Accedi per seguire   
Seguaci 0
AndreaSCULTORE

Analisi Log Di Combofix E Rimozione

Iniziato da AndreaSCULTORE,

3 messaggi in questa discussione

Inviato (modificato)

Salve.

Nel mio pc si aprivano finestre pubblicitarie ed ho usato vari sistemi per pulirlo: CCleaner, Malwarebytes Anti-Malware, adwcleaner_4.111, Advanced SystemCare 8.

Come sistema operativo c'è XP PRO con AVAST free e IOBIT Malware, che nei giorni scorsi ho disattivato ed ho scansionato tutto con Combofix come nelle istruzioni. Avevo anche provato a installare SpyHunter, ma ho scoperto presto che è un inganno, così l'ho faticosamente rimosso ed ho eliminato anche la cartella che aveva un altro nome.

Questo è il log di Combofix, se per favore qualche esperto mi dice cosa devo rimuovere ancora prima di procedere alla disinstallazione di combofix con uninstall da Esegui.

ComboFix 15-03-01.01 - INTEL-2013 04/03/2015  16.37.20.4.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3552.2287 [GMT 1:00]
Eseguito da: c:\documents and settings\INTEL-2013\Desktop\COMBO-Explorer.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_ctypes.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_elementtree.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_hashlib.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_multiprocessing.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_socket.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\_ssl.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\hashobjs_ext.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\pyexpat.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\pysqlite2._sqlite.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\python27.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\pythoncom27.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\PyWinTypes27.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\select.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\unicodedata.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32api.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32com.shell.shell.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32crypt.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32event.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32file.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32gui.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32inet.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32pdh.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32pipe.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32process.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32profile.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32security.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\win32ts.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\windows._lib_cacheinvalidation.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._animate.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._controls_.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._core_.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._gdi_.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._html2.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._misc_.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._windows_.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wx._wizard.pyd
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxbase294u_net_vc90.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxbase294u_vc90.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxmsw294u_adv_vc90.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxmsw294u_core_vc90.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxmsw294u_html_vc90.dll
c:\docume~1\INTEL-~1\IMPOST~1\Temp\_MEI39802\wxmsw294u_webview_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_ctypes.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_elementtree.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_hashlib.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_multiprocessing.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_socket.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\_ssl.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\hashobjs_ext.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\pyexpat.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\pysqlite2._sqlite.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\python27.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\pythoncom27.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\PyWinTypes27.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\select.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\unicodedata.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32api.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32com.shell.shell.