Jump to content

Recommended Posts

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-03-07 21:33:47

Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB

Running: kh2hxrx7.exe; Driver: C:\Users\giuseppe\AppData\Local\Temp\fwdyykow.sys

 

 

---- Kernel code sections - GMER 2.1 ----

 

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

 

---- User code sections - GMER 2.1 ----

 

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                       0000000075e11401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                         0000000075e11419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                       0000000075e11431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                       0000000075e1144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                * 9

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          0000000075e114dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                   0000000075e114f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          0000000075e1150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                   0000000075e11525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                         0000000075e1153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              0000000075e11555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                       0000000075e1156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                         0000000075e11585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            0000000075e1159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                         0000000075e115b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                       0000000075e115cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                   0000000075e116b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                   0000000075e116bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                         0000000076598b9a 5 bytes JMP 000000016ded7aa7

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                                 00000000765b2a3e 5 bytes JMP 000000016e0258ab

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                         00000000765b2a62 5 bytes JMP 000000016ddf490b

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                                         00000000765dcc1a 5 bytes JMP 000000016e025848

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                                 00000000765dcf72 5 bytes JMP 000000016e02590e

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                                     00000000765efd61 5 bytes JMP 000000016e0257dd

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                                     00000000765efe2d 5 bytes JMP 000000016e025772

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                           00000000765efe66 5 bytes JMP 000000016e025710

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                           00000000765efe8a 5 bytes JMP 000000016e0256ae

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                                        0000000076195b88 5 bytes JMP 000000016e025b74

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                                        00000000768b9474 5 bytes JMP 000000016e026126

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000075e11401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000075e11419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000075e11431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                0000000075e1144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                * 9

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   0000000075e114dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            0000000075e114f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   0000000075e1150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000075e11525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  0000000075e1153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000075e11555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                0000000075e1156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000075e11585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     0000000075e1159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  0000000075e115b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                0000000075e115cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            0000000075e116b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            0000000075e116bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheetW              0000000073e07c30 5 bytes JMP 000000016e0268f8

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheet               0000000073ea7bb2 5 bytes JMP 000000016e026999

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[3464] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                                         00000000769b9a4c 5 bytes JMP 000000016e026258

?         C:\Windows\system32\mssprxy.dll [3464] entry point in ".rdata" section                                                                                                                                             00000000708971e6

?         C:\Windows\System32\NLSData0010.dll [3464] entry point in ".rdata" section                                                                                                                                         00000000695cc908

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                                         0000000076598b9a 5 bytes JMP 000000016ded7aa7

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!GetKeyState                                                                                                             00000000765a2902 5 bytes JMP 000000016de2d47e

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!EnableWindow                                                                                                            00000000765a3f54 5 bytes JMP 000000016de2c243

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState                                                                                                        00000000765a4858 5 bytes JMP 000000016dded6d1

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW                                                                                              00000000765a95fa 5 bytes JMP 000000016e026221

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA                                                                                              00000000765ab1dd 5 bytes JMP 000000016e0261ea

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!EndDialog                                                                                                               00000000765ac184 5 bytes JMP 000000016ddf5873

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW                                                                                                       00000000765b06b3 5 bytes JMP 000000016de84243

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CreateDialogParamW                                                                                                      00000000765b0a8f 5 bytes JMP 000000016de2c2c8

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!IsDialogMessageW                                                                                                        00000000765b2174 5 bytes JMP 000000016ddf3fe8

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW                                                                                                 00000000765b2a3e 5 bytes JMP 000000016e0258ab

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxParamW                                                                                                         00000000765b2a62 5 bytes JMP 000000016ddf490b

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!IsDialogMessage                                                                                                         00000000765b7051 5 bytes JMP 000000016e025bbf

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CreateDialogParamA                                                                                                      00000000765b711b 5 bytes JMP 000000016e0261b3

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!CallNextHookEx                                                                                                          00000000765bf006 5 bytes JMP 000000016dec94ec

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx                                                                                                     00000000765c0efc 5 bytes JMP 000000016dee7e18

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!SendInput                                                                                                               00000000765c195e 5 bytes JMP 000000016e0268a0

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!SetKeyboardState                                                                                                        00000000765c24db 5 bytes JMP 000000016e025f24

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxParamA                                                                                                         00000000765dcc1a 5 bytes JMP 000000016e025848

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA                                                                                                 00000000765dcf72 5 bytes JMP 000000016e02590e

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA                                                                                                     00000000765efd61 5 bytes JMP 000000016e0257dd

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW                                                                                                     00000000765efe2d 5 bytes JMP 000000016e025772

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxExA                                                                                                           00000000765efe66 5 bytes JMP 000000016e025710

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!MessageBoxExW                                                                                                           00000000765efe8a 5 bytes JMP 000000016e0256ae

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\USER32.dll!keybd_event                                                                                                             00000000765f044f 5 bytes JMP 000000016e026ad3

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\ole32.dll!OleLoadFromStream                                                                                                        0000000076195b88 5 bytes JMP 000000016e025b74

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                         00000000761e57fc 5 bytes JMP 000000016ded8595

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                                        00000000768b9474 5 bytes JMP 000000016e026126

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                                0000000075e11401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                                  0000000075e11419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                                0000000075e11431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                                0000000075e1144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                * 9

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                                   0000000075e114dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                                            0000000075e114f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                                   0000000075e1150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                                            0000000075e11525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                                  0000000075e1153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                                       0000000075e11555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                                0000000075e1156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                                  0000000075e11585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                                     0000000075e1159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                                  0000000075e115b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                                0000000075e115cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                                            0000000075e116b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                                            0000000075e116bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheetW              0000000073e07c30 5 bytes JMP 000000016e0268f8

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll!PropertySheet               0000000073ea7bb2 5 bytes JMP 000000016e026999

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW                                                                                                         00000000769b9a4c 5 bytes JMP 000000016e026258

.text     C:\Program Files (x86)\Internet Explorer\iexplore.exe[4516] C:\Windows\syswow64\comdlg32.dll!PrintDlgW                                                                                                             00000000769c40fc 5 bytes JMP 000000016e0262f2

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                0000000075e11401 2 bytes JMP 75d3eb26 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                  0000000075e11419 2 bytes JMP 75d4b513 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                0000000075e11431 2 bytes JMP 75dc8609 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                0000000075e1144a 2 bytes CALL 75d21dfa C:\Windows\syswow64\kernel32.dll

.text     ...                                                                                                                                                                                                                * 9

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                   0000000075e114dd 2 bytes JMP 75dc7efe C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                            0000000075e114f5 2 bytes JMP 75dc80d8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                   0000000075e1150d 2 bytes JMP 75dc7df4 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                            0000000075e11525 2 bytes JMP 75dc81c2 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                  0000000075e1153d 2 bytes JMP 75d3f088 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                       0000000075e11555 2 bytes JMP 75d4b885 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                0000000075e1156d 2 bytes JMP 75dc86c1 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                  0000000075e11585 2 bytes JMP 75dc8222 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                     0000000075e1159d 2 bytes JMP 75dc7db8 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                  0000000075e115b5 2 bytes JMP 75d3f121 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                0000000075e115cd 2 bytes JMP 75d4b29f C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                            0000000075e116b2 2 bytes JMP 75dc8584 C:\Windows\syswow64\kernel32.dll

.text     C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                            0000000075e116bd 2 bytes JMP 75dc7d4d C:\Windows\syswow64\kernel32.dll

 

---- User IAT/EAT - GMER 2.1 ----

 

IAT       C:\Windows\Explorer.EXE[1504] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread]                                                                                                             [10002350] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll

IAT       C:\Windows\Explorer.EXE[1504] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread]                                                                                                                         [10003450] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll

IAT       C:\Windows\Explorer.EXE[1504] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA]                                                                                                                         [100011e0] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll

 

---- Kernel code sections - GMER 2.1 ----

 

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                                                                                                                   suspicious modification

 

---- Threads - GMER 2.1 ----

 

