Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Msil.inject.bin- dss and combofix reports!


  • This topic is locked This topic is locked
1 reply to this topic

#1 stefanop1

stefanop1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 21 April 2013 - 05:28 AM

Hi

Sorry if I bothering you but I need some help. Yesterday I setup Microsoft office from torrent. I did I big mistake because it was a trojan, now office it is still working but I get this trojan that it is annoying me and my laptop.

 

I read a lot of post in this forum and I decide to use these following programe to remove it:

-dss

-adwcleaner

-combofix

-roguekiller

-securitiescheck

 

I have a lot of report now but I can't read it. May you help me?

I read the guide so I copy and paste here the dss report(both files) and combofix report:

 

 

 

(Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267
Run by Stefano at 4:15:05 on 2013-04-21
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.3765.1648 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO: Guida per l'accesso a Windows Live: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [PCShowServer] "C:\Users\Stefano\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [MDS_Menu] "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{F328F39A-0010-4CC2-A058-C5915631349A} : DHCPNameServer = 62.101.93.101 83.103.25.250
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\rhejlwu7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Stefano\AppData\Local\Sky Italia\Sky Go Player\npPlayerPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-04-15 14:43; anti_banner@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; online_banking@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-04-15 14:44; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-04-15 15:15; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\rhejlwu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-3-6 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AVP;Servizio Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-3-6 356376]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2013-4-15 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2013-4-14 865824]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-3-24 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-9 250368]
R2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2013-4-14 260640]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-24 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-24 243232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-3-24 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-4-15 158976]
R3 IntcDAud;Audio schermo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-15 271872]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-3-6 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-3-6 29528]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-24 74280]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-2 40448]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-3-24 332272]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-16 1255736]
.
=============== Created Last 30 ================
.
2013-04-21 01:25:10 -------- d-----w- C:\Users\Stefano\AppData\Local\Microsoft Games
2013-04-21 01:23:50 98816 ----a-w- C:\Windows\sed.exe
2013-04-21 01:23:50 256000 ----a-w- C:\Windows\PEV.exe
2013-04-21 01:23:50 208896 ----a-w- C:\Windows\MBR.exe
2013-04-21 00:05:26 -------- d-----w- C:\Windows\PCHEALTH
2013-04-20 21:48:10 -------- d-----w- C:\Users\Stefano\AppData\Roaming\uTorrent
2013-04-19 14:30:32 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14B70967-ACB6-437E-A626-3ABF0AA36B53}\offreg.dll
2013-04-19 12:09:10 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14B70967-ACB6-437E-A626-3ABF0AA36B53}\mpengine.dll
2013-04-18 09:54:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-04-17 18:49:24 -------- d-----w- C:\Users\Stefano\AppData\Local\Adobe
2013-04-17 12:43:06 -------- d-----r- C:\Program Files (x86)\Skype
2013-04-16 12:05:24 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-16 11:50:41 -------- d-----w- C:\Windows\SysWow64\Wat
2013-04-16 11:50:40 -------- d-----w- C:\Windows\System32\Wat
2013-04-16 01:41:15 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2013-04-16 01:41:15 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2013-04-16 01:41:15 444752 ----a-w- C:\Windows\System32\mscoree.dll
2013-04-16 01:41:15 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2013-04-16 01:41:15 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2013-04-16 01:41:15 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2013-04-16 01:41:15 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2013-04-16 01:41:15 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2013-04-16 01:41:14 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2013-04-16 01:41:14 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2013-04-16 01:40:08 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2013-04-16 01:23:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-04-16 01:23:41 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-04-16 01:23:41 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-04-16 01:23:41 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-04-16 01:07:56 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2013-04-16 01:07:56 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-04-16 01:07:56 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-04-16 01:07:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-04-16 01:07:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-04-15 20:08:04 108848 ----a-r- C:\Users\Stefano\AppData\Roaming\Microsoft\Installer\{32df31d2-9751-425f-ab51-eec25cf7296a}\ARPPRODUCTICON.exe