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32crypt.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32event.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32file.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32gui.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32inet.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32pdh.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32pipe.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32process.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32profile.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32security.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\win32ts.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\windows._lib_cacheinvalidation.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._animate.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._controls_.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._core_.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._gdi_.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._html2.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._misc_.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._windows_.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wx._wizard.pyd
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxbase294u_net_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxbase294u_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxmsw294u_adv_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxmsw294u_core_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxmsw294u_html_vc90.dll
c:\documents and settings\INTEL-2013\Impostazioni locali\Temp\_MEI39802\wxmsw294u_webview_vc90.dll
c:\documents and settings\INTEL-2013\WINDOWS
c:\programmi\GOOGLE~1.exe
c:\programmi\Malwarebytes Anti-Malware-setup-2.0.4.1028.exe
c:\programmi\Setup_FileViewPro_2015.exe
c:\windows\IsUn0410.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\46aef9c27697257b.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a4c54b803ffd4fb3.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET160.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\Thumbs.db
c:\windows\TEMP\97b64d64-70ca-4c85-9f9b-36b3ba95d050\AgileDotNetRT.dll
c:\windows\TEMP\d8d0b1a6-b273-47b6-aea8-289f428e3256\AgileDotNetRT.dll
c:\windows\wininit.ini
c:\windows\wmsysprx.prx
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-02-04 al 2015-03-04  )))))))))))))))))))))))))))))))))))
.
.
2015-03-04 13:55 . 2015-03-04 14:59	--------	d-----w-	c:\programmi\AUTORUNS
2015-02-23 23:07 . 2011-10-15 08:51	602432	----a-r-	c:\windows\system32\easyupdatusapiu.dll
2015-02-23 23:06 . 2011-10-15 08:51	2099520	----a-w-	c:\windows\system32\nvcuvenc.dll
2015-02-23 13:09 . 2015-02-23 13:09	--------	d-----w-	c:\documents and settings\Default User\LocalLow
2015-02-23 13:08 . 2015-02-23 13:08	--------	d-----w-	c:\documents and settings\INTEL-2013\Impostazioni locali\Dati applicazioni\NVIDIA
2015-02-23 13:06 . 2015-02-23 13:06	--------	d-----w-	c:\programmi\AGEIA Technologies
2015-02-23 13:04 . 2014-07-02 18:40	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2015-02-23 13:03 . 2014-07-02 20:43	1054552	----a-w-	c:\windows\system32\nvdispco3234052.dll
2015-02-23 13:03 . 2014-07-02 20:43	906584	----a-w-	c:\windows\system32\nvdispgenco3234052.dll
2015-02-23 13:01 . 2015-02-23 13:01	--------	d-----w-	C:\NVIDIA
2015-02-18 22:34 . 2015-03-04 07:26	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-18 22:33 . 2014-11-21 05:14	54360	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-18 22:33 . 2014-11-21 05:14	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-02-18 21:33 . 2015-02-18 21:33	2126848	----a-w-	c:\programmi\adwcleaner_4.111.exe
2015-02-17 17:41 . 2015-02-23 13:07	--------	d-----w-	c:\documents and settings\All Users\Dati applicazioni\NVIDIA Corporation
2015-02-16 07:28 . 2015-02-16 10:29	94304	----a-w-	c:\programmi\Free_Opener_1.0.exe
2015-02-12 01:05 . 2015-02-12 01:05	2112512	----a-w-	c:\programmi\adwcleaner_4.110.exe
2015-02-07 11:00 . 2015-02-07 11:00	--------	d-----w-	c:\documents and settings\INTEL-2013\Dati applicazioni\Avant Downloader
2015-02-07 11:00 . 2015-02-07 11:00	--------	d-----w-	c:\documents and settings\INTEL-2013\Dati applicazioni\Avant Profiles
2015-02-07 11:00 . 2015-02-22 14:18	--------	d-----w-	c:\programmi\Avant Browser
2015-02-05 23:20 . 2015-02-05 23:20	--------	d-----w-	c:\documents and settings\INTEL-2013\Dati applicazioni\Enigma Software Group
2015-02-05 23:19 . 2015-02-05 23:19	--------	d-----w-	C:\sh4ldr
2015-02-05 23:09 . 2015-02-05 23:09	19984	----a-w-	c:\windows\system32\drivers\EsgScanner.sys
2015-02-04 22:36 . 2015-02-04 22:36	--------	d-----w-	c:\documents and settings\INTEL-2013\Impostazioni locali\Dati applicazioni\Foxit Reader