Thread    C:\Windows\system32\winlogon.exe [472:540]                                                                                                                                                                         000007fefcd8a5e4

Thread    C:\Windows\system32\winlogon.exe [472:544]                                                                                                                                                                         000007fefcd8a5e4

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4520:4688]                                                                                                                                                     000007fefb962a74

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4520:4828]                                                                                                                                                     000007fef8ea5124

---- Processes - GMER 2.1 ----

 

Library   C:\ProgramData\Partner\Partner.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [4516] (Partner application/Google Inc.)(2009-08-13 22:55:58)                                      0000000002af0000

Process   C:\ProgramData\Google\Google Toolbar\Update\gtb121B.tmp.exe (*** suspicious ***) @ C:\ProgramData\Google\Google Toolbar\Update\gtb121B.tmp.exe [4056] (Google Toolbar Installer/Google Inc.)(2014-03-07 19:21:03)  0000000000c80000

 

---- Registry - GMER 2.1 ----

 

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                                                                                  ????????????1??????E????? ?????????????????????0????????????&???????????????????????????????????????????????3???????????? ??0???????????????? ??0?????????????????????9?????????????????????????????????????????????? ??0???????????????????1???????????????????1??????????A?????????5??????1???????????????????0??????????e????????????????1?????????s?????????0?????????????????48????? ?????????????y???????0????????????&???????????????????????????0??????????r????????1??????????????x????????0???????????????????????0???????????????????????0???????????????????????0??????F????? ???????????????????????????????????T?????????????????????????????4????? ??1????????????????????????p????????????????)?????? ??????????????????????????????????????????????????????????????? ???????????????????s?0????????????????????????????????????????????????????????????????0???????????????????????????????????????????? ?????????????????????,????????h??? ???????????????????????t?????????????????????????h???????????h?????C:\Program Files (x86)\Acer\Ace

 

---- EOF - GMER 2.1 ----

 

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2014 01
Ran by giuseppe (administrator) on GIUSEPPE-PC on 08-03-2014 20:10:26
Running from C:\Users\giuseppe\Desktop
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{1AFB953F-27BE-4C30-BB36-40280F3E0001}\GoogleToolbarInstaller_updater_signed.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcsvrcnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcupdui.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7940128 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Trigger New Acer AlaunchX] - c:\OEM\Preload\Command\AlaunchX\AppInRun.exe [297984 2009-02-17] ()
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-07-27] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [mcagent_exe] - C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [645328 2009-07-23] (McAfee, Inc.)
HKLM\...\RunOnce: [New Acer AlaunchX] - c:\OEM\Preload\Command\AlaunchX\LaunchAlaunchX.exe [293376 2009-06-29] (Acer Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5538&r=273603145535l0314z1k5t4712v819
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5538&r=273603145535l0314z1k5t4712v819
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5538&r=273603145535l0314z1k5t4712v819
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5538&r=273603145535l0314z1k5t4712v819
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT578
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT578
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll ()
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO-x32: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
Chrome: 
=======
CHR Extension: (Documenti Google) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-07]
CHR Extension: (Google Drive) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-07]
CHR Extension: (YouTube) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-07]
CHR Extension: (Ricerca Google) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-07]
CHR Extension: (Google Wallet) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-07]
CHR Extension: (Gmail) - C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-07]
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [203280 2009-01-23] ()
R2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-07-23] (McAfee, Inc.)
R2 McNASvc; C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-06-17] (McAfee, Inc.)
R2 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
R3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-06-17] (McAfee, Inc.)
R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [894136 2009-07-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [26640 2009-04-10] (McAfee, Inc.)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-06] (Egis Technology Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated)
 
==================== Drivers (Whitelisted) ====================
 
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-03-07] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-08 20:10 - 2014-03-08 20:11 - 00012502 _____ () C:\Users\giuseppe\Desktop\FRST.txt
2014-03-08 20:10 - 2014-03-08 20:10 - 00000000 ____D () C:\FRST
2014-03-08 20:07 - 2014-03-08 20:08 - 02156544 _____ (Farbar) C:\Users\giuseppe\Desktop\FRST64.exe
2014-03-08 06:07 - 2014-03-08 06:07 - 00000000 ____D () C:\Windows\pss
2014-03-08 04:55 - 2014-03-08 20:09 - 00689472 _____ () C:\Windows\system32\perfh010.dat
2014-03-08 04:55 - 2014-03-08 20:09 - 00124626 _____ () C:\Windows\system32\perfc010.dat
2014-03-08 04:55 - 2014-03-08 04:54 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-03-08 04:55 - 2014-03-08 04:54 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\system32\it
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\system32\0410
2014-03-07 22:30 - 2014-03-07 22:30 - 00204496 _____ (Malwarebytes) C:\Users\giuseppe\Desktop\startuplite-setup-1.07.exe
2014-03-07 22:19 - 2014-03-07 22:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 22:18 - 2014-03-07 22:18 - 12589848 _____ (Malwarebytes Corp.) C:\Users\giuseppe\Desktop\mbar-1.07.0.1009.exe
2014-03-07 22:18 - 2014-03-07 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-07 22:18 - 2014-03-07 22:18 - 00000000 ____D () C:\Users\giuseppe\Desktop\mbar
2014-03-07 22:09 - 2014-03-07 22:09 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Malwarebytes
2014-03-07 22:03 - 2014-03-07 22:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 22:03 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 21:54 - 2014-03-07 21:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\giuseppe\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 21:54 - 2014-03-07 21:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\giuseppe\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-07 21:33 - 2014-03-07 22:24 - 00040010 _____ () C:\Users\giuseppe\Desktop\Nuovo documento di testo.txt
2014-03-07 20:45 - 2014-03-07 20:45 - 00002347 _____ () C:\Users\giuseppe\Downloads\Gmer.txt
2014-03-07 20:45 - 2014-03-07 20:45 - 00002347 _____ () C:\Users\giuseppe\Downloads\Gmer (1).txt
2014-03-07 20:29 - 2014-03-07 20:29 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-07 20:27 - 2014-03-08 06:01 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-07 20:27 - 2014-03-07 22:32 - 00001154 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 20:27 - 2014-03-07 20:27 - 00004150 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-07 20:27 - 2014-03-07 20:27 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-07 20:25 - 2014-03-07 20:26 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Deployment
2014-03-07 20:25 - 2014-03-07 20:25 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Apps\2.0
2014-03-07 20:24 - 2012-02-15 07:27 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-07 20:24 - 2012-02-15 06:44 - 00826368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-03-07 20:24 - 2012-02-15 05:47 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-07 20:24 - 2012-02-15 05:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-07 20:24 - 2010-01-09 08:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\cabview.dll
2014-03-07 20:24 - 2010-01-09 07:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cabview.dll
2014-03-07 20:22 - 2014-03-07 20:22 - 00380416 _____ () C:\kh2hxrx7.exe
2014-03-07 20:20 - 2014-03-07 20:20 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Google
2014-03-07 20:20 - 2014-03-07 20:20 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Adobe
2014-03-07 20:19 - 2014-03-07 22:17 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Google
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\ATI
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\EgisTec
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\ATI
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\ProgramData\ATI
2014-03-07 20:18 - 2014-03-07 20:19 - 00000000 ____D () C:\book
2014-03-07 20:18 - 2014-03-07 20:18 - 00001427 _____ () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-07 20:18 - 2014-03-07 20:18 - 00001393 _____ () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Macromedia
2014-03-07 20:17 - 2014-03-07 20:17 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\VirtualStore
2014-03-07 20:16 - 2014-03-08 06:00 - 00000342 _____ () C:\Windows\Tasks\McDefragTask.job
2014-03-07 20:16 - 2014-03-08 06:00 - 00000320 _____ () C:\Windows\Tasks\McQcTask.job
2014-03-07 20:16 - 2014-03-07 20:16 - 00003746 _____ () C:\Windows\System32\Tasks\McQcTask
2014-03-07 20:16 - 2014-03-07 20:16 - 00003682 _____ () C:\Windows\System32\Tasks\McDefragTask
2014-03-07 20:16 - 2012-06-02 23:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-07 20:16 - 2012-06-02 23:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-07 20:16 - 2012-06-02 23:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-07 20:16 - 2012-06-02 23:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-07 20:15 - 2014-03-07 20:18 - 00000000 ____D () C:\Users\giuseppe
2014-03-07 20:15 - 2014-03-07 20:15 - 00067872 _____ () C:\Users\giuseppe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 20:15 - 2014-03-07 20:15 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-03-07 20:15 - 2014-03-07 20:15 - 00001974 _____ () C:\Users\Public\Desktop\Acer Store accessorio.lnk
2014-03-07 20:15 - 2014-03-07 20:15 - 00000020 ___SH () C:\Users\giuseppe\ntuser.ini
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Risorse di stampa
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Risorse di rete
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Recenti
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Modelli
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Menu Avvio
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Impostazioni locali
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Video
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Musica
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Immagini
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documenti
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Dati applicazioni
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Local\Dati applicazioni
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Local\Cronologia
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Users\Public\Acer
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Program Files\Acer Accessory Store
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-03-07 20:15 - 2012-06-02 23:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-07 20:15 - 2012-06-02 23:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-07 20:15 - 2012-06-02 23:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-07 20:15 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-07 20:15 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-07 20:15 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-07 20:15 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Risorse di stampa
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Risorse di rete
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Recenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Modelli
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Menu Avvio
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Impostazioni locali
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Cronologia
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Cronologia
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Preferiti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Modelli
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Menu Avvio
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Documenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Program Files\File comuni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 __SHD () C:\Recovery
2014-03-07 20:06 - 2014-03-07 20:06 - 00005758 _____ () C:\Windows\DPINST.LOG
2014-03-07 20:06 - 2014-03-07 20:06 - 00000000 ____D () C:\Program Files\DIFX
2014-03-07 20:06 - 2014-03-07 20:06 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-03-07 20:06 - 2009-04-03 06:39 - 00034872 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2014-03-07 20:04 - 2014-03-07 20:05 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-07 20:04 - 2014-03-07 20:04 - 00000000 ____D () C:\Program Files\ATI
2014-03-07 20:03 - 2014-03-08 06:10 - 01638009 _____ () C:\Windows\WindowsUpdate.log
 
