Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

log mbam mi date un'occhiata Opzioni
pepper61
Inviato: Saturday, July 30, 2011 10:00:36 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:04:56, on 30/07/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
K:\UTORRENT\uTorrent.exe
C:\Users\Franco\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=ixtreme_m5722&r=173601106006p0325v1k5y48111322
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=ixtreme_m5722&r=173601106006p0325v1k5y48111322
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=ixtreme_m5722&r=173601106006p0325v1k5y48111322
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: revenuestreaming browser enhancer - {46FC0956-C343-9791-A67B-F1FFDBA4B6C3} - C:\Windows\SysWow64\agfahfjevvv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Packard Bell Photo Frame] C:\Program Files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Scarica con Mipony - file://K:\JDownloader\Mipony\Browser\IEContext.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload\hidownload.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O20 - AppInit_DLLs: c:\progra~2\safemule\safemule.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10683 bytes
Sponsor
Inviato: Saturday, July 30, 2011 10:00:36 AM

 
shapiro
Inviato: Saturday, July 30, 2011 10:08:05 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


ciao

dal log vedo una voce sospetta segui questa procedura

Lancia HiJackThis
Clicca Do a scan only
Metti la spunta a fianco delle righe che ti segnalo qui sotto
Clicca su Fix Checked

Code:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/

O2 - BHO: revenuestreaming browser enhancer - {46FC0956-C343-9791-A67B-F1FFDBA4B6C3} - C:\Windows\SysWow64\agfahfjevvv.dll




scarica malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
pepper61
Inviato: Saturday, July 30, 2011 10:30:47 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
per il momento mi ha tolto solo R0 - etc l'altro non si cancella
shapiro
Inviato: Saturday, July 30, 2011 10:33:32 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


prova a visualizzare file e cartelle nascoste, segui il percorso e se presente elimina il file in grassetto

C:\Windows\SysWow64\agfahfjevvv.dll
pepper61
Inviato: Saturday, July 30, 2011 10:36:14 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
ecco il log di Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7323

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30/07/2011 10:34:36
mbam-log-2011-07-30 (10-34-30).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 196960
Tempo impiegato: 1 minuti, 54 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 4
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46FC0956-C343-9791-A67B-F1FFDBA4B6C3} (Adware.AdRotator) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{46FC0956-C343-9791-A67B-F1FFDBA4B6C3} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46FC0956-C343-9791-A67B-F1FFDBA4B6C3} (Adware.AdRotator) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46FC0956-C343-9791-A67B-F1FFDBA4B6C3} (Adware.AdRotator) -> No action taken.

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
shapiro
Inviato: Saturday, July 30, 2011 10:39:51 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
elimina quelle voci che ti ha trovato mbam poi cancella quel file

riesegui la scansione completa(quella che hai fatto e' la scansione veloce) e posta il nuovo rapporto
pepper61
Inviato: Saturday, July 30, 2011 10:43:12 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
ok sto scansionando ti farò sapere grazie
pepper61
Inviato: Saturday, July 30, 2011 11:55:47 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
scansione finita eliminato quello che ha trovato posto log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Versione database: 7323

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30/07/2011 11:54:10
mbam-log-2011-07-30 (11-54-07).txt

Tipo di scansione: Scansione completa (C:\|D:\|K:\|)
Elementi esaminati: 490353
Tempo impiegato: 1 ore, 11 minuti, 11 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 5

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Users\Franco\documents\my iso files\CRACK\keygen 32bits.exe (Trojan.Agent) -> No action taken.
k:\UTORRENT\COMPLETI\superantispyware professional v4.33.1000 + keygen [rh]\sas.pro.4.33.1000_[rh]\superantispyware professional v4.33.1000\Keygen\sa.pro.4.xx.x_keygen-patch.exe (Trojan.Agent.CK) -> No action taken.
k:\UTORRENT\COMPLETI\autocad 2010 ita + istruzioni + crack - [jkr]\CRACK\keygen 32bits.exe (Trojan.Agent) -> No action taken.
k:\nuova cartella (2)\autocad 2010 crack\autocad 2010 keygen x-force\keygen_xf-acad2010_x64.exe (Trojan.Agent.CK) -> No action taken.
k:\nuova cartella (2)\autocad 2010 crack\autocad 2010 keygen x-force\keygen_xf-acad2010_x32.exe (Trojan.Agent) -> No action taken.
shapiro
Inviato: Saturday, July 30, 2011 12:04:20 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


hai fatto la scansione con la chiavetta inserita? ci sono dei crack che mbam ha trovato, dovresti rimuoverli al piu' presto per evitare grossi problemi

elimina tutto cio' che mbam ha trovato poi fai questa scansione con l'antivirus disattivato

scarica combofix da QUI

(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!