2013-04-15 20:08:04 -------- d-----w- C:\Users\Stefano\AppData\Local\Sky Italia
2013-04-15 15:59:11 -------- d-----w- C:\Users\Stefano\AppData\Local\Apple Computer
2013-04-15 15:58:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-15 15:58:16 -------- d-----w- C:\Program Files\iPod
2013-04-15 15:58:14 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-15 15:58:14 -------- d-----w- C:\Program Files\iTunes
2013-04-15 15:58:14 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-15 15:55:00 -------- d-----w- C:\Users\Stefano\AppData\Local\Apple
2013-04-15 15:54:01 -------- d-----w- C:\Program Files\Bonjour
2013-04-15 15:54:01 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-04-15 13:56:28 -------- d-----w- C:\Users\Stefano\AppData\Local\Macromedia
2013-04-15 13:56:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 13:56:15 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-15 12:59:59 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2013-04-15 12:58:47 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-04-15 12:57:53 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-04-15 12:56:46 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2013-04-15 12:55:33 609792 ----a-w- C:\Windows\System32\vbscript.dll
2013-04-15 12:55:32 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-04-15 12:55:06 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-04-15 12:55:05 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-04-15 12:55:01 603976 ----a-w- C:\Windows\System32\winload.exe
2013-04-15 12:55:01 518160 ----a-w- C:\Windows\System32\winresume.exe
2013-04-15 12:55:00 640896 ----a-w- C:\Windows\System32\winload.efi
2013-04-15 12:55:00 19328 ----a-w- C:\Windows\System32\kd1394.dll
2013-04-15 12:53:58 136704 ----a-w- C:\Windows\System32\browser.dll
2013-04-15 12:52:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-04-15 12:44:41 64856 ----a-w- C:\Windows\System32\klfphc.dll
2013-04-15 12:43:47 -------- d-----w- C:\Windows\ELAMBKUP
2013-04-15 12:43:40 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-04-15 12:43:40 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-04-15 12:43:13 89432 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-04-15 12:42:06 77312 ----a-w- C:\Windows\System32\packager.dll
2013-04-15 12:42:06 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-04-15 12:41:07 -------- d-----w- C:\Users\Stefano\AppData\Local\Mozilla
2013-04-15 00:14:56 -------- d-----w- C:\Windows\it-IT
2013-04-15 00:13:59 3584 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\it-IT\LXKPTPRC.DLL.mui
2013-04-15 00:07:13 -------- d-----w- C:\Windows\NAPP_Dism_Log
2013-04-15 00:04:08 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-04-15 00:04:08 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-04-15 00:03:59 630272 ----a-w- C:\Windows\System32\evr.dll
2013-04-15 00:03:59 488448 ----a-w- C:\Windows\SysWow64\evr.dll
2013-04-15 00:01:47 349776 ----a-w- C:\Windows\UNINSTLMv4.EXE
2013-04-15 00:01:43 396072 ----a-w- C:\Windows\System32\SynCOM.dll
2013-04-15 00:01:43 292912 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2013-04-15 00:01:43 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
2013-04-15 00:01:43 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2013-04-15 00:01:43 205608 ----a-w- C:\Windows\System32\SynTPAPI.dll
2013-04-15 00:01:43 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-04-15 00:01:43 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2013-04-15 00:01:43 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2013-04-15 00:01:43 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2013-04-15 00:01:35 2216960 ----a-w- C:\Windows\System32\drivers\athrx.sys
2013-04-14 15:32:59 -------- d-----w- C:\Program Files (x86)\OEM
2013-04-14 15:32:47 -------- d-----w- C:\Program Files\Acer Accessory Store
2013-04-14 15:27:06 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-14 14:57:54 -------- d-----w- C:\kleaner.tmp
2013-04-14 14:53:36 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-04-14 14:52:54 -------- d-----w- C:\Users\Stefano\AppData\Local\Microsoft Help
2013-04-14 14:50:33 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2013-04-14 14:50:33 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2013-04-14 14:50:15 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-04-14 14:49:35 -------- d-----w- C:\Program Files (x86)\Microsoft
2013-04-14 14:49:11 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2013-04-14 14:48:33 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22dbce291ce391f\DSETUP.dll
2013-04-14 14:48:33 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22dbce291ce391f\DXSETUP.exe
