Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 barisavio

barisavio

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 14 October 2013 - 11:49 AM

Hallo eweryone,
could someone help me ?....
My laptop doesn't start sometimes (after the comparison of Windows Logo) and turns off suddenly (also during the use).
I used ComboFix today to solve the problem and i received the submentioned ComboFix Log:
Thanks in advance !!
 
ComboFix 13-08-02.03 - mimmo e mariella 14/10/2013  17:19:19.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3959.2122 [GMT 2:00]
Eseguito da: c:\users\mimmo e mariella\Downloads\combofix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-09-14 al 2013-10-14  )))))))))))))))))))))))))))))))))))
.
.
2013-10-14 15:30 . 2013-10-14 15:30    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-10-14 15:30 . 2013-10-14 15:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-14 15:30 . 2013-10-14 15:30    --------    d-----w-    c:\users\AppData\AppData\Local\temp
2013-10-14 15:14 . 2013-10-14 15:14    --------    d-----w-    c:\users\mimmo e mariella\AppData\Roaming\0F1F1C2Y1H1P1C0I0T
2013-10-14 15:06 . 2013-10-14 15:06    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A021E754-305A-4C09-9783-5EDBFE722917}\offreg.dll
2013-10-14 14:59 . 2013-10-14 14:59    --------    d-----w-    c:\users\mimmo e mariella\AppData\Local\Max Secure Software
2013-10-13 21:18 . 2013-07-04 12:50    633856    ----a-w-    c:\windows\system32\comctl32.dll
2013-10-13 21:18 . 2013-07-04 11:50    530432    ----a-w-    c:\windows\SysWow64\comctl32.dll
2013-10-13 21:18 . 2013-06-06 05:50    41472    ----a-w-    c:\windows\system32\lpk.dll
2013-10-13 21:18 . 2013-06-06 05:49    14336    ----a-w-    c:\windows\system32\dciman32.dll
2013-10-13 21:18 . 2013-06-06 04:57    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2013-10-13 21:18 . 2013-06-06 04:50    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2013-10-13 21:18 . 2013-06-06 03:30    368128    ----a-w-    c:\windows\system32\atmfd.dll
2013-10-13 21:18 . 2013-06-06 03:01    295424    ----a-w-    c:\windows\SysWow64\atmfd.dll
2013-10-13 21:16 . 2013-09-08 02:30    1903552    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-10-13 21:14 . 2013-07-20 10:33    102608    ----a-w-    c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 21:14 . 2013-07-20 10:33    124112    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-13 20:54 . 2013-10-13 20:54    --------    d-----w-    C:\found.000
2013-10-13 20:44 . 2013-09-05 05:32    9694160    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A021E754-305A-4C09-9783-5EDBFE722917}\mpengine.dll
2013-10-13 20:42 . 2013-08-01 12:09    983488    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-10-13 20:42 . 2013-08-28 01:12    461312    ----a-w-    c:\windows\system32\scavengeui.dll
2013-09-27 13:27 . 2013-09-27 13:27    --------    d-----w-    c:\programdata\KONAMI
2013-09-27 00:53 . 2013-09-27 00:53    --------    d--h--w-    c:\windows\msdownld.tmp
2013-09-26 22:30 . 2013-09-26 22:30    --------    d-----w-    c:\program files (x86)\KONAMI
2013-09-16 13:05 . 2013-09-16 13:05    --------    d-----w-    c:\users\mimmo e mariella\AppData\Local\Wondershare
2013-09-16 13:05 . 2013-09-16 13:05    --------    d-----w-    c:\program files (x86)\Common Files\Wondershare
2013-09-16 13:05 . 2013-09-17 10:15    --------    d-----w-    c:\users\mimmo e mariella\.android
2013-09-16 13:05 . 2013-09-16 13:05    --------    d-----w-    c:\users\mimmo e mariella\AppData\Roaming\Wondershare
2013-09-16 13:05 . 2013-09-17 10:15    --------    d--h--w-    c:\program files (x86)\DrFoneAndroid_Temp
2013-09-16 13:05 . 2013-09-17 10:15    --------    d-----w-    c:\program files (x86)\Wondershare
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-13 22:19 . 2010-10-12 17:28    80541720    ----a-w-    c:\windows\system32\MRT.exe
2013-10-13 21:56 . 2012-10-15 22:59    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-13 21:56 . 2011-08-22 13:05    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48 . 2013-03-13 22:28    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-13 22:28    204880    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-10-03 23:30    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-10-03 23:30    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-10-03 23:30    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-10-03 23:30    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-10-03 23:30    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-10-03 23:30    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-10-03 23:29    41664    ----a-w-    c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-03-07 10:40    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-08-29 01:48 . 2013-10-13 21:16    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-08-20 05:02 . 2013-08-20 05:02    103576    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-08-18 22:00 . 2013-08-18 22:00    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-08-18 22:00 . 2013-08-18 22:00    312232    ----a-w-    c:\windows\system32\javaws.exe