pepper61
Inviato: Saturday, July 30, 2011 12:20:48 PM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
no nessuna chiavetta
shapiro
Inviato: Saturday, July 30, 2011 12:24:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


pensavo.... cos'e' l'unita' k? prosegui con combofix e cerca di non toccare niente(nemmeno il mouse) mentre lavora

pepper61
Inviato: Saturday, July 30, 2011 6:50:27 PM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
l'unità k è un hardisk esterno . Ecco il log di combo

ComboFix 11-07-29.03 - Franco 30/07/2011 12:25:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8191.4993 [GMT 2:00]
Eseguito da: c:\users\Franco\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\install.log
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\users\Franco\AppData\Local\010112010146111103.xxe
c:\users\Franco\AppData\Roaming\.#
c:\users\Franco\AppData\Roaming\OfferBox
c:\users\Franco\AppData\Roaming\OfferBox\config.xml
c:\users\Franco\Taskmgr.exe
c:\windows\SysWow64\nsis_loader.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-28 al 2011-07-30 )))))))))))))))))))))))))))))))))))
.
.
2011-07-30 10:32 . 2011-07-30 10:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-30 10:32 . 2011-07-30 10:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 09:50 . 2011-07-30 09:50 -------- d-----w- c:\program files (x86)\Digital Photo Software
2011-07-30 08:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 08:31 . 2011-07-30 08:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-29 17:11 . 2011-07-29 17:11 -------- d-----w- c:\program files (x86)\AKVIS
2011-07-29 17:07 . 2011-07-29 17:08 117864 ----a-w- c:\windows\SysWow64\2f1ed5f2.exe
2011-07-29 17:07 . 2011-07-29 17:08 53723 ----a-w- c:\windows\SysWow64\xgyfjifmrbhbd.exe
2011-07-29 16:25 . 2011-07-29 16:26 -------- d-----w- c:\users\Franco\AppData\Roaming\Photo! Web Album
2011-07-29 16:25 . 2011-07-29 16:25 -------- d-----w- c:\program files (x86)\Photo!
2011-07-29 16:24 . 2011-07-29 16:25 -------- d-----w- c:\program files (x86)\Web Photo Album
2011-07-29 16:24 . 2011-07-29 16:24 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2011-07-29 09:33 . 2011-07-29 09:33 -------- d-----w- c:\program files (x86)\Alberosa
2011-07-29 09:27 . 2011-07-29 09:27 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-07-29 08:13 . 2011-07-29 08:13 -------- d-----w- c:\users\Franco\AppData\Roaming\WordWeb
2011-07-29 08:12 . 2011-07-29 08:12 -------- d-----w- c:\program files (x86)\WordWeb
2011-07-29 08:12 . 2011-05-23 11:37 1196800 ------w- c:\windows\wweb32.dll
2011-07-29 07:40 . 2011-07-29 07:41 -------- d-----w- c:\users\Franco\AppData\Roaming\Marine Aquarium 3
2011-07-29 06:52 . 2011-07-29 06:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-29 06:39 . 2011-07-29 06:39 -------- d-----w- c:\program files (x86)\File Scavenger 3.2
2011-07-28 14:56 . 2011-07-28 14:56 -------- d-----w- c:\programdata\Readon
2011-07-28 14:53 . 2011-07-28 14:53 -------- d-----w- c:\users\Franco\AppData\Local\Readon_Technology
2011-07-28 14:53 . 2011-07-28 14:53 -------- d-----w- c:\program files (x86)\Readon Technology
2011-07-28 14:47 . 2011-07-28 14:47 -------- d-----w- c:\program files (x86)\Photo Story 3 for Windows
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\users\Franco\AppData\Roaming\Babylon
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\users\Franco\AppData\Local\Babylon
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\programdata\Babylon
2011-07-28 06:23 . 2011-07-28 06:24 -------- d-----w- c:\program files (x86)\SafeMule
2011-07-27 16:37 . 2011-07-27 16:38 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-07-27 15:55 . 2011-07-27 16:49 -------- d-----w- c:\users\Franco\AppData\Roaming\AVG
2011-07-27 15:47 . 2011-07-27 15:47 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-07-27 15:47 . 2011-07-30 10:01 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-27 14:40 . 2011-07-29 07:55 -------- d-----w- c:\program files (x86)\PCPremiumTV
2011-07-25 17:28 . 2011-07-25 17:28 -------- d-----w- c:\users\Franco\DoctorWeb
2011-07-25 17:15 . 2011-07-30 08:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-07-24 17:38 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 21:55 . 2011-07-23 21:55 -------- d-----w- c:\program files (x86)\MagicISO
2011-07-23 17:04 . 2011-07-23 17:04 -------- d-----w- c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers
2011-07-21 19:23 . 2011-07-30 06:06 -------- d-----w- c:\program files (x86)\Aurora
2011-07-19 17:33 . 2011-07-19 17:33 -------- d-----w- c:\users\Franco\.gem
2011-07-19 17:33 . 2011-07-19 17:33 -------- d-----w- C:\cuperativa
2011-07-19 17:07 . 2011-07-19 17:07 -------- d-----w- c:\program files (x86)\Inpaint