2013-04-14 14:48:33 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22dbce291ce391f\dsetup32.dll
2013-04-14 14:47:55 144773448 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc1E4B.tmp
2013-04-14 14:47:50 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2013-04-14 14:46:32 -------- d-----w- C:\BOOK
2013-04-14 14:46:03 -------- d-----w- C:\Program Files\Preload
2013-04-14 14:44:30 -------- d-----w- C:\Users\Stefano\AppData\Local\Google
2013-04-14 14:43:11 82432 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2013-04-14 14:43:11 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2013-04-14 14:42:47 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-04-14 14:42:47 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-04-14 14:42:47 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-04-14 14:42:47 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-04-14 14:42:46 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-04-14 14:41:25 -------- d-----w- C:\Users\Stefano\AppData\Local\Cyberlink
2013-04-14 14:41:03 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-04-14 14:41:03 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-04-14 14:41:03 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-04-14 14:41:02 139264 ----a-w- C:\Windows\System32\cabview.dll
2013-04-14 14:41:02 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2013-04-14 14:40:31 -------- d-----w- C:\Program Files (x86)\Haali
2013-04-14 14:39:17 -------- d-----w- C:\Program Files (x86)\Acer Arcade Deluxe
2013-04-14 14:37:16 -------- d-----w- C:\Program Files (x86)\Launch Manager
2013-04-14 14:37:04 -------- d-----w- C:\Program Files\Synaptics
2013-04-14 14:36:09 206208 ----a-w- C:\Windows\PLFSetI.exe
2013-04-14 14:36:08 113264 ----a-w- C:\Windows\FixUVC.exe
2013-04-14 14:35:17 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-04-14 14:35:03 -------- d-----w- C:\Program Files\Realtek
2013-04-14 14:35:00 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll
2013-04-14 14:35:00 2719504 ----a-w- C:\Windows\System32\WavesGUILib.dll
2013-04-14 14:35:00 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll
2013-04-14 14:35:00 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll
2013-04-14 14:33:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-04-14 14:32:26 -------- d-----w- C:\Users\Stefano\AppData\Local\VirtualStore
2013-04-14 14:32:25 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-04-14 14:31:39 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-04-14 14:31:39 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-04-14 14:29:59 -------- d-----w- C:\Recovery
2013-04-14 14:29:58 -------- d-sh--we C:\Programmi
2013-04-14 14:29:58 -------- d-sh--we C:\ProgramData\Preferiti
2013-04-14 14:29:58 -------- d-sh--we C:\ProgramData\Modelli
2013-04-14 14:29:58 -------- d-sh--we C:\ProgramData\Menu Avvio
2013-04-14 14:29:58 -------- d-sh--we C:\ProgramData\Documenti
2013-04-14 14:29:58 -------- d-sh--we C:\ProgramData\Dati applicazioni
2013-04-14 14:29:58 -------- d-sh--we C:\Program Files\File comuni
2013-04-14 14:25:00 -------- d-----w- C:\Program Files\Common Files\Intel
2013-04-14 14:24:59 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
.
==================== Find3M  ====================
.
2013-04-15 00:14:00 2560 ----a-w- C:\Windows\SysWow64\drivers\it-IT\qwavedrv.sys.mui
2013-04-15 00:13:55 49152 ----a-w- C:\Windows\SysWow64\drivers\it-IT\tcpip.sys.mui
2013-04-15 00:13:51 30720 ----a-w- C:\Windows\SysWow64\drivers\it-IT\bfe.dll.mui
2013-04-15 00:13:51 16384 ----a-w- C:\Windows\SysWow64\drivers\it-IT\pacer.sys.mui
2013-04-15 00:13:42 2560 ----a-w- C:\Windows\SysWow64\drivers\it-IT\scfilter.sys.mui
2013-04-15 00:13:40 6144 ----a-w- C:\Windows\SysWow64\drivers\it-IT\ndiscap.sys.mui
2013-03-19 06:19:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:06:09 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06:09 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-06 20:20:46 54104 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-03-06 20:20:46 29528 ----a-w- C:\Windows\System32\drivers\klmouflt.sys
2013-03-06 20:20:46 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys
2013-03-02 05:49:19 1198080 ----a-w- C:\Windows\System32\wininet.dll
2013-03-02 05:43:16 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2013-03-02 05:06:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-02 04:38:33 482816 ----a-w- C:\Windows\System32\html.iec
2013-03-02 04:03:34 386048 ----a-w- C:\Windows\SysWow64\html.iec
2013-03-02 03:56:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-02 03:30:45 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-03-02 03:29:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 15:42:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-02-12 15:37:30 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2013-02-12 15:31:40 158208 ----a-w- C:\Windows\System32\aaclient.dll
2013-02-12 15:13:55 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-02-12 15:07:48 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-02-12 14:02:22 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-12 13:59:49 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
.
============= FINISH:  4:15:42,73 ===============
 