==================== One Month Modified Files and Folders =======
 
2014-03-08 20:11 - 2014-03-08 20:10 - 00012502 _____ () C:\Users\giuseppe\Desktop\FRST.txt
2014-03-08 20:10 - 2014-03-08 20:10 - 00000000 ____D () C:\FRST
2014-03-08 20:09 - 2014-03-08 04:55 - 00689472 _____ () C:\Windows\system32\perfh010.dat
2014-03-08 20:09 - 2014-03-08 04:55 - 00124626 _____ () C:\Windows\system32\perfc010.dat
2014-03-08 20:09 - 2009-07-14 06:13 - 01516554 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-08 20:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-08 20:09 - 2009-07-14 05:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-08 20:08 - 2014-03-08 20:07 - 02156544 _____ (Farbar) C:\Users\giuseppe\Desktop\FRST64.exe
2014-03-08 20:03 - 2009-08-14 00:03 - 00006409 _____ () C:\Windows\system32\Config.MPF
2014-03-08 20:01 - 2009-07-14 05:51 - 00033829 _____ () C:\Windows\setupact.log
2014-03-08 06:10 - 2014-03-07 20:03 - 01638009 _____ () C:\Windows\WindowsUpdate.log
2014-03-08 06:07 - 2014-03-08 06:07 - 00000000 ____D () C:\Windows\pss
2014-03-08 06:01 - 2014-03-07 20:27 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-08 06:00 - 2014-03-07 20:16 - 00000342 _____ () C:\Windows\Tasks\McDefragTask.job
2014-03-08 06:00 - 2014-03-07 20:16 - 00000320 _____ () C:\Windows\Tasks\McQcTask.job
2014-03-08 06:00 - 2009-08-13 23:57 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-03-08 06:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-08 05:59 - 2009-08-14 00:12 - 00730774 _____ () C:\Windows\PFRO.log
2014-03-08 04:59 - 2009-03-12 10:30 - 00000000 ____D () C:\Windows\LP
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\winrm
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\WCN
2014-03-08 04:58 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\slmgr
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2014-03-08 04:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-03-08 04:54 - 2014-03-08 04:55 - 00335478 _____ () C:\Windows\system32\perfi010.dat
2014-03-08 04:54 - 2014-03-08 04:55 - 00037534 _____ () C:\Windows\system32\perfd010.dat
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\it
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\SysWOW64\0410
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\system32\it
2014-03-08 04:54 - 2014-03-08 04:54 - 00000000 ____D () C:\Windows\system32\0410
2014-03-08 04:54 - 2009-07-14 08:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-08 04:54 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-03-08 04:54 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-03-08 04:54 - 2009-07-14 06:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-03-08 04:54 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\com
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\IME
2014-03-08 04:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-08 04:45 - 2009-07-14 06:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-08 04:45 - 2009-07-14 06:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-07 22:32 - 2014-03-07 20:27 - 00001154 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-07 22:30 - 2014-03-07 22:30 - 00204496 _____ (Malwarebytes) C:\Users\giuseppe\Desktop\startuplite-setup-1.07.exe
2014-03-07 22:25 - 2014-03-07 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-07 22:24 - 2014-03-07 21:33 - 00040010 _____ () C:\Users\giuseppe\Desktop\Nuovo documento di testo.txt
2014-03-07 22:18 - 2014-03-07 22:18 - 12589848 _____ (Malwarebytes Corp.) C:\Users\giuseppe\Desktop\mbar-1.07.0.1009.exe
2014-03-07 22:18 - 2014-03-07 22:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-07 22:18 - 2014-03-07 22:18 - 00000000 ____D () C:\Users\giuseppe\Desktop\mbar
2014-03-07 22:17 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Google
2014-03-07 22:09 - 2014-03-07 22:09 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Malwarebytes
2014-03-07 22:03 - 2014-03-07 22:03 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 22:03 - 2014-03-07 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 21:54 - 2014-03-07 21:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\giuseppe\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-07 21:54 - 2014-03-07 21:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\giuseppe\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-07 20:45 - 2014-03-07 20:45 - 00002347 _____ () C:\Users\giuseppe\Downloads\Gmer.txt
2014-03-07 20:45 - 2014-03-07 20:45 - 00002347 _____ () C:\Users\giuseppe\Downloads\Gmer (1).txt
2014-03-07 20:29 - 2014-03-07 20:29 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-07 20:29 - 2009-08-13 23:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-07 20:27 - 2014-03-07 20:27 - 00004150 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-07 20:27 - 2014-03-07 20:27 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-07 20:26 - 2014-03-07 20:25 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Deployment
2014-03-07 20:25 - 2014-03-07 20:25 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\Apps\2.0
2014-03-07 20:22 - 2014-03-07 20:22 - 00380416 _____ () C:\kh2hxrx7.exe
2014-03-07 20:20 - 2014-03-07 20:20 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Google
2014-03-07 20:20 - 2014-03-07 20:20 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Adobe
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\ATI
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\EgisTec
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\ATI
2014-03-07 20:19 - 2014-03-07 20:19 - 00000000 ____D () C:\ProgramData\ATI
2014-03-07 20:19 - 2014-03-07 20:18 - 00000000 ____D () C:\book
2014-03-07 20:19 - 2009-08-13 23:57 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-07 20:18 - 2014-03-07 20:18 - 00001427 _____ () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-07 20:18 - 2014-03-07 20:18 - 00001393 _____ () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ___RD () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-07 20:18 - 2014-03-07 20:18 - 00000000 ____D () C:\Users\giuseppe\AppData\Roaming\Macromedia
2014-03-07 20:18 - 2014-03-07 20:15 - 00000000 ____D () C:\Users\giuseppe
2014-03-07 20:17 - 2014-03-07 20:17 - 00000000 ____D () C:\Users\giuseppe\AppData\Local\VirtualStore
2014-03-07 20:17 - 2009-08-13 23:53 - 00000000 ____D () C:\ProgramData\OEM
2014-03-07 20:16 - 2014-03-07 20:16 - 00003746 _____ () C:\Windows\System32\Tasks\McQcTask
2014-03-07 20:16 - 2014-03-07 20:16 - 00003682 _____ () C:\Windows\System32\Tasks\McDefragTask
2014-03-07 20:16 - 2009-08-14 00:15 - 00000000 ___HD () C:\OEM
2014-03-07 20:16 - 2009-08-14 00:14 - 00000000 ____D () C:\AcerSW
2014-03-07 20:15 - 2014-03-07 20:15 - 00067872 _____ () C:\Users\giuseppe\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-07 20:15 - 2014-03-07 20:15 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-03-07 20:15 - 2014-03-07 20:15 - 00001974 _____ () C:\Users\Public\Desktop\Acer Store accessorio.lnk
2014-03-07 20:15 - 2014-03-07 20:15 - 00000020 ___SH () C:\Users\giuseppe\ntuser.ini
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Risorse di stampa
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Risorse di rete
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Recenti
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Modelli
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Menu Avvio
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Impostazioni locali
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Video
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Musica
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documents\Immagini
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Documenti
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\Dati applicazioni
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Local\Dati applicazioni
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 _SHDL () C:\Users\giuseppe\AppData\Local\Cronologia
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Users\Public\Acer
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Program Files\Acer Accessory Store
2014-03-07 20:15 - 2014-03-07 20:15 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-03-07 20:15 - 2009-08-14 00:15 - 00002026 _____ () C:\Windows\Patch.log
2014-03-07 20:15 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Public\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Risorse di stampa
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Risorse di rete
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Recenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Modelli
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Menu Avvio
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Impostazioni locali
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Documenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Cronologia
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Video
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Musica
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\Documents\Immagini
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Cronologia
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Programmi
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Preferiti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Modelli
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Menu Avvio
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Documenti
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\ProgramData\Dati applicazioni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 _SHDL () C:\Program Files\File comuni
2014-03-07 20:14 - 2014-03-07 20:14 - 00000000 __SHD () C:\Recovery
2014-03-07 20:14 - 2009-08-14 00:18 - 00000000 ____D () C:\Windows\Panther
2014-03-07 20:14 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-03-07 20:14 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-07 20:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-07 20:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-03-07 20:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-07 20:10 - 2009-07-14 05:45 - 00312032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-07 20:09 - 2009-08-13 23:42 - 00000006 _____ () C:\Windows\system32\PLD_Framework.cmd
2014-03-07 20:09 - 2009-07-14 05:51 - 00000798 _____ () C:\Windows\setuperr.log
2014-03-07 20:07 - 2009-08-13 23:26 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-07 20:06 - 2014-03-07 20:06 - 00005758 _____ () C:\Windows\DPINST.LOG
2014-03-07 20:06 - 2014-03-07 20:06 - 00000000 ____D () C:\Program Files\DIFX
2014-03-07 20:06 - 2014-03-07 20:06 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-03-07 20:05 - 2014-03-07 20:04 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-03-07 20:04 - 2014-03-07 20:04 - 00000000 ____D () C:\Program Files\ATI
2014-03-07 20:03 - 2009-07-14 05:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-03-07 20:02 - 2009-08-13 23:21 - 00003540 _____ () C:\Windows\TSSysprep.log
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2009-08-13 23:19
 