2011-07-18 18:36 . 2011-07-23 22:09 -------- d-----w- c:\users\Franco\AppData\Local\Halite
2011-07-18 16:55 . 2011-07-18 16:56 -------- d-----w- c:\users\Franco\AppData\Roaming\Software Informer
2011-07-18 16:55 . 2011-07-18 16:55 -------- d-----w- c:\program files (x86)\Software Informer
2011-07-18 16:54 . 2011-07-24 17:10 -------- d-----w- c:\users\Franco\AppData\Local\Garbage Finder
2011-07-17 15:52 . 2011-07-17 15:51 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-17 15:41 . 2011-07-17 15:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-17 08:07 . 2011-07-17 08:10 -------- d-----w- c:\program files (x86)\Allok Video Joiner
2011-07-16 22:41 . 2010-11-20 13:24 2872320 ----a-w- c:\windows\explorer.exe
2011-07-16 22:41 . 2009-07-14 01:06 23555072 ----a-w- c:\windows\SysWow64\imageres.dll
2011-07-16 22:41 . 2010-11-20 12:19 1492992 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-07-16 22:41 . 2010-11-20 12:18 1791488 ----a-w- c:\windows\SysWow64\authui.dll
2011-07-16 22:41 . 2011-07-16 22:41 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-07-16 22:41 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-07-16 22:41 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-07-16 22:41 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-07-16 22:41 . 2011-07-16 22:41 -------- d--h--w- c:\windows\8 Skin Pack
2011-07-16 19:50 . 2011-07-16 19:50 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-07-16 19:50 . 2011-07-16 19:51 -------- d-----w- c:\program files\AutoCAD 2010
2011-07-16 09:11 . 2010-11-03 13:47 139264 ----a-w- c:\windows\SysWow64\MIHDBG.exe
2011-07-16 09:10 . 2006-11-14 09:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2011-07-15 12:11 . 2011-07-15 12:11 -------- d-----w- c:\program files (x86)\DsNET Corp
2011-07-10 17:23 . 2011-07-24 17:13 -------- d-----w- c:\programdata\OneUpIndustries
2011-07-10 17:23 . 2005-06-15 01:00 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
2011-07-10 17:22 . 2011-07-25 05:05 -------- d-----w- c:\program files\OneUpIndustries
2011-07-10 15:39 . 2011-07-10 15:39 -------- d-----w- c:\users\Franco\AppData\Local\SoundSpectrum
2011-07-10 15:36 . 2011-07-10 15:37 -------- d-----w- c:\program files (x86)\Morphyre
2011-07-05 18:07 . 2011-07-05 18:07 -------- d-----w- c:\programdata\Licenses
2011-07-05 18:06 . 2011-07-05 18:06 -------- d-----w- c:\program files (x86)\CDRWIN 9
2011-07-05 17:39 . 2011-07-24 17:04 -------- d-----w- c:\programdata\CDRWIN 9
2011-07-05 05:16 . 2011-07-05 05:16 -------- d-----w- c:\windows\system32\SPReview
2011-07-04 18:28 . 2011-04-25 08:25 4603616 ----a-w- c:\windows\SysWow64\DevComponents.DotNetBar2.dll
2011-07-04 17:27 . 2011-06-09 09:33 24912 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-07-04 17:27 . 2011-06-09 09:33 21328 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-07-04 17:27 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-04 16:27 . 2010-11-20 13:33 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-04 16:26 . 2010-11-20 13:27 221696 ----a-w- c:\windows\system32\OnLineIDCpl.dll
2011-07-04 16:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-03 22:19 . 2011-07-03 22:19 -------- d-----w- c:\users\Franco\AppData\Roaming\qBittorrent
2011-07-03 22:11 . 2011-07-03 22:21 -------- d-----w- c:\users\Franco\AppData\Roaming\BitTorrent
2011-07-03 22:09 . 2011-07-03 22:09 -------- d-----w- c:\programdata\IsolatedStorage
2011-07-03 22:03 . 2011-06-16 04:44 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-03 22:03 . 2011-06-16 04:44 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-07-03 22:03 . 2011-06-16 04:44 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-07-03 22:03 . 2011-06-16 04:44 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-03 22:03 . 2011-06-16 04:44 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-07-03 22:03 . 2011-06-16 04:44 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-07-03 22:03 . 2011-06-16 04:44 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-03 22:03 . 2011-06-16 04:44 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-07-03 22:03 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 22:03 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-03 19:54 . 2011-07-03 19:54 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-03 19:54 . 2011-07-03 19:54 -------- d-----w- c:\windows\system32\Wat
2011-07-03 19:34 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-03 19:16 . 2011-07-03 19:16 -------- d-----w- c:\program files (x86)\Pirelli