 

ComboFix 13-04-20.02 - Stefano 21/04/2013   3:25.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.3765.1787 [GMT 2:00]
Eseguito da: c:\users\Stefano\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-03-21 al 2013-04-21  )))))))))))))))))))))))))))))))))))
.
.
2013-04-21 01:37 . 2013-04-21 01:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-21 00:05 . 2013-04-21 00:05 -------- d-----w- c:\windows\PCHEALTH
2013-04-19 14:30 . 2013-04-19 14:30 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14B70967-ACB6-437E-A626-3ABF0AA36B53}\offreg.dll
2013-04-19 12:09 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14B70967-ACB6-437E-A626-3ABF0AA36B53}\mpengine.dll
2013-04-18 09:54 . 2013-04-18 09:54 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-04-17 12:43 . 2013-04-17 12:43 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-17 12:43 . 2013-04-17 12:43 -------- d-----r- c:\program files (x86)\Skype
2013-04-17 12:43 . 2013-04-17 22:59 -------- d-----w- c:\programdata\Skype
2013-04-16 11:50 . 2013-04-16 11:50 -------- d-----w- c:\windows\SysWow64\Wat
2013-04-16 11:50 . 2013-04-16 11:50 -------- d-----w- c:\windows\system32\Wat
2013-04-16 01:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2013-04-16 01:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2013-04-16 01:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2013-04-16 01:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2013-04-16 01:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2013-04-16 01:41 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-04-16 01:41 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2013-04-16 01:41 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2013-04-16 01:41 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2013-04-16 01:41 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2013-04-16 01:40 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2013-04-16 01:23 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-04-16 01:23 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-04-16 01:23 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-04-16 01:23 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-04-16 01:15 . 2013-04-16 01:15 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-04-16 01:09 . 2013-04-16 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2013-04-16 01:09 . 2013-04-16 01:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-04-16 01:07 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-04-16 01:07 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2013-04-16 01:07 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-04-16 01:07 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2013-04-16 01:07 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-04-15 15:58 . 2013-04-15 15:58 -------- dc----w- c:\windows\system32\DRVSTORE
2013-04-15 15:58 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-15 15:58 . 2013-04-15 15:58 -------- d-----w- c:\program files\iPod
2013-04-15 15:58 . 2013-04-15 15:58 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-15 15:58 . 2013-04-15 15:58 -------- d-----w- c:\program files\iTunes
2013-04-15 15:58 . 2013-04-15 15:58 -------- d-----w- c:\program files (x86)\iTunes
2013-04-15 15:58 . 2013-04-15 15:58 -------- d-----w- c:\programdata\Apple Computer
2013-04-15 15:54 . 2013-04-15 15:54 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-04-15 15:54 . 2013-04-15 15:54 -------- d-----w- c:\program files\Common Files\Apple
2013-04-15 15:54 . 2013-04-15 15:54 -------- d-----w- c:\program files\Bonjour
2013-04-15 15:54 . 2013-04-15 15:54 -------- d-----w- c:\program files (x86)\Bonjour
2013-04-15 15:53 . 2013-04-15 15:58 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-04-15 15:53 . 2013-04-15 15:54 -------- d-----w- c:\programdata\Apple
2013-04-15 13:56 . 2013-04-15 13:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-15 13:56 . 2013-04-15 13:56 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-15 13:56 . 2013-04-15 13:56 -------- d-----w- c:\windows\system32\Macromed
2013-04-15 12:59 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2013-04-15 12:58 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-04-15 12:57 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-04-15 12:56 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2013-04-15 12:55 . 2012-06-16 05:25 609792 ----a-w- c:\windows\system32\vbscript.dll