==================== End Of Log ============================
 
 
ADDITION.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2014 01
Ran by giuseppe at 2014-03-08 20:15:36
Running from C:\Users\giuseppe\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee VirusScan (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.18 - NewTech Infosystems)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.07.0804 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
AMD USB Filter Driver (x32 Version: 1.0.11.86 - Advanced Micro Devices, Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{ACCA82EB-7088-919E-5E1C-100A24F11CCF}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Backup Manager Basic (x32 Version: 2.0.0.18 - NewTech Infosystems) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - Nome società) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{AAF89271-2594-468D-B578-96B2E30C41C4}) (Version: 2.1.0703 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.00 - Acer Inc.)
Malwarebytes Anti-Malware versione 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version:  - McAfee, Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 2.0.40115.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.72.0 - Egis Technology Inc.)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5888 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}) (Version:  - Oberon Media)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3004 - Acer Incorporated)
 
==================== Restore Points  =========================
 
07-03-2014 19:15:08 Windows Update
07-03-2014 19:24:47 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {54F39A95-FD25-41E6-B326-93936349497F} - System32\Tasks\McDefragTask => C:\Program Files (x86)\McAfee\MQC\QcConsol.exe [2009-07-04] (McAfee, Inc.)
Task: {5CEBF985-EDBF-4890-8C12-65394E90973A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {68AAF85B-D69F-486A-AF57-9198E1BFDDB3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07] (Google Inc.)
Task: {BA88F7D7-801E-4DCB-AD33-B236AAB74F47} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2009-07-14] (Microsoft Corporation)
Task: {F9923C8D-1B4E-4F1F-951A-02DF3C958282} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {FFDA5373-D0A9-49AA-81B4-83BECE0F263A} - System32\Tasks\McQcTask => C:\Program Files (x86)\McAfee\MQC\QcConsol.exe [2009-07-04] (McAfee, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\McDefragTask.job => C:\Windows\system32\defrag.exe
Task: C:\Windows\Tasks\McQcTask.job => c:\PROGRA~2\mcafee\mqc\QcConsol.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-08-14 00:02 - 2009-01-23 18:46 - 00203280 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
2009-08-14 00:02 - 2009-01-29 20:26 - 00117264 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\apengine.dll
2009-08-14 00:02 - 2009-01-23 18:46 - 00351248 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\saupkeep.dll
2009-08-14 00:02 - 2009-01-29 20:27 - 00071696 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\mcfrmwk.dll
2009-08-14 00:02 - 2009-01-29 20:27 - 00207376 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\cntscan.dll
2009-08-14 00:02 - 2009-01-29 20:27 - 00652304 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\SACore.dll
2009-08-14 00:02 - 2009-01-29 20:27 - 00310800 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\SASet.dll
2009-08-14 00:02 - 2009-01-23 18:46 - 00056336 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\McSACorePS.dll
2009-08-14 00:02 - 2009-01-23 18:46 - 00013840 _____ () C:\Program Files (x86)\McAfee\SiteAdvisor\saHook.dll
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-14 00:16 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-07 20:29 - 2014-03-02 03:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: Greg_Service => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: Global Registration => "C:\Program Files (x86)\Acer\Registration\GREG.exe" BOOT
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Trigger New Acer AlaunchX => c:\OEM\Preload\Command\AlaunchX\AppInRun.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2014 08:29:29 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mcshield.exe, versione: 14.0.0.433, timestamp: 0x4a381792
Nome del modulo che ha generato l'errore: mcshield.exe, versione: 14.0.0.433, timestamp: 0x4a381792
Codice eccezione: 0xc0000005
Offset errore 0x000000000000a095
ID processo che ha generato l'errore: 0xef0
Ora di avvio dell'applicazione che ha generato l'errore: 0xmcshield.exe0
Percorso dell'applicazione che ha generato l'errore: mcshield.exe1
Percorso del modulo che ha generato l'errore: mcshield.exe2
ID segnalazione: mcshield.exe3
 
Error: (03/07/2014 08:29:29 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Eccezione in McShield.Exe
 
Dettagli eccezione:
 
VSCORE.14.0.0.433
Exception Code       : 0X00000000C0000005
Exception Address    : 0X0000000012166DE9
Exception Parameters : 2
 Param 1 = 0000000000000000
 Param 2 = 0X0000000000000001
 
More information :
ScanRequest : NTName is \Device\HarddiskVolume3\Users\giuseppe\Desktop\kh2hxrx7.exe.
 