2011-07-03 19:15 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-03 18:48 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-03 18:48 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-03 18:48 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-03 18:48 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-03 18:48 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-07-03 18:48 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-07-03 18:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 18:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-03 18:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-03 18:48 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-03 18:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-03 18:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-03 18:46 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-03 18:46 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-03 18:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-03 18:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-03 18:44 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-03 18:44 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-03 18:44 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-03 18:33 . 2011-06-20 06:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE08FB18-106D-4985-8207-D1F3B0EE977F}\mpengine.dll
2011-07-03 18:32 . 2011-07-27 16:49 -------- d-----w- c:\users\UpdatusUser.Franco-PC
2011-07-03 18:32 . 2011-05-21 04:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-07-02 22:02 . 2011-07-03 18:05 -------- d-----w- c:\program files (x86)\Metal Gear Solid
2011-07-01 21:24 . 2011-07-01 21:24 -------- d-----w- c:\program files (x86)\Blue Label
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 22:41 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-07-16 22:41 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-07-05 05:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-05 05:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 17:14 . 2010-01-24 08:17 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 04:01 . 2011-05-21 04:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-21 04:01 . 2011-05-21 04:01 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-21 04:01 . 2011-05-21 04:01 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-21 04:01 . 2011-05-21 04:01 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-21 04:01 . 2011-05-21 04:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-21 04:01 . 2011-05-21 04:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-21 04:01 . 2011-05-21 04:01 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-21 04:01 . 2010-01-11 22:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-01-11 22:19 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-21 04:01 . 2010-01-11 22:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2010-01-11 22:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-11 22:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2009-08-28 04:35 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-21 04:01 . 2009-07-14 07:51 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-14 06:24 . 2011-07-13 05:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 67E5725A1907E6F72074F2AB8CB2B946 . 2872320 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\8 Skin Pack\Backup\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 09:33 2495816 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Photo Frame"="c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SafeMule\safemule.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-16 1030600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSP;aswSP; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=ixtreme_m5722&r=173601106006p0325v1k5y48111322
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.poony.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Salva oggetto con NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Scarica con Mipony - file://k:\jdownloader\Mipony\Browser\IEContext.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\9tadoyc4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.it
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e10eca8&i=23&tp=ab&nt=1&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-2f1ed5f2 - c:\windows\system32\2f1ed5f2.exe
AddRemove-xgyfjifmrbhbd - c:\windows\system32\xgyfjifmrbhbd.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Ora fine scansione: 2011-07-30 12:38:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-07-30 10:38
.
Pre-Run: 188.220.166.144 byte disponibili
Post-Run: 188.101.488.640 byte disponibili
.
- - End Of File - - C7C9383EC74C9F8E59F503F3C648FA23
tamagon
Inviato: Saturday, July 30, 2011 7:09:27 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
scusate l'intromissione.ma hai 2 antivirus?
thepiratebay
Inviato: Saturday, July 30, 2011 7:36:52 PM
Rank: AiutAmico