2013-04-15 12:55 . 2012-06-16 05:25 850944 ----a-w- c:\windows\system32\jscript.dll
2013-04-15 12:55 . 2012-06-16 04:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-15 12:55 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll
2013-04-15 12:55 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-04-15 12:55 . 2011-02-05 12:39 603976 ----a-w- c:\windows\system32\winload.exe
2013-04-15 12:55 . 2011-02-05 12:39 518160 ----a-w- c:\windows\system32\winresume.exe
2013-04-15 12:55 . 2011-02-05 12:41 640896 ----a-w- c:\windows\system32\winload.efi
2013-04-15 12:55 . 2011-02-05 12:41 19328 ----a-w- c:\windows\system32\kd1394.dll
2013-04-15 12:53 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2013-04-15 12:52 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-04-15 12:44 . 2013-03-06 20:20 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-04-15 12:43 . 2013-04-15 12:43 -------- d-----w- c:\windows\ELAMBKUP
2013-04-15 12:43 . 2013-04-21 01:20 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-15 12:43 . 2013-04-15 12:43 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-04-15 12:43 . 2013-03-06 20:20 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-15 12:43 . 2012-08-13 16:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-15 12:42 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2013-04-15 12:42 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-04-15 12:40 . 2013-04-15 12:40 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\XPSViewer
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\drivers\UMDF\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\drivers\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\0410
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\wbem\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\SysWow64\it
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\system32\drivers\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\system32\0410
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\system32\wbem\it-IT
2013-04-15 00:14 . 2013-04-15 00:14 -------- d-----w- c:\windows\system32\it
2013-04-15 00:13 . 2013-04-15 00:13 3584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\it-IT\LXKPTPRC.DLL.mui
2013-04-15 00:07 . 2013-04-15 00:07 -------- d-----w- c:\windows\NAPP_Dism_Log
2013-04-15 00:04 . 2013-04-15 00:04 51712 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-04-15 00:04 . 2013-04-15 00:04 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-04-15 00:03 . 2013-04-15 00:03 630272 ----a-w- c:\windows\system32\evr.dll
2013-04-15 00:03 . 2013-04-15 00:03 488448 ----a-w- c:\windows\SysWow64\evr.dll
2013-04-15 00:01 . 2010-01-25 23:09 349776 ----a-w- c:\windows\UNINSTLMv4.EXE
2013-04-15 00:01 . 2009-09-18 04:12 292912 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-04-15 00:01 . 2009-09-18 04:09 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2013-04-15 00:01 . 2009-09-18 04:09 205608 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-04-15 00:01 . 2009-09-18 04:09 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2013-04-15 00:01 . 2009-09-18 04:09 263464 ----a-w- c:\windows\system32\SynCtrl.dll
2013-04-15 00:01 . 2009-09-18 04:09 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2013-04-15 00:01 . 2009-09-18 04:09 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll
2013-04-15 00:01 . 2009-09-18 04:09 396072 ----a-w- c:\windows\system32\SynCOM.dll
2013-04-15 00:01 . 2009-08-07 17:49 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-04-15 00:01 . 2010-04-07 18:04 2216960 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-04-14 15:32 . 2013-04-14 15:32 -------- d-----w- c:\program files (x86)\OEM
2013-04-14 15:32 . 2013-04-14 15:32 -------- d-----w- c:\program files\Acer Accessory Store
2013-04-14 15:27 . 2013-03-11 23:10 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-04-14 14:57 . 2013-04-14 14:57 -------- d-----w- C:\kleaner.tmp
2013-04-14 14:53 . 2013-04-14 14:53 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2013-04-14 14:50 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-14 14:50 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-04-14 14:50 . 2013-04-14 14:50 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-04-14 14:49 . 2013-04-14 14:49 -------- d-----w- c:\program files (x86)\Microsoft