Error: (03/07/2014 08:27:38 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: kh2hxrx7.exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Nome del modulo che ha generato l'errore: kh2hxrx7.exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Codice eccezione: 0xc0000005
Offset errore 0x000011aa
ID processo che ha generato l'errore: 0x11a0
Ora di avvio dell'applicazione che ha generato l'errore: 0xkh2hxrx7.exe0
Percorso dell'applicazione che ha generato l'errore: kh2hxrx7.exe1
Percorso del modulo che ha generato l'errore: kh2hxrx7.exe2
ID segnalazione: kh2hxrx7.exe3
 
Error: (03/07/2014 08:26:48 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: kh2hxrx7.exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Nome del modulo che ha generato l'errore: kh2hxrx7.exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Codice eccezione: 0xc0000005
Offset errore 0x000011aa
ID processo che ha generato l'errore: 0xbf4
Ora di avvio dell'applicazione che ha generato l'errore: 0xkh2hxrx7.exe0
Percorso dell'applicazione che ha generato l'errore: kh2hxrx7.exe1
Percorso del modulo che ha generato l'errore: kh2hxrx7.exe2
ID segnalazione: kh2hxrx7.exe3
 
Error: (03/07/2014 08:26:30 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mcshield.exe, versione: 14.0.0.433, timestamp: 0x4a381792
Nome del modulo che ha generato l'errore: mscan64a.dll, versione: 5.300.0.2777, timestamp: 0x486bbc99
Codice eccezione: 0xc0000005
Offset errore 0x0000000000166de9
ID processo che ha generato l'errore: 0x11c
Ora di avvio dell'applicazione che ha generato l'errore: 0xmcshield.exe0
Percorso dell'applicazione che ha generato l'errore: mcshield.exe1
Percorso del modulo che ha generato l'errore: mcshield.exe2
ID segnalazione: mcshield.exe3
 
Error: (03/07/2014 08:26:29 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Eccezione in McShield.Exe
 
Dettagli eccezione:
 
VSCORE.14.0.0.433
Exception Code       : 0X00000000C0000005
Exception Address    : 0X0000000012166DE9
Exception Parameters : 2
 Param 1 = 0000000000000000
 Param 2 = 0X0000000000000001
 
More information :
ScanRequest : NTName is \Device\HarddiskVolume3\Users\giuseppe\Desktop\kh2hxrx7.exe.
 
Error: (03/07/2014 08:22:21 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: download[1].exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Nome del modulo che ha generato l'errore: download[1].exe, versione: 2.1.19357.0, timestamp: 0x52e7ea83
Codice eccezione: 0xc0000005
Offset errore 0x000011aa
ID processo che ha generato l'errore: 0xfc4
Ora di avvio dell'applicazione che ha generato l'errore: 0xdownload[1].exe0
Percorso dell'applicazione che ha generato l'errore: download[1].exe1
Percorso del modulo che ha generato l'errore: download[1].exe2
ID segnalazione: download[1].exe3
 
Error: (03/07/2014 08:22:04 PM) (Source: Application Error) (User: )
Description: Nome dell'applicazione che ha generato l'errore: mcshield.exe, versione: 14.0.0.433, timestamp: 0x4a381792
Nome del modulo che ha generato l'errore: mscan64a.dll, versione: 5.300.0.2777, timestamp: 0x486bbc99
Codice eccezione: 0xc0000005
Offset errore 0x0000000000166de9
ID processo che ha generato l'errore: 0xeb4
Ora di avvio dell'applicazione che ha generato l'errore: 0xmcshield.exe0
Percorso dell'applicazione che ha generato l'errore: mcshield.exe1
Percorso del modulo che ha generato l'errore: mcshield.exe2
ID segnalazione: mcshield.exe3
 
Error: (03/07/2014 08:22:03 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: Eccezione in McShield.Exe
 
Dettagli eccezione:
 
VSCORE.14.0.0.433
Exception Code       : 0X00000000C0000005
Exception Address    : 0X0000000012166DE9
Exception Parameters : 2
 Param 1 = 0000000000000000
 Param 2 = 0X0000000000000001
 
More information :
ScanRequest : NTName is \Device\HarddiskVolume3\Users\giuseppe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2BXG2LX7\g6uq5gm4[1].exe.
 
Error: (03/07/2014 08:04:45 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Prodotto: Microsoft Visual C++ 2005 Redistributable (x64) -- Error 1935.Errore durante l'installazione dell'assembly 'Microsoft.VC80.OpenMP,type="win32",version="8.0.50727.762",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64"'. Per ulteriori informazioni, vedere Guida e supporto tecnico. HRESULT: 0x80070002. Interfaccia assembly: IAssemblyCacheItem, funzione: Commit, componente: {09D44781-D142-FE32-A01F-C8B3B9A1E18E}
 
 
System errors:
=============
Error: (03/08/2014 08:15:11 PM) (Source: Service Control Manager) (User: )
Description: Arresto imprevista del servizio McAfee Real-time Scanner. Questo evento si è già verificato 3 volta(e).
 
Error: (03/08/2014 08:10:42 PM) (Source: Service Control Manager) (User: )
Description: Il servizio McAfee Real-time Scanner è stato arrestato in modo imprevisto. Questo problema si è verificato 2 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.
 
Error: (03/08/2014 08:05:47 PM) (Source: Service Control Manager) (User: )
Description: Il servizio McAfee Real-time Scanner è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 60000 millisecondi: Riavvia il servizio.
 
Error: (03/08/2014 08:03:02 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Provider Gruppo Home dipende dal servizio Pubblicazione risorse per individuazione che non è stato avviato per il seguente errore: 
%%1058
 
Error: (03/08/2014 08:01:25 PM) (Source: Service Control Manager) (User: )
Description: Il servizio Utilità di pianificazione dipende dal servizio Registro eventi di Windows che non è stato avviato per il seguente errore: 
%%1058
 
Error: (03/08/2014 06:10:32 AM) (Source: Service Control Manager) (User: )
Description: Servizio Dritek WMI Service terminato. Errore specifico del servizio %%0.
 
Error: (03/08/2014 05:59:58 AM) (Source: atikmdag) (User: )
Description: Display is not active
 
Error: (03/08/2014 05:59:58 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (03/07/2014 10:45:36 PM) (Source: Service Control Manager) (User: )
Description: Servizio Dritek WMI Service terminato. Errore specifico del servizio %%0.
 
Error: (03/07/2014 10:45:16 PM) (Source: atikmdag) (User: )
Description: Display is not active
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 40%
Total physical RAM: 3836.05 MB
Available physical RAM: 2268.52 MB
Total Pagefile: 7670.24 MB
Available Pagefile: 6062.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:285.99 GB) (Free:260.94 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C096F560)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Combofix

Combofix deve essere eseguito solo quando avvertita da un membro del team!

Link

Importante - Salvare il file sul desktop!

 

  • Disattivare qualsiasi e tutti gli scanner antivirus / spyware - possono impedire CF di fare il suo lavoro.
  • Run Combofix.exe
     
Al termine, Combofix crea un file di registro denominato C:\ ComboFix.txt. Si prega di inviare il suo contenuto nella prossima risposta.

 

Nota: Quando si riceve un messaggio di errore contenente "" operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione "semplicemente riavviare il computer per risolvere questo problema.
Link to post
Share on other sites

ComboFix 14-02-24.01 - giuseppe 11/03/2014  16:36:38.1.1 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.3836.2245 [GMT 1:00]

Eseguito da: c:\users\giuseppe\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Acer GameZone online.ico

c:\windows\wininit.ini

.

.

(((((((((((((((((((((((((   Files Creati Da 2014-02-11 al 2014-03-11  )))))))))))))))))))))))))))))))))))

.

.