Iscritto dal : 12/27/2008
Posts: 2,018
tamagon ha scritto:
scusate l'intromissione.ma hai 2 antivirus?

scusa come la penso:

si vero Think
vedo dei crak sopra lascio qualsiasi commento inutile
pepper61
Inviato: Saturday, July 30, 2011 11:19:52 PM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
per Tamagon no ho solo avg avast è disinstallato ma deve essere rimasto qualcosa che non riesco ad eliminare. Thepirate bay,sono un pò ignorantello ma avg me li ha trovati ed eliminati,se ci sono ancora quali sono e come li elimino? grazie
thepiratebay
Inviato: Saturday, July 30, 2011 11:26:28 PM
Rank: AiutAmico

Iscritto dal : 12/27/2008
Posts: 2,018
il riferimento è solo per questo Posts: 93 -->Posted: sabato 30 luglio 2011 11.55.47<---


sono un pò allergico al crak Not talking

ora è tutto qui concludo
pepper61
Inviato: Saturday, July 30, 2011 11:43:27 PM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
ho capito grazie
shapiro
Inviato: Sunday, July 31, 2011 12:08:23 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora peppe questo e' quello che sono riuscito a spremere, casomai dopo facciamo un controllo piu approfondito


Apri il Blocco Note copia e incolla questa righe:


Code:
File::
c:\windows\SysWow64\2f1ed5f2.exe
c:\windows\SysWow64\xgyfjifmrbhbd.exe
c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll


Driver::
aswSP
aswFsBlk
aswMonFlt


Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-


Salva il file sul Desktop come CFScript.txt

Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt
pepper61
Inviato: Sunday, July 31, 2011 10:15:45 AM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
log combofix