2015-02-04 15:30 . 2015-02-05 13:52	--------	d-----w-	C:\AClock
2015-02-04 15:30 . 2015-02-04 15:30	160712	----a-w-	c:\windows\AIR Software Astro Clock Uninstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-04 14:12 . 2013-05-13 23:26	196608	----a-w-	c:\windows\system32\drivers\nVivid.bin
2015-02-19 11:24 . 2013-05-13 23:26	196608	----a-w-	c:\windows\system32\drivers\nAsmedia.bin
2015-02-06 21:32 . 2013-12-03 09:30	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-06 21:32 . 2013-04-06 12:12	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 22:50 . 2014-07-27 07:01	44440344	----a-w-	c:\programmi\advanced-systemcare-setup.exe
2015-01-28 14:13 . 2015-01-28 14:12	11443560	----a-w-	c:\programmi\Media Player Classic-HC.1.7.8.x86.exe
2015-01-16 15:05 . 2015-01-16 15:05	4282020	----a-w-	c:\programmi\picture-cutout-guide-3-1-4-en-win.exe
2014-12-28 12:54 . 2014-12-28 12:54	48392	----a-w-	c:\windows\system32\certsentry.dll
2014-12-27 20:32 . 2014-12-27 20:32	880784	----a-w-	c:\programmi\googledrivesync.exe
2014-12-26 07:02 . 2014-12-26 07:01	6286448	----a-w-	c:\programmi\Silverlight.exe
2014-12-16 19:01 . 2013-09-15 16:57	98488	----a-w-	c:\windows\system32\pdfcmon.dll
2014-12-05 11:43 . 2014-12-05 11:43	1049376	-c--a-w-	c:\windows\system32\nvdispco3232723.dll
2014-12-05 11:43 . 2014-12-05 11:43	893728	-c--a-w-	c:\windows\system32\nvdispgenco3232723.dll
2014-12-05 11:43 . 2013-04-17 14:58	22928	----a-w-	c:\windows\system32\drivers\HPZipr12.sys
2014-12-05 11:43 . 2013-04-17 14:57	28000	----a-w-	c:\windows\system32\drivers\HPZius12.sys
2014-11-19 15:53 . 2014-11-19 15:53	762984	----a-w-	c:\programmi\Malavida_Download_Manager.exe
2014-11-13 10:32 . 2014-11-13 10:29	45674720	----a-w-	c:\programmi\doPDF_v8.0.915.exe
2014-10-02 22:13 . 2014-10-02 22:12	14515184	----a-w-	c:\programmi\Glary_Utilities_v5.9.0.16.exe
2014-09-25 11:58 . 2014-09-25 11:55	38662680	----a-w-	c:\programmi\advanced-systemcare-setup_7.4.0.474.exe
2014-09-15 21:21 . 2014-09-15 21:21	752992	----a-w-	c:\programmi\nitro-pdf-reader.exe
2014-08-01 18:44 . 2014-08-01 18:44	594016	----a-w-	c:\programmi\rectordecryptor_2.5.40.0.exe
2014-08-01 16:49 . 2014-08-01 16:49	3081200	------w-	c:\programmi\Norton Power Eraser.exe
2014-07-15 11:57 . 2014-07-15 11:57	501248	----a-w-	c:\programmi\FacebookVideoCallSetup_v1.2.205.0.exe
2014-07-11 22:34 . 2014-07-11 22:34	1016261	----a-w-	c:\programmi\JRT.exe
2014-06-14 11:56 . 2014-06-14 11:56	1128916	----a-w-	c:\programmi\pdf2wordsetup.exe
2014-06-13 07:42 . 2014-06-13 07:42	13567680	----a-w-	c:\programmi\Glary_Utilities_v5.1.0.4.exe
2014-06-13 07:07 . 2014-06-13 07:07	2242832	----a-w-	c:\programmi\SystemExplorerSetup_570.exe
2014-05-21 20:23 . 2014-05-21 20:23	2292792	----a-w-	c:\programmi\SystemExplorerSetup_560.exe
2014-03-12 21:06 . 2014-03-12 21:06	1853008	----a-w-	c:\programmi\uTorrent.exe
2014-02-22 15:40 . 2014-02-22 15:39	24465791	----a-w-	c:\programmi\ZET9SETUP214-EN.exe
2014-02-12 18:55 . 2014-02-12 18:55	2473400	----a-w-	c:\programmi\zaSetupWeb_120_121_000.exe
2014-01-28 11:52 . 2014-01-28 11:52	1069512	----a-w-	c:\programmi\install_flashplayer12x32au_mssd_awc_aih.exe
2013-12-24 20:54 . 2013-12-24 20:53	5946344	----a-w-	c:\programmi\ADE_2.0_Installer.exe
2013-11-04 13:32 . 2013-11-04 13:31	38103832	----a-w-	c:\programmi\KindleForPC-installer.exe
2013-10-14 14:00 . 2013-10-14 14:00	784840	----a-w-	c:\programmi\GoogleEarthSetup.exe
2013-10-14 12:38 . 2013-10-14 12:38	642560	----a-w-	c:\programmi\GiFResizer.exe
2013-07-13 07:20 . 2013-07-13 07:20	909176	----a-w-	c:\programmi\WGAPluginInstall.exe
2013-06-17 13:54 . 2013-06-17 13:54	3782822	----a-w-	c:\programmi\ConvertHelperSetup.exe
2013-06-15 14:14 . 2013-06-15 14:14	2061008	----a-w-	c:\programmi\SystemExplorerSetup_422.exe
2013-05-27 09:13 . 2013-05-27 09:13	41404760	----a-w-	c:\programmi\QuickTimeInstaller.exe
2013-05-16 08:23 . 2013-04-06 19:01	1528184	----a-w-	c:\programmi\GenuineCheck.exe
2013-04-21 19:04 . 2013-04-21 19:04	2237968	----a-w-	c:\programmi	dsskiller2.8.16.0.exe
2013-04-07 03:51 . 2013-04-06 18:35	11116496	-c--a-w-	c:\programmi\mseinstall.exe
2013-04-06 18:46 . 2013-04-06 18:45	16968544	----a-w-	c:\programmi\IE8-WindowsXP-x86-ITA.exe
2013-03-06 19:09 . 2013-05-16 07:34	83977160	----a-w-	c:\programmi\InPixio_Photo_Cutout_Pro.exe
2012-01-12 19:16 . 2013-05-17 15:43	16442689	----a-w-	c:\programmi\InstallDLM666E.EXE
2011-10-17 15:01 . 2013-09-15 21:22	241664	----a-w-	c:\programmi\JPEGtoPDF.exe
2009-03-04 13:37 . 2013-05-17 15:38	107520	----a-w-	c:\programmi\numerologia.exe
2007-11-07 09:42 . 2014-06-20 18:58	197618794	----a-w-	c:\programmi\nero_burningrom8.0.3.0b.exe
.
[code]<pre>
c:\programmi\Nero 12 Platinum 12.0.020 + Patch + Key [EC]\Patch + Key\Nero-12.0.02000_trial .exe
</pre>