2014-03-11 16:11 . 2014-02-17 00:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5199E54-CE23-4155-BF25-468363BCAEA1}\mpengine.dll

2014-03-11 15:54 . 2014-03-11 15:54 -------- d-----w- c:\program files\Microsoft Silverlight

2014-03-11 15:54 . 2014-03-11 15:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2014-03-11 15:51 . 2014-03-11 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-11 15:38 . 2014-03-11 15:38 -------- d-----w- c:\windows\system32\SPReview

2014-03-11 15:36 . 2014-03-11 15:36 -------- d-----w- c:\windows\system32\EventProviders

2014-03-11 15:26 . 2014-03-11 15:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2014-03-10 22:13 . 2014-03-10 22:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2014-03-10 22:01 . 2014-03-10 22:01 1187697 ----a-w- c:\windows\unins000.exe

2014-03-10 21:38 . 2013-02-19 09:26 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2014-03-10 21:38 . 2013-02-19 09:26 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-03-10 21:37 . 2013-02-19 09:26 263680 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2014-03-10 21:37 . 2013-02-19 09:26 127208 ----a-w- c:\windows\system32\drivers\aswFW.sys

2014-03-10 21:37 . 2013-02-19 09:26 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-03-10 21:37 . 2013-02-19 09:26 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2014-03-10 21:37 . 2013-02-19 09:26 22664 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-03-10 21:37 . 2013-02-19 09:26 177160 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-03-10 21:37 . 2013-02-19 09:26 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-03-10 21:37 . 2013-02-19 09:26 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-03-10 21:37 . 2013-02-19 09:26 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-03-10 21:36 . 2013-02-19 09:25 287840 ----a-w- c:\windows\system32\aswBoot.exe

2014-03-10 21:34 . 2013-02-18 08:41 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2014-03-10 21:33 . 2013-02-19 09:26 41664 ----a-w- c:\windows\avastSS.scr

2014-03-10 21:32 . 2014-03-10 21:32 -------- d-----w- c:\program files\AVAST Software

2014-03-10 21:31 . 2014-03-10 21:32 -------- d-----w- c:\programdata\AVAST Software

2014-03-10 21:09 . 2014-03-10 21:09 -------- d-----w- c:\programdata\VS Revo Group

2014-03-10 21:09 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2014-03-10 21:09 . 2014-03-10 21:09 -------- d-----w- c:\program files\VS Revo Group

2014-03-10 18:19 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2014-03-10 18:19 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2014-03-10 18:19 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2014-03-10 18:19 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2014-03-10 18:19 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-03-10 18:19 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll

2014-03-10 18:19 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll

2014-03-10 18:19 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll

2014-03-10 18:19 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll

2014-03-10 18:17 . 2010-11-20 13:27 448512 ----a-w- c:\windows\system32\shlwapi.dll

2014-03-10 18:16 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll

2014-03-10 18:15 . 2010-11-20 13:27 23040 ----a-w- c:\windows\system32\rdprefdrvapi.dll

2014-03-10 18:12 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2014-03-10 18:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2014-03-10 18:12 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2014-03-10 17:47 . 2014-02-03 11:20 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\programdata\NCOTEMP

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\windows\system32\drivers\NSTx64

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\program files (x86)\Norton Identity Safe

2014-03-10 16:22 . 2014-03-10 16:22 -------- d-----w- c:\windows\system32\drivers\NAVx64

2014-03-10 16:22 . 2014-03-11 15:42 -------- d-----w- c:\programdata\Norton

2014-03-10 16:20 . 2014-03-10 20:53 -------- d-----w- c:\program files (x86)\NortonInstaller

2014-03-09 16:47 . 2009-08-03 21:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll

2014-03-09 16:47 . 2009-08-03 21:34 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll

2014-03-09 16:46 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2014-03-09 16:46 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2014-03-09 16:46 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2014-03-09 16:46 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2014-03-09 16:46 . 2007-03-13 12:54 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2014-03-09 16:41 . 2014-03-10 14:25 -------- d-----w- c:\programdata\CyberLink

2014-03-09 16:36 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2014-03-09 16:36 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2014-03-09 16:35 . 2014-03-09 16:35 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2014-03-09 16:34 . 2014-03-09 16:34 -------- d-----w- c:\program files (x86)\Microsoft

2014-03-09 16:34 . 2014-03-09 16:34 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2014-03-09 16:33 . 2014-03-09 16:37 -------- d-----w- c:\program files (x86)\Windows Live

2014-03-09 16:31 . 2014-03-09 16:31 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\program files\Synaptics

2014-03-09 16:28 . 2014-03-09 16:27 200704 ----a-w- c:\windows\PLFSetI.exe

2014-03-09 16:28 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\system32\wbem\en-US

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\SysWow64\Wat

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\system32\Wat

2014-03-09 10:28 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2014-03-09 10:28 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2014-03-09 10:28 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2014-03-09 10:05 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2014-03-09 09:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2014-03-09 09:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2014-03-09 09:31 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2014-03-09 09:31 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2014-03-09 09:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2014-03-09 09:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2014-03-09 09:28 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2014-03-09 09:28 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2014-03-09 09:28 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2014-03-09 09:28 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2014-03-09 09:28 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2014-03-09 09:28 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2014-03-09 09:28 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2014-03-09 09:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2014-03-09 09:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2014-03-09 09:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2014-03-09 09:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2014-03-09 09:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2014-03-08 19:52 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2014-03-08 19:52 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2014-03-08 19:52 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2014-03-08 19:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2014-03-08 19:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2014-03-08 19:52 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2014-03-08 19:52 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2014-03-08 19:52 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2014-03-08 19:52 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-03-08 19:52 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2014-03-08 19:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2014-03-08 19:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2014-03-08 19:50 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2014-03-08 19:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2014-03-08 19:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2014-03-08 19:49 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2014-03-08 19:49 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2014-03-08 19:49 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2014-03-08 19:47 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2014-03-08 19:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2014-03-08 19:47 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll

2014-03-08 19:47 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll

2014-03-08 19:47 . 2010-11-20 13:27 33792 ----a-w- c:\windows\system32\profprov.dll

2014-03-08 19:47 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe

2014-03-08 19:47 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe

2014-03-08 19:45 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll

2014-03-08 19:44 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2014-03-08 19:44 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2014-03-08 19:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2014-03-08 19:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2014-03-08 19:43 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-11 16:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2014-03-11 16:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-03-08 03:53 . 2014-03-08 03:53 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\qwavedrv.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 49152 ----a-w- c:\windows\SysWow64\drivers\it-IT\tcpip.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 30720 ----a-w- c:\windows\SysWow64\drivers\it-IT\bfe.dll.mui

2014-03-08 03:53 . 2014-03-08 03:53 16384 ----a-w- c:\windows\SysWow64\drivers\it-IT\pacer.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\scfilter.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 6144 ----a-w- c:\windows\SysWow64\drivers\it-IT\ndiscap.sys.mui

2014-03-07 19:09 . 2009-08-13 22:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd

.

.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-08-13 22:55 433648 ----a-w- c:\programdata\Partner\Partner.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-19 4765768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 aswVmm;aswVmm; [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 0215051394461619mcinstcleanup;McAfee Application Installer Cleanup (0215051394461619);c:\windows\TEMP\021505~1.EXE;c:\windows\TEMP\021505~1.EXE [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]

R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]

R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]

R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]

R4 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys;c:\windows\SYSNATIVE\drivers\aswNdis2.sys [x]

S0 aswRvrt;aswRvrt; [x]

S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys;c:\windows\SYSNATIVE\drivers\aswFW.sys [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-07 19:29 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2014-03-10 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-10 09:25]

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 19:27]

.

2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 19:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-08-13 22:55 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-02-19 09:25 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

------- Scansione supplementare -------

.


uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

**************************************************************************

.

Ora fine scansione: 2014-03-11  17:48:25 - Il pc è stato riavviato

ComboFix-quarantined-files.txt  2014-03-11 16:48

.

Pre-Run: 259.670.953.984 byte disponibili

Post-Run: 269.613.912.064 byte disponibili

.

- - End Of File - - EA66F1F2A8D65AF6CD0FCBD9674C5536

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Combofix scripting

1. Chiudere tutti i browser aperti.

2. Chiudere / disattivare tutti i programmi di lotta Anti Malware virus e quindi non interferiscono con il funzionamento di ComboFix.