ComboFix 11-07-29.03 - Franco 31/07/2011 9:13.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8191.6527 [GMT 2:00]
Eseguito da: c:\users\Franco\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Franco\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll"
"c:\windows\SysWow64\2f1ed5f2.exe"
"c:\windows\SysWow64\xgyfjifmrbhbd.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
c:\windows\SysWow64\2f1ed5f2.exe
c:\windows\SysWow64\xgyfjifmrbhbd.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ASWFSBLK
-------\Legacy_ASWMONFLT
-------\Legacy_ASWSP
-------\Service_aswFsBlk
-------\Service_aswMonFlt
-------\Service_aswSP
.
.
((((((((((((((((((((((((( Files Creati Da 2011-06-28 al 2011-07-31 )))))))))))))))))))))))))))))))))))
.
.
2011-07-31 07:18 . 2011-07-31 07:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-31 07:18 . 2011-07-31 07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 21:25 . 2011-07-30 21:25 -------- d-----w- c:\users\Franco\AppData\Roaming\Convivea
2011-07-30 21:25 . 2011-07-30 21:25 -------- d-----w- c:\program files (x86)\Bit Che
2011-07-30 09:50 . 2011-07-30 09:50 -------- d-----w- c:\program files (x86)\Digital Photo Software
2011-07-30 08:31 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-30 08:31 . 2011-07-30 08:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-29 17:11 . 2011-07-29 17:11 -------- d-----w- c:\program files (x86)\AKVIS
2011-07-29 16:25 . 2011-07-29 16:26 -------- d-----w- c:\users\Franco\AppData\Roaming\Photo! Web Album
2011-07-29 16:25 . 2011-07-29 16:25 -------- d-----w- c:\program files (x86)\Photo!
2011-07-29 16:24 . 2011-07-29 16:25 -------- d-----w- c:\program files (x86)\Web Photo Album
2011-07-29 16:24 . 2011-07-29 16:24 -------- d-----w- c:\program files (x86)\Mobile Photo Enhancer
2011-07-29 09:33 . 2011-07-29 09:33 -------- d-----w- c:\program files (x86)\Alberosa
2011-07-29 09:27 . 2011-07-29 09:27 -------- d-----w- c:\program files (x86)\VirtualDJ
2011-07-29 08:13 . 2011-07-29 08:13 -------- d-----w- c:\users\Franco\AppData\Roaming\WordWeb
2011-07-29 08:12 . 2011-07-29 08:12 -------- d-----w- c:\program files (x86)\WordWeb
2011-07-29 08:12 . 2011-05-23 11:37 1196800 ------w- c:\windows\wweb32.dll
2011-07-29 07:40 . 2011-07-29 07:41 -------- d-----w- c:\users\Franco\AppData\Roaming\Marine Aquarium 3
2011-07-29 06:52 . 2011-07-29 06:52 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-29 06:39 . 2011-07-29 06:39 -------- d-----w- c:\program files (x86)\File Scavenger 3.2
2011-07-28 14:56 . 2011-07-28 14:56 -------- d-----w- c:\programdata\Readon
2011-07-28 14:53 . 2011-07-28 14:53 -------- d-----w- c:\users\Franco\AppData\Local\Readon_Technology
2011-07-28 14:53 . 2011-07-28 14:53 -------- d-----w- c:\program files (x86)\Readon Technology
2011-07-28 14:47 . 2011-07-28 14:47 -------- d-----w- c:\program files (x86)\Photo Story 3 for Windows
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\users\Franco\AppData\Roaming\Babylon
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\users\Franco\AppData\Local\Babylon
2011-07-28 06:23 . 2011-07-28 06:23 -------- d-----w- c:\programdata\Babylon
2011-07-28 06:23 . 2011-07-28 06:24 -------- d-----w- c:\program files (x86)\SafeMule
2011-07-27 16:37 . 2011-07-27 16:38 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-07-27 15:55 . 2011-07-27 16:49 -------- d-----w- c:\users\Franco\AppData\Roaming\AVG
2011-07-27 15:47 . 2011-07-27 15:47 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-07-27 15:47 . 2011-07-30 22:00 -------- d-----w- c:\windows\system32\drivers\AVG
2011-07-27 14:40 . 2011-07-29 07:55 -------- d-----w- c:\program files (x86)\PCPremiumTV
2011-07-25 17:28 . 2011-07-25 17:28 -------- d-----w- c:\users\Franco\DoctorWeb
2011-07-25 17:15 . 2011-07-30 08:31 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-07-24 17:38 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 21:55 . 2011-07-23 21:55 -------- d-----w- c:\program files (x86)\MagicISO
2011-07-23 17:04 . 2011-07-23 17:04 -------- d-----w- c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers
2011-07-21 19:23 . 2011-07-30 06:06 -------- d-----w- c:\program files (x86)\Aurora
2011-07-19 17:33 . 2011-07-19 17:33 -------- d-----w- c:\users\Franco\.gem
2011-07-19 17:33 . 2011-07-19 17:33 -------- d-----w- C:\cuperativa
2011-07-19 17:07 . 2011-07-19 17:07 -------- d-----w- c:\program files (x86)\Inpaint
2011-07-18 18:36 . 2011-07-23 22:09 -------- d-----w- c:\users\Franco\AppData\Local\Halite
2011-07-18 16:55 . 2011-07-18 16:56 -------- d-----w- c:\users\Franco\AppData\Roaming\Software Informer
2011-07-18 16:55 . 2011-07-18 16:55 -------- d-----w- c:\program files (x86)\Software Informer
2011-07-18 16:54 . 2011-07-24 17:10 -------- d-----w- c:\users\Franco\AppData\Local\Garbage Finder
2011-07-17 15:52 . 2011-07-17 15:51 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-07-17 15:41 . 2011-07-17 15:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-17 08:07 . 2011-07-17 08:10 -------- d-----w- c:\program files (x86)\Allok Video Joiner
2011-07-16 22:41 . 2010-11-20 13:24 2872320 ----a-w- c:\windows\explorer.exe
2011-07-16 22:41 . 2009-07-14 01:06 23555072 ----a-w- c:\windows\SysWow64\imageres.dll
2011-07-16 22:41 . 2010-11-20 12:19 1492992 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-07-16 22:41 . 2010-11-20 12:18 1791488 ----a-w- c:\windows\SysWow64\authui.dll
2011-07-16 22:41 . 2011-07-16 22:41 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.tmp
2011-07-16 22:41 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-07-16 22:41 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-07-16 22:41 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-07-16 22:41 . 2011-07-16 22:41 -------- d--h--w- c:\windows\8 Skin Pack