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2015-01-30 22:51 752960 ----a-w- c:\programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{10921475-03CE-4E04-90CE-E2E7EF20C814}"= "c:\programmi\IObit\IObit Uninstaller\UninstallExplorer32.dll" [2015-01-30 752960]
.
[HKEY_CLASSES_ROOT\clsid\{10921475-03ce-4e04-90ce-e2e7ef20c814}]
[HKEY_CLASSES_ROOT\UninstallExplorer32.ExplorerBtn]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-17 00:12 723976 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59 577864 ----a-w- c:\programmi\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 577864 ----a-w- c:\programmi\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59 577864 ----a-w- c:\programmi\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59 577864 ----a-w- c:\programmi\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59 577864 ----a-w- c:\programmi\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avast-Browser-Cleanup"="c:\programmi\AVAST Software\Avast\BrowserCleanup.exe/RunOnce" [X]
"ChronosXP"="c:\programmi\ChronosXP\ChronosXP.exe" [2009-04-12 599040]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-06 39408]
"Adobe Reader Synchronizer"="c:\programmi\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe" [2014-09-12 759712]
"GoogleDriveSync"="c:\programmi\Google\Drive\googledrivesync.exe" [2015-01-15 23308256]
"Advanced SystemCare 8"="c:\programmi\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"hpqSRMon"="c:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SystemExplorerAutoStart"="c:\programmi\System Explorer\SystemExplorer.exe" [2014-10-21 3371528]
"DivXMediaServer"="c:\programmi\DivX\DivX Media Server\DivXMediaServer.exe" [2014-08-19 448856]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"AvastUI.exe"="c:\programmi\AVAST Software\Avast\AvastUI.exe" [2015-01-27 5227112]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-17 169792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-17 143680]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-17 181568]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2014-01-17 421888]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Smart File Advisor"="c:\programmi\Smart File Advisor\sfa.exe" [2014-08-12 283248]
"IObit Malware Fighter"="c:\programmi\IObit\IObit Malware Fighter\IMF.exe" [2015-01-27 5768480]
"NvBackend"="c:\programmi\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-15 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-15 203072]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"Advanced SystemCare 8"="c:\programmi\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-01-20 2428704]
.
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^INTEL-2013^Menu Avvio^Programmi^Esecuzione automatica^JtvfEBGz.exe]
path=c:\documents and settings\INTEL-2013\Menu Avvio\Programmi\Esecuzione automatica\JtvfEBGz.exe
backup=c:\windows\pss\JtvfEBGz.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2008-08-21 14:45 888832 ----a-w- c:\programmi\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-03-04 10:45 2741616 ----a-w- c:\programmi\File comuni\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
2004-07-01 17:08 53248 -c--a-w- c:\programmi\Fellowes\MediaFACE 4.0\SetHook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\programmi\Messenger\msmsgs.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
2012-02-28 13:53 190768 -c--a-w- c:\programmi\Nokia\Nokia Software Updater\nsu3ui_agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-03-01 10:16 18643560 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NWCWorkstation"=3 (0x3)
"TlntSvr"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\WebSite X5 v9 - Evolution\\WebSiteX5.exe"=
"c:\\Programmi\\WebSite X5 v9 - Evolution\\imUpdate.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\WebSite X5 v9 - Evolution\\unins000.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\Photobie\\Photobie.exe"=
"c:\\Programmi\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programmi\\LibreOffice 4\\program\\soffice.bin"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\uTorrent.exe"=
"c:\\Documents and Settings\\INTEL-2013\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\INTEL-2013\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\Nero\\KM\\KwikMedia.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Maxthon\\bin\\Maxthon.exe"=