2013-04-14 14:49 . 2013-04-14 14:49 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2013-04-14 14:48 . 2013-04-14 14:51 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-14 14:47 . 2013-04-14 14:47 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-04-14 14:46 . 2013-04-14 14:46 -------- d-----w- C:\BOOK
2013-04-14 14:46 . 2013-04-14 14:46 -------- d-----w- c:\program files\Preload
2013-04-14 14:45 . 2013-04-14 14:45 -------- d-----w- c:\users\Public\OEM
2013-04-14 14:43 . 2010-02-26 13:49 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-04-14 14:43 . 2010-02-26 13:49 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2013-04-14 14:41 . 2013-04-14 14:41 -------- d-----w- c:\program files (x86)\Cyberlink
2013-04-14 14:41 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-04-14 14:41 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-04-14 14:41 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-04-14 14:41 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2013-04-14 14:41 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 00:14 . 2013-04-15 00:14 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\qwavedrv.sys.mui
2013-04-15 00:13 . 2013-04-15 00:13 49152 ----a-w- c:\windows\SysWow64\drivers\it-IT\tcpip.sys.mui
2013-04-15 00:13 . 2013-04-15 00:13 30720 ----a-w- c:\windows\SysWow64\drivers\it-IT\bfe.dll.mui
2013-04-15 00:13 . 2013-04-15 00:13 16384 ----a-w- c:\windows\SysWow64\drivers\it-IT\pacer.sys.mui
2013-04-15 00:13 . 2013-04-15 00:13 2560 ----a-w- c:\windows\SysWow64\drivers\it-IT\scfilter.sys.mui
2013-04-15 00:13 . 2013-04-15 00:13 6144 ----a-w- c:\windows\SysWow64\drivers\it-IT\ndiscap.sys.mui
2013-03-06 20:20 . 2013-03-06 20:20 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-03-06 20:20 . 2013-03-06 20:20 29528 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2013-03-06 20:20 . 2013-03-06 20:20 29016 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-03-24 19:45 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-24 39408]
"PCShowServer"="c:\users\Stefano\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [2013-02-11 1335632]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-01 124136]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-06 356376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2013-4-14 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-03-24 332272]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-16 1255736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-03-06 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Audio schermo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-03-06 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-03-06 29528]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-20 17:05 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-15 13:56]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 12:34]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-15 12:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-03-24 19:45 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-01-20 877600]
"PLFSetI"="c:\windows\PLFSetI.exe" [2013-04-14 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_3820&r=27360413i826l04e8z1j5t4691k126
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Aggiungi ad Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\rhejlwu7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-04-15 14:43; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-04-15 14:43; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-04-15 14:44; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-04-15 15:15; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\Profiles\rhejlwu7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-04-21  03:54:23
ComboFix-quarantined-files.txt  2013-04-21 01:54
.
Pre-Run: 228.405.506.048 byte disponibili
Post-Run: 229.417.103.360 byte disponibili
.
- - End Of File - - F001BD556DD10B92166B599A8D727D0B
 

 



BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:54 PM

Posted 21 April 2013 - 08:43 AM

You have 2 duplicate posts:
http://www.bleepingcomputer.com/forums/t/492262/i-need-help-against-malware/

http://www.bleepingcomputer.com/forums/t/492286/infected-with-trojanmsilinjectbin-dss-and-combofix-reports/

You noted getting a torrent download of MS Office. angry5.gif
This forum does not condone the use of pritated software.
We cannot help you as long as you have pirated software.
I am closing these threads.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users