2011-07-16 19:50 . 2011-07-16 19:50 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2011-07-16 19:50 . 2011-07-16 19:51 -------- d-----w- c:\program files\AutoCAD 2010
2011-07-16 09:11 . 2010-11-03 13:47 139264 ----a-w- c:\windows\SysWow64\MIHDBG.exe
2011-07-16 09:10 . 2006-11-14 09:31 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2011-07-15 12:11 . 2011-07-15 12:11 -------- d-----w- c:\program files (x86)\DsNET Corp
2011-07-10 17:23 . 2011-07-24 17:13 -------- d-----w- c:\programdata\OneUpIndustries
2011-07-10 17:23 . 2005-06-15 01:00 102400 ----a-w- c:\windows\SysWow64\tsccvid.dll
2011-07-10 17:22 . 2011-07-25 05:05 -------- d-----w- c:\program files\OneUpIndustries
2011-07-10 15:39 . 2011-07-10 15:39 -------- d-----w- c:\users\Franco\AppData\Local\SoundSpectrum
2011-07-10 15:36 . 2011-07-10 15:37 -------- d-----w- c:\program files (x86)\Morphyre
2011-07-05 18:07 . 2011-07-05 18:07 -------- d-----w- c:\programdata\Licenses
2011-07-05 18:06 . 2011-07-05 18:06 -------- d-----w- c:\program files (x86)\CDRWIN 9
2011-07-05 17:39 . 2011-07-30 17:07 -------- d-----w- c:\programdata\CDRWIN 9
2011-07-05 05:16 . 2011-07-05 05:16 -------- d-----w- c:\windows\system32\SPReview
2011-07-04 18:28 . 2011-04-25 08:25 4603616 ----a-w- c:\windows\SysWow64\DevComponents.DotNetBar2.dll
2011-07-04 17:27 . 2011-06-09 09:33 24912 ----a-w- c:\windows\system32\dopdfmn7.dll
2011-07-04 17:27 . 2011-06-09 09:33 21328 ----a-w- c:\windows\system32\dopdfmi7.dll
2011-07-04 17:27 . 2010-02-05 13:00 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-04 16:27 . 2010-11-20 13:33 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-07-04 16:26 . 2010-11-20 13:27 221696 ----a-w- c:\windows\system32\OnLineIDCpl.dll
2011-07-04 16:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-03 22:19 . 2011-07-03 22:19 -------- d-----w- c:\users\Franco\AppData\Roaming\qBittorrent
2011-07-03 22:11 . 2011-07-03 22:21 -------- d-----w- c:\users\Franco\AppData\Roaming\BitTorrent
2011-07-03 22:09 . 2011-07-03 22:09 -------- d-----w- c:\programdata\IsolatedStorage
2011-07-03 22:03 . 2011-06-16 04:44 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-03 22:03 . 2011-06-16 04:44 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-07-03 22:03 . 2011-06-16 04:44 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-07-03 22:03 . 2011-06-16 04:44 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-07-03 22:03 . 2011-06-16 04:44 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-07-03 22:03 . 2011-06-16 04:44 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-07-03 22:03 . 2011-06-16 04:44 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-07-03 22:03 . 2011-06-16 04:44 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-07-03 22:03 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-03 22:03 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-03 19:54 . 2011-07-03 19:54 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-03 19:54 . 2011-07-03 19:54 -------- d-----w- c:\windows\system32\Wat
2011-07-03 19:34 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-03 19:16 . 2011-07-03 19:16 -------- d-----w- c:\program files (x86)\Pirelli
2011-07-03 19:15 . 2004-10-22 00:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-03 18:48 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-03 18:48 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-03 18:48 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-03 18:48 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-07-03 18:48 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-07-03 18:48 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-07-03 18:48 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-03 18:48 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-07-03 18:48 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-07-03 18:48 . 2010-11-20 13:25 207872 ----a-w- c:\windows\system32\cfgmgr32.dll
2011-07-03 18:48 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-07-03 18:48 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-07-03 18:46 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-03 18:46 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-03 18:46 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-03 18:46 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-03 18:44 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-03 18:44 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-07-03 18:44 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-07-03 18:33 . 2011-06-20 06:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE08FB18-106D-4985-8207-D1F3B0EE977F}\mpengine.dll
2011-07-03 18:32 . 2011-07-27 16:49 -------- d-----w- c:\users\UpdatusUser.Franco-PC
2011-07-03 18:32 . 2011-05-21 04:01 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-07-02 22:02 . 2011-07-03 18:05 -------- d-----w- c:\program files (x86)\Metal Gear Solid
2011-07-01 21:24 . 2011-07-01 21:24 -------- d-----w- c:\program files (x86)\Blue Label
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 22:41 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-07-16 22:41 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-07-05 05:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-05 05:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-05-24 17:14 . 2010-01-24 08:17 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 04:01 . 2011-05-21 04:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-21 04:01 . 2011-05-21 04:01 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-21 04:01 . 2011-05-21 04:01 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-21 04:01 . 2011-05-21 04:01 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-21 04:01 . 2011-05-21 04:01 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-21 04:01 . 2011-05-21 04:01 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-21 04:01 . 