2013-08-18 22:00 . 2013-08-18 22:00    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-08-18 22:00 . 2013-08-18 22:00    188840    ----a-w-    c:\windows\system32\java.exe
2013-08-18 22:00 . 2013-08-18 22:00    972712    ----a-w-    c:\windows\system32\deployJava1.dll
2013-08-18 22:00 . 2013-08-18 22:00    1093032    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-08-07 02:22 . 2010-09-29 16:46    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-05 02:25 . 2013-09-13 22:31    155584    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-13 22:31    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-13 22:31    424448    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-13 22:31    1161216    ----a-w-    c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-13 22:31    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-13 22:31    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    6656    ----a-w-    c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    5120    ---ha-w-    c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-13 22:31    274944    ----a-w-    c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-13 22:31    5120    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-13 22:31    338432    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-13 22:31    112640    ----a-w-    c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-13 22:31    6144    ---ha-w-    c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 22:31    4608    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 22:31    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-13 22:31    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-13 22:31    14172672    ----a-w-    c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-13 22:31    197120    ----a-w-    c:\windows\system32\shdocvw.dll
2013-07-25 09:25 . 2013-08-15 13:52    1888768    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-15 13:52    1620992    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-15 13:52    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-15 13:52    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2008-02-14 23:00 . 2011-03-19 18:56    99888    ----a-w-    c:\program files (x86)\SNUpdate.exe
2008-02-14 23:00 . 2011-03-19 18:56    9943    ----a-w-    c:\program files (x86)\vcomCtrBack.sys
2008-02-14 23:00 . 2011-03-19 18:56    96768    ----a-w-    c:\program files (x86)\WUNPACLN.dll
2008-02-14 23:00 . 2011-03-19 18:56    946176    ----a-w-    c:\program files (x86)\sxlrt233.dll
2008-02-14 23:00 . 2011-03-19 18:56    843776    ----a-w-    c:\program files (x86)\vcomFtp.dll
2008-02-14 23:00 . 2011-03-19 18:56    638976    ----a-w-    c:\program files (x86)\vcomUiSt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 01:01    1467528    ----a-w-    c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{553318DA-D010-469E-84B1-496563CAE1C0}]
2013-05-20 19:29    119184    ----a-w-    c:\users\mimmo e mariella\AppData\Local\ext_piccshare\ext_piccshare.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
2010-05-31 13:22    742808    ----a-w-    c:\program files (x86)\GamesBar\2.0.1.55\oberontb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-02 13:13    277512    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55    120176    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\mimmo e mariella\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"SSync"="c:\users\mimmo e mariella\AppData\Roaming\SSync\SSync.exe" [2013-04-09 36864]
"DataMgr"="c:\users\mimmo e mariella\AppData\Roaming\DataMgr\DataMgr.exe" [2013-05-20 168848]
"SCheck"="c:\users\mimmo e mariella\AppData\Roaming\SCheck\SCheck.exe" [2013-04-09 36864]
"Snoozer"="c:\users\mimmo e mariella\AppData\Roaming\Snoozer\Snoozer.exe" [2013-07-19 1137672]
"Intermediate"="c:\users\mimmo e mariella\AppData\Roaming\Intermediate\Intermediate.exe" [2013-04-09 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-09-02 1360192]
.