"c:\\Programmi\\Maxthon\\bin\\MxUp.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetService\\NvNetworkService.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [01/08/2014 19.21.54 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [01/08/2014 19.21.54 206248]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [02/07/2014 15.48.47 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [02/07/2014 15.48.51 12464]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [27/07/2014 10.21.19 15808]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [01/08/2014 19.21.54 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [01/08/2014 19.21.54 423784]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [12/03/2014 16.20.32 42272]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\programmi\IObit\Advanced SystemCare 8\ASCService.exe [30/01/2015 23.51.34 815392]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [01/08/2014 19.21.54 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [01/08/2014 19.21.54 70384]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\programmi\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [28/12/2014 10.11.59 244448]
R2 IMFservice;IMF Service;c:\programmi\IObit\IObit Malware Fighter\IMFsrv.exe [05/08/2014 7.55.05 344864]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\programmi\Intel\iCLS Client\HeciServer.exe [20/04/2012 13.11.32 462048]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\programmi\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [06/04/2013 12.31.17 166720]
R2 NAUpdate;Nero Update;c:\programmi\Nero\Update\NASvc.exe [13/07/2012 15.27.00 769432]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\programmi\Nitro\Pro 8\NitroPDFDriverService8.exe [18/09/2012 13.28.28 197128]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\programmi\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [26/07/2013 5.48.28 196624]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [18/09/2012 13.28.32 69640]
R2 NovaPdfServer;novaPDF Server;c:\programmi\Softland\novaPDF 8\Server\novapdfs.exe [01/08/2014 11.38.18 204576]
R2 NvNetworkService;NVIDIA Network Service;c:\programmi\NVIDIA Corporation\NetService\NvNetworkService.exe [23/02/2015 14.05.40 1720608]
R2 PDF Architect Helper Service;PDF Architect Helper Service;c:\programmi\PDF Architect\HelperService.exe [08/04/2013 17.44.12 1320496]
R2 PDF Architect Service;PDF Architect Service;c:\programmi\PDF Architect\ConversionService.exe [08/04/2013 17.43.36 799280]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\programmi\RealNetworks\RealDownloader\rndlresolversvc.exe [14/08/2013 15.19.24 39056]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 9.58.16 3275136]
R2 Soda PDF 6 Creator;Soda PDF 6 Creator;c:\programmi\Soda PDF 6\creator-ws.exe [27/08/2014 19.39.10 621408]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\programmi\Intel\Intel® Management Engine Components\UNS\UNS.exe [06/04/2013 12.31.12 365376]
R3 FileMonitor;FileMonitor;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [31/01/2015 1.24.42 247968]
R3 RegFilter;RegFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [31/01/2015 1.24.42 31776]
R3 SystemExplorerHelpService;System Explorer Service;c:\programmi\System Explorer\service\SystemExplorerService.exe [16/06/2013 21.15.23 567144]
R3 UrlFilter;UrlFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [31/01/2015 1.24.42 17360]
S2 LiveUpdateSvc;LiveUpdate;c:\programmi\IObit\LiveUpdate\LiveUpdate.exe [27/07/2014 10.12.16 2724128]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [01/03/2013 11.11.32 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06/04/2013 12.29.25 1691480]
S3 esgiguard;esgiguard;\??\c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [06/02/2015 0.09.24 19984]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\drivers\IntcDAud.sys [21/04/2013 17.58.56 270080]
S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap.sys [20/07/2013 9.13.57 33280]
S3 ip100xp;10/100Mbps Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [19/07/2013 21.31.12 26624]
S3 LULU Software CrashHandler;LULU Software CrashHandler;c:\programmi\Soda PDF 6\crash-handler-ws.exe [27/08/2014 19.39.10 744800]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programmi\McAfee Security Scan\3.8.150\McCHSvc.exe" --> c:\programmi\McAfee Security Scan\3.8.150\McCHSvc.exe [?]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [06/04/2013 12.31.06 55104]
S3 RK28USB;Driver for RK28USB Device;c:\windows\system32\drivers\RK28USB.sys [17/01/2015 0.58.10 72320]
S3 RTL8192cu;300Mbps Wireless USB Adapter;c:\windows\system32\drivers\RTL8192cu.sys [09/03/2014 18.06.29 1076968]
S3 Soda PDF 6;Soda PDF 6;c:\programmi\Soda PDF 6\ws.exe [27/08/2014 19.39.10 1655136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
ORBTR REG_MULTI_SZ Orbiter