2011-05-21 04:01 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-21 04:01 . 2011-05-21 04:01 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-21 04:01 . 2011-05-21 04:01 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-21 04:01 . 2011-05-21 04:01 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-21 04:01 . 2011-05-21 04:01 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-21 04:01 . 2011-05-21 04:01 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-21 04:01 . 2011-05-21 04:01 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 04:01 . 2011-05-21 04:01 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-21 04:01 . 2011-05-21 04:01 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-21 04:01 . 2010-01-11 22:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 04:01 . 2010-01-11 22:19 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-21 04:01 . 2010-01-11 22:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 04:01 . 2010-01-11 22:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 04:01 . 2010-01-11 22:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 04:01 . 2009-08-28 04:35 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-21 04:01 . 2009-07-14 07:51 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-14 06:24 . 2011-07-13 05:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 67E5725A1907E6F72074F2AB8CB2B946 . 2872320 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\8 Skin Pack\Backup\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2011-07-30_10.34.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-07-30 05:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-31 07:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-07-30 05:38 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 07:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-30 05:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-31 07:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-28 03:47 . 2011-07-31 06:37 97666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-31 06:37 38834 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-23 16:43 . 2011-07-31 06:37 15948 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3373818867-907296849-2200420771-1001_UserData.bin
+ 2009-09-27 07:08 . 2011-07-30 11:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-27 07:08 . 2011-07-29 17:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-27 07:08 . 2011-07-30 11:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-27 07:08 . 2011-07-29 17:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-30 11:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-07-29 17:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-30 10:33 . 2011-07-30 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 07:21 . 2011-07-31 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-31 07:21 . 2011-07-31 07:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-07-30 10:33 . 2011-07-30 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-25 16:58 . 2011-07-30 05:42 689234 c:\windows\system32\perfh010.dat
+ 2009-09-25 16:58 . 2011-07-31 06:39 689234 c:\windows\system32\perfh010.dat
+ 2009-07-14 02:36 . 2011-07-31 06:39 606992 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-07-30 05:42 606992 c:\windows\system32\perfh009.dat
- 2009-09-25 16:58 . 2011-07-30 05:42 124420 c:\windows\system32\perfc010.dat
+ 2009-09-25 16:58 . 2011-07-31 06:39 124420 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2011-07-31 06:39 103370 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-30 05:42 103370 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-07-31 07:20 497112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-07-30 10:32 497112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-16 19:50 . 2011-07-29 07:14 460288 c:\windows\Installer\{5783F2D7-8001-0410-0102-0060B0CE6BBA}\Acad162_icon.exe
+ 2011-07-16 19:50 . 2011-07-30 21:26 460288 c:\windows\Installer\{5783F2D7-8001-0410-0102-0060B0CE6BBA}\Acad162_icon.exe
+ 2011-07-03 22:44 . 2011-07-31 07:20 20970072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3373818867-907296849-2200420771-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Packard Bell Photo Frame"="c:\program files (x86)\Packard Bell Photo Frame\ButtonMonitor.exe" [2009-07-20 124416]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SafeMule\safemule.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\fbserver.exe [2008-08-07 3276800]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-16 1030600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database_123b3ca\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF10373.cfxxe" [X]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0410&m=ixtreme_m5722&r=173601106006p0325v1k5y48111322
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.poony.info/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Franco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Salva oggetto con NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - c:\program files (x86)\Xi\NetXfer\NXAddList.html
IE: Scarica con Mipony - file://k:\jdownloader\Mipony\Browser\IEContext.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Franco\AppData\Roaming\Mozilla\Firefox\Profiles\9tadoyc4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.yahoo.it
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e10eca8&i=23&tp=ab&nt=1&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
.
**************************************************************************
.
Ora fine scansione: 2011-07-31 09:26:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-07-31 07:26
ComboFix2.txt 2011-07-30 10:38
.
Pre-Run: 188.148.887.552 byte disponibili
Post-Run: 187.859.415.040 byte disponibili
.
- - End Of File - - 3374C1AAEC544EE4460E94DE321B5555
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.