3. Scarica il CFScript.txt allegato e salvarlo nella posizione in cui Combofix è.



CFScriptB-4.gif

 

Riferendosi alla foto qui sopra, trascinate cfscript in ComboFix.exe

Al termine, si deve produrre un registro per voi in C:\ ComboFix.txt che mi richiedono nella prossima risposta.
 
 
 
 
Full System Scan with Malwarebytes Antimalware
 
  •      Run Malwarebytes Antimalware
  •      Se viene rilevato un aggiornamento, verrà scaricare e installare la versione più recente.
  •      Una volta che il programma è stato caricato, selezionare Effettuare fullscan, mettere un segno di spunta su tutte le unità disco rigido, quindi fare clic su Scan.
  •      Quando la scansione è completata, fare clic su OK, quindi Mostra risultati per visualizzare i risultati.
  •      Assicurarsi che tutto sia selezionata e cliccate su Elimina selezionati.
  •      Una volta completato, un registro verrà aperto in Blocco note. Si prega di salvarlo in una posizione comoda.
  •      Il registro può essere trovato qui: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  •      O, C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  •      Post che accedere di nuovo qui.

 

CFScript.txt

Link to post
Share on other sites

ComboFix 14-03-10.01 - giuseppe 12/03/2014  17:35:04.2.1 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3836.2893 [GMT 1:00]

Eseguito da: c:\users\giuseppe\Desktop\ComboFix.exe

Opzioni usate :: c:\users\giuseppe\Downloads\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Partner

c:\programdata\Partner\debug.log

c:\programdata\Partner\Partner.dll

c:\programdata\Partner\Partner.exe

c:\programdata\Partner\Partner64.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Partner Service

.

.

(((((((((((((((((((((((((   Files Creati Da 2014-02-12 al 2014-03-12  )))))))))))))))))))))))))))))))))))

.

.

2014-03-12 16:44 . 2014-03-12 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-03-11 19:29 . 2014-03-11 19:29 -------- d-----w- c:\program files (x86)\MSXML 4.0

2014-03-11 17:27 . 2014-03-11 17:27 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4606D4D-ECAD-453C-B97F-51F982964501}\gapaengine.dll

2014-03-11 17:27 . 2014-02-06 00:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF282FC2-2EBC-4797-97D5-8F51C9021D36}\mpengine.dll

2014-03-11 17:22 . 2014-03-11 17:22 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2014-03-11 17:22 . 2014-03-11 17:22 -------- d-----w- c:\program files\Microsoft Security Client

2014-03-11 17:13 . 2014-03-11 17:12 82744 ----a-w- c:\windows\system32\drivers\aswStm.sys

2014-03-11 17:12 . 2014-03-11 17:12 43152 ----a-w- c:\windows\avastSS.scr

2014-03-11 17:12 . 2014-03-11 17:12 445304 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2014-03-11 16:11 . 2014-02-17 00:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5199E54-CE23-4155-BF25-468363BCAEA1}\mpengine.dll

2014-03-11 15:54 . 2014-03-11 15:54 -------- d-----w- c:\program files\Microsoft Silverlight

2014-03-11 15:54 . 2014-03-11 15:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2014-03-11 15:38 . 2014-03-11 15:38 -------- d-----w- c:\windows\system32\SPReview

2014-03-11 15:36 . 2014-03-11 15:36 -------- d-----w- c:\windows\system32\EventProviders

2014-03-11 15:26 . 2014-03-11 15:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2014-03-10 22:13 . 2014-03-10 22:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2014-03-10 22:01 . 2014-03-10 22:01 1187697 ----a-w- c:\windows\unins000.exe

2014-03-10 21:38 . 2014-03-11 17:12 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-03-10 21:37 . 2013-09-25 16:38 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2014-03-10 21:37 . 2013-09-25 16:38 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2014-03-10 21:37 . 2014-03-11 17:12 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2014-03-10 21:37 . 2014-03-11 17:12 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2014-03-10 21:37 . 2014-03-11 17:12 208928 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-03-10 21:37 . 2014-03-11 17:12 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-03-10 21:37 . 2014-03-11 17:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2014-03-10 21:37 . 2014-03-11 17:12 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-03-10 21:36 . 2014-03-11 17:12 334648 ----a-w- c:\windows\system32\aswBoot.exe

2014-03-10 21:32 . 2014-03-10 21:32 -------- d-----w- c:\program files\AVAST Software

2014-03-10 21:31 . 2014-03-11 16:59 -------- d-----w- c:\programdata\AVAST Software

2014-03-10 21:09 . 2014-03-10 21:09 -------- d-----w- c:\programdata\VS Revo Group

2014-03-10 21:09 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2014-03-10 21:09 . 2014-03-10 21:09 -------- d-----w- c:\program files\VS Revo Group

2014-03-10 18:19 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll

2014-03-10 18:19 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll

2014-03-10 18:19 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2014-03-10 18:19 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2014-03-10 18:19 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-03-10 18:19 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll

2014-03-10 18:19 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll

2014-03-10 18:17 . 2010-11-20 13:27 448512 ----a-w- c:\windows\system32\shlwapi.dll

2014-03-10 18:16 . 2010-11-20 13:27 611840 ----a-w- c:\windows\system32\wpd_ci.dll

2014-03-10 18:15 . 2010-11-20 13:27 23040 ----a-w- c:\windows\system32\rdprefdrvapi.dll

2014-03-10 18:12 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll

2014-03-10 18:12 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll

2014-03-10 18:12 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll

2014-03-10 17:47 . 2014-01-19 07:33 270496 ------w- c:\windows\system32\MpSigStub.exe

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\programdata\NCOTEMP

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\windows\system32\drivers\NSTx64

2014-03-10 16:24 . 2014-03-10 16:24 -------- d-----w- c:\program files (x86)\Norton Identity Safe

2014-03-10 16:22 . 2014-03-10 16:22 -------- d-----w- c:\windows\system32\drivers\NAVx64

2014-03-10 16:22 . 2014-03-11 15:42 -------- d-----w- c:\programdata\Norton

2014-03-10 16:20 . 2014-03-10 20:53 -------- d-----w- c:\program files (x86)\NortonInstaller

2014-03-10 14:58 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-03-10 14:58 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-03-10 14:58 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-03-10 14:58 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-03-10 14:58 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-03-10 14:58 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-03-10 14:58 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-03-10 14:27 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll

2014-03-10 14:27 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll

2014-03-10 14:27 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys

2014-03-10 14:27 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys

2014-03-10 14:27 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys

2014-03-10 14:27 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys

2014-03-10 14:27 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys

2014-03-10 14:27 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys

2014-03-10 14:27 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS

2014-03-10 14:27 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe

2014-03-10 14:27 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe

2014-03-09 16:47 . 2009-08-03 21:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll

2014-03-09 16:47 . 2009-08-03 21:34 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll

2014-03-09 16:46 . 2001-09-05 03:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2014-03-09 16:46 . 2001-09-05 03:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll

2014-03-09 16:46 . 2001-09-05 03:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2014-03-09 16:46 . 2001-09-05 03:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2014-03-09 16:46 . 2007-03-13 12:54 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe

2014-03-09 16:41 . 2014-03-10 14:25 -------- d-----w- c:\programdata\CyberLink

2014-03-09 16:36 . 2006-11-29 12:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2014-03-09 16:36 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2014-03-09 16:35 . 2014-03-09 16:35 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2014-03-09 16:34 . 2014-03-09 16:34 -------- d-----w- c:\program files (x86)\Microsoft

2014-03-09 16:34 . 2014-03-09 16:34 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2014-03-09 16:33 . 2014-03-09 16:37 -------- d-----w- c:\program files (x86)\Windows Live

2014-03-09 16:31 . 2014-03-09 16:31 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2014-03-09 16:29 . 2014-03-09 16:29 -------- d-----w- c:\program files\Synaptics

2014-03-09 16:28 . 2014-03-09 16:27 200704 ----a-w- c:\windows\PLFSetI.exe

2014-03-09 16:28 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\system32\wbem\en-US