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\programmi\File comuni\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-04 03:19 1059656 ----a-w- c:\programmi\Google\Chrome\Application\41.0.2272.76\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-06 21:32]
.
2015-03-04 c:\windows\Tasks\ASC8_PerformanceMonitor.job
- c:\programmi\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-30 13:32]
.
2015-03-04 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17 00:12]
.
2015-03-04 c:\windows\Tasks\Driver Booster Scan.job
- c:\programmi\IObit\Driver Booster\Scheduler.exe [2014-12-05 14:52]
.
2015-03-04 c:\windows\Tasks\Driver Booster Update.job
- c:\programmi\IObit\Driver Booster\AutoUpdate.exe [2014-12-05 15:17]
.
2015-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-861567501-725345543-1003Core.job
- c:\documents and settings\INTEL-2013\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-07-15 11:57]
.
2015-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1606980848-861567501-725345543-1003UA.job
- c:\documents and settings\INTEL-2013\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2014-07-15 11:57]
.
2015-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-04-06 14:05]
.
2015-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2013-04-06 14:05]
.
2015-03-04 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job
- c:\windows\system32\xp_eos.exe [2014-03-09 23:28]
.
2015-02-08 c:\windows\Tasks\Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job
- c:\windows\system32\xp_eos.exe [2014-03-09 23:28]
.
2015-03-04 c:\windows\Tasks\Opera scheduled Autoupdate 1408138736.job
- c:\programmi\Opera\launcher.exe [2014-08-15 09:05]
.
2015-03-01 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 14:19]
.
2015-03-04 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2015-02-25 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 14:19]
.
2015-03-04 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-03-04 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-03-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-02-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1606980848-861567501-725345543-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2013-08-14 16:13]
.
2015-03-04 c:\windows\Tasks\SmartDefrag3_Startup.job
- c:\programmi\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-27 14:46]
.
2015-03-04 c:\windows\Tasks\SmartDefrag3_Update.job
- c:\programmi\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-27 13:05]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\INTEL-2013\Dati applicazioni\Mozilla\Firefox\Profiles\sv76145n.default-1385792483703\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - ExtSQL: 2015-01-31 11:36; iobitapps@mybrowserbar.com; c:\program files\IObit Apps Toolbar\FF
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - (no file)
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-04 16:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(7016)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\programmi\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\progra~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\programmi\File comuni\Microsoft Shared\Web Components\10\1040\OWCI10.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Nero\Nero 7\InCD\InCDsrv.exe
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\programmi\File comuni\LightScribe\LSSrvc.exe
c:\programmi\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\programmi\IObit\Driver Booster\DriverBooster.exe
c:\windows\RTHDCPL.EXE
c:\programmi\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\System32\wbem\unsecapp.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
c:\programmi\IObit\IObit Malware Fighter\IMFTips.exe
.
**************************************************************************
.
Ora fine scansione: 2015-03-04 16:58:35 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-03-04 15:58
ComboFix2.txt 2014-02-06 21:38
ComboFix3.txt 2013-11-29 12:21
.
Pre-Run: 16.379.949.056 byte disponibili
Post-Run: 17.252.712.448 byte disponibili
.
- - End Of File - - 6031CB6796CDBB99C103575D8EABEE56
828E02D5C4A4FBE53441EE9DBEE51F43[/code]

Modificato da Pike
Inserito tra i tag Codice il listato di ComboFix

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Visto che si tratta di pubblicità, sottoporrei il PC a 3 tool ulteriori:

  • adwcleaner, per la bonifica dei browser
  • JRT per identificare altri elementi malevoli potenzialmente presenti
  • MBAM Anti Malware, per una scansione completa del sistema.

Rimuovi quanto ti propongono, riavvia se te lo chiedono, posta i log di questi 3 tool man mano che li fai girare, aggiornami sul comportamento del PC.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni ComboFix Logs & Malware Removal