c:\users\mimmo e mariella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitora avvisi inchiostro - HP Deskjet 3070 B611 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN18E3614B05MQ;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Ritaglio schermata e avvio di OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\users\mimmo e mariella\Desktop\SASDIFSV64.SYS;c:\users\mimmo e mariella\Desktop\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\mimmo e mariella\Desktop\SASKUTIL.SYS;c:\users\mimmo e mariella\Desktop\SASKUTIL.SYS [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\BBSvc.exe [x]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 LiveUpSC;LiveUpSC;c:\users\mimmo e mariella\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\mimmo e mariella\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys;c:\windows\SYSNATIVE\DRIVERS\HtcVComV64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 onda_mx83xup_cpo;ONDA Mx83xUP Mass Storage Device;c:\windows\system32\DRIVERS\onda_mx83xup_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\onda_mx83xup_cpo.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.233.0\SeaPort.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 onda_mx83xup_cdc_acm;ONDA Mx83xUP CDC-ACM driver;c:\windows\system32\DRIVERS\onda_mx83xup_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\onda_mx83xup_cdc_acm.sys [x]
S3 onda_mx83xup_dc_enum;ONDA Mx83xUP DC Enumerator;c:\windows\system32\DRIVERS\onda_mx83xup_dc_enum.sys;c:\windows\SYSNATIVE\DRIVERS\onda_mx83xup_dc_enum.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-15 21:56]
.
2013-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215692819-1117043744-514264394-1001Core.job
- c:\users\mimmo e mariella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-30 23:51]
.
2013-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3215692819-1117043744-514264394-1001UA.job
- c:\users\mimmo e mariella\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-30 23:51]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 16:22]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-08 16:22]
.
2013-10-14 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-05-04 22:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-08-02 13:13    336904    ----a-w-    c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58    137584    ----a-w-    c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-07 17412200]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-06 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=faddr&t=a0802
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: Interfaces\{95F13DD2-8812-41D8-8457-E323783A76F9}: NameServer = 10.207.43.46 10.206.56.132
TCP: Interfaces\{98DF0714-25D9-41FE-9A82-546B29ADF3D0}: NameServer = 10.207.43.46 10.206.56.132
FF - ProfilePath - c:\users\mimmo e mariella\AppData\Roaming\Mozilla\Firefox\Profiles\3kb4ev9t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfit202fbdgy11&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfit202fbdgy11&q=
FF - ExtSQL: 2013-09-09 18:58; ascsurfingprotection@iobit.com; c:\users\mimmo e mariella\AppData\Roaming\Mozilla\Firefox\Profiles\3kb4ev9t.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2013-09-25 19:09; firefox@mega.co.nz; c:\users\mimmo e mariella\AppData\Roaming\Mozilla\Firefox\Profiles\3kb4ev9t.default\extensions\firefox@mega.co.nz.xpi
FF - ExtSQL: !HIDDEN! 2013-02-19 04:38; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF - user.js: extentions.y2layers.installId - 9a244d40-fc38-440d-9021-598ee1ea144c
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - bc8ff994000000000000000000000000
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15925
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.022:28
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - it
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121564&tt=070813_wt3&tsp=4968
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
BHO-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
BHO-{6b284373-1765-4464-a587-80fbc2b2eefa} - (no file)
BHO-{EA35911C-1B6A-4AF3-B803-913BA025C271} - (no file)
Toolbar-Locked - (no file)
Toolbar-{7B840956-64ED-11DE-B890-694956D89593} - (no file)
Toolbar-{6b284373-1765-4464-a587-80fbc2b2eefa} - (no file)
Toolbar-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
Toolbar-{03EB0E9C-7A91-4381-A220-9B52B641CDB1} - c:\program files (x86)\IObit Apps Toolbar\IE\7.6\iobitappsToolbarIE.dll
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3215692819-1117043744-514264394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3215692819-1117043744-514264394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-10-14  17:37:14
ComboFix-quarantined-files.txt  2013-10-14 15:37
ComboFix2.txt  2013-08-03 23:27
.
Pre-Run: 11.183.509.504 byte disponibili
Post-Run: 10.819.768.320 byte disponibili
.
- - End Of File - - 00088AA7E1A51F0D01855F7A21A8F6B4
D41D8CD98F00B204E9800998ECF8427E

Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:31 AM

Posted 17 October 2013 - 12:28 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:31 AM

Posted 23 October 2013 - 10:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users