aver chiuso la pagina web tramite gestione risorse non è più capitato. Per sicurezza ho lanciato una scansione con malwarebytes e ho messo in quarantena alcuni file (ma non so se sono collegati con questo virus).
Ho fatto un controllo anche con combofix e questo è il log: Visualizza allegato log combofix.txt

Secondo voi è debellato? o devo fare altro?
grazie :inchino::inchino:
 
Pubblicità
Pubblicità
Indietro
Top