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\SysWow64\Wat

2014-03-09 16:12 . 2014-03-09 16:12 -------- d-----w- c:\windows\system32\Wat

2014-03-09 10:28 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2014-03-09 10:28 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2014-03-09 10:28 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2014-03-09 10:05 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2014-03-09 09:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2014-03-09 09:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2014-03-09 09:31 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll

2014-03-09 09:31 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

2014-03-09 09:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2014-03-09 09:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2014-03-09 09:28 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2014-03-09 09:28 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2014-03-09 09:28 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2014-03-09 09:28 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2014-03-09 09:28 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2014-03-09 09:28 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2014-03-09 09:28 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2014-03-09 09:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2014-03-09 09:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2014-03-09 09:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2014-03-09 09:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2014-03-09 09:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2014-03-08 19:52 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll

2014-03-08 19:52 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll

2014-03-08 19:52 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2014-03-08 19:52 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2014-03-08 19:52 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll

2014-03-08 19:52 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2014-03-08 19:52 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2014-03-08 19:52 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2014-03-08 19:52 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2014-03-08 19:52 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-03-08 19:52 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-03-11 16:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2014-03-11 16:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2014-03-08 03:53 . 2014-03-08 03:53 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\qwavedrv.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 49152 ----a-w- c:\windows\SysWow64\drivers\it-IT\tcpip.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 30720 ----a-w- c:\windows\SysWow64\drivers\it-IT\bfe.dll.mui

2014-03-08 03:53 . 2014-03-08 03:53 16384 ----a-w- c:\windows\SysWow64\drivers\it-IT\pacer.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\scfilter.sys.mui

2014-03-08 03:53 . 2014-03-08 03:53 6144 ----a-w- c:\windows\SysWow64\drivers\it-IT\ndiscap.sys.mui

2014-03-07 19:09 . 2009-08-13 22:42 6 ----a-w- c:\windows\system32\PLD_Framework.cmd

.

.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-11 3830456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

R4 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

R4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]

R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R4 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]

R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]

R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]

R4 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]

S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE06000.01B\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE06000.01B\ccSetx64.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-03-07 19:29 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe

.

Contenuto della cartella 'Scheduled Tasks'

.

2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 19:27]

.

2014-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 19:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-03-11 17:12 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Scansione supplementare -------

.


uLocal Page = c:\windows\system32\blank.htm



mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

.

BHO-{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - c:\programdata\Partner\Partner.dll

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.6.0.27\diMaster.dll\" /prefetch:1"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Ora fine scansione: 2014-03-12  17:56:17 - Il pc è stato riavviato

ComboFix-quarantined-files.txt  2014-03-12 16:56

ComboFix2.txt  2014-03-11 16:48

.

Pre-Run: 264.785.444.864 byte disponibili

Post-Run: 264.379.584.512 byte disponibili

.

- - End Of File - - FAF67B2F0CC467714BCA0AEFC73DB4B4

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

Malwarebytes Anti-Malware (Prova) 1.75.0.1300

www.malwarebytes.org

 

Versione database: v2014.03.10.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

giuseppe :: GIUSEPPE-PC [amministratore]

 

Protezione: Disattivata

 

12/03/2014 17:59:40

mbam-log-2014-03-12 (17-59-40).txt

 

Tipo di scansione: Scansione completa (C:\|D:\|)

Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM

Opzioni di scansione disattivate: P2P

Elementi esaminati: 372606

Tempo impiegato: 1 ore, 12 minuti, 6 secondi

 

Processi rilevati in memoria: 0

(non sono stati rilevati elementi nocivi)

 

Moduli di memoria rilevati: 0

(non sono stati rilevati elementi nocivi)

 

Chiavi di registro rilevate: 0

(non sono stati rilevati elementi nocivi)

 

Valori di registro rilevati: 0

(non sono stati rilevati elementi nocivi)

 

Voci rilevate nei dati di registro: 0

(non sono stati rilevati elementi nocivi)

 

Cartelle rilevate: 0

(non sono stati rilevati elementi nocivi)

 

File rilevati: 1

C:\Users\giuseppe\Downloads\SoftonicDownloader_per_combofix.exe (PUP.Optional.Softonic.A) -> Spostato in quarantena ed eliminato con successo.

 

(fine)
Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

 

  • Spegnere il reale scanner in tempo di qualsiasi programma antivirus esistente durante l'esecuzione della scansione on-line
  • Barrare la casella accanto a SI, accetto i Termini di Utilizzo.
  • Fare clic su Start
  • Quando è stato chiesto, consentire il controllo ActiveX per l'installazione
  • Fare clic su Start
  • Assicurarsi che l'opzione Rimuovi trovato minacce è deselezionata
  • Fare clic su Impostazioni avanzate e di garantire queste opzioni sono spuntata:
  • Scansione di applicazioni potenzialmente indesiderate
  • Ricerca di applicazioni potenzialmente pericolose
  • Abilita Anti-Stealth Tecnologia
  • Fare clic su Scan
  • Attendere che la scansione alla fine
  • Se vengono individuate minacce, fare clic su 'Lista delle minacce trovati', quindi fare clic su Esporta in un file di testo ....
  • Salvarlo sul desktop, quindi copia e incolla che registro come una risposta a questo argomento.

 

Link to post
Share on other sites

Download AdwCleaner: http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

 

Run adwcleaner.exe

  •      Hit scansione e attendere che la scansione alla fine.
  •      Confermare il messaggio, ma non deselezionare nulla.
  •      Hit Clean
  •      Quando la corsa è finita, si aprirà un file di testo
  •      Si prega di inviare i contenuti all'interno del tuo prossimo risposta
  •      Troverete il file di registro in C:. \ AdwCleaner [S1] txt anche

 

securitycheck
 

Link to post
Share on other sites

# AdwCleaner v3.022 - Report created 15/03/2014 at 17:06:36

# Updated 13/03/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : giuseppe - GIUSEPPE-PC

# Running from : C:\Users\giuseppe\Desktop\adwcleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Public\Desktop\eBay.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKCU\Software\Softonic

Key Found : [x64] HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}

Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll

Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_combofix_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_combofix_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_songr_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_songr_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_winrar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_winrar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16533

 

 

-\\ Google Chrome v33.0.1750.146

 

[ File : C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [2101 octets] - [15/03/2014 17:06:36]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2161 octets] ##########

 

 

Security Check

 

 


 Results of screen317's Security Check version 0.99.80  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

Microsoft Security Essentials   

avast! Antivirus                

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 12.0.0.77  

 Google Chrome 33.0.1750.146  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 AVAST Software Avast AvastSvc.exe  

 AVAST Software Avast afwServ.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 8% 

````````````````````End of Log`````````````````````` 

 

Link to post
Share on other sites

Il sistema è pulito adesso! :)
 
 
YUninstall nostri strumenti utilizzando delfix

Si prega di seguire questi passaggi in ordine:

Nel caso abbiamo utilizzato Defogger di disattivare il software di emulazione CD. È possibile avviare di nuovo e utilizzare il pulsante Attiva.
Nel caso abbiamo utilizzato Combofix. Disattivare il software antivirus una volta di più, quindi rinominare il combofix.exe di Uninstall.exe e lanciarlo un'ultima volta. Si deve notare che Combofix è stato rimosso.
In ogni caso si prega di scaricare delfix sul desktop.
Chiudere tutte le altre programms e avviare delfix.
Si prega di controllare tutte le caselle ed eseguire lo strumento.
delfix ora eliminare tutte le tracce trovate del nostro processo di rimozione
Se c'è ancora qualcosa di sinistra preghiamo di eliminarlo manualy.
Link to post
Share on other sites

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).
 
 
 
Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the "Windows Orb" Start button, then click Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.



A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the "Windows Orb" Start button -> type "eventvwr" without the quotes -> press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Windows Logs" and then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Wininit", with an entry corresponding to the date and time of the disk check.
  • Click on that Wininit entry to select it.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.