Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with TDSS and Google keeps redirecting


  • This topic is locked This topic is locked
4 replies to this topic

#1 livi83

livi83

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 29 May 2015 - 04:23 PM

ComboFix 15-05-28.01 - Aurora 29/05/2015  22:40:22.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.3933.2285 [GMT 2:00]
Eseguito da: c:\users\Aurora\Desktop\ComboFix.exe
SP: Windows Defenderarrow-10x10.png *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2015-04-28 al 2015-05-29  )))))))))))))))))))))))))))))))))))
.
.
2015-05-29 20:49 . 2015-05-29 20:49 -------- d-----w- c:\users\HomeGroupUser$\AppData\Local\temp
2015-05-29 20:49 . 2015-05-29 20:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-05-29 20:49 . 2015-05-29 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 20:49 . 2015-05-29 20:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-05-29 10:45 . 2015-05-29 10:45 -------- d-----w- c:\users\Aurora\AppData\Roaming\D678AB00-1432896309-11DE-AEA9-00269E352224
2015-05-29 09:16 . 2015-05-29 09:16 -------- d-----w- c:\programdata\c857286000054a4
2015-05-29 09:14 . 2015-05-29 09:15 -------- d-----w- c:\programdata\5d45ec3b000007b1
2015-05-29 09:11 . 2015-05-28 21:45 48776 ----a-w- c:\windows\system32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64.sys
2015-05-28 16:36 . 2015-05-28 16:36 -------- d-----w- c:\users\Aurora\AppData\Local\Crossbrowse
2015-05-28 16:20 . 2015-05-28 16:20 -------- d-----w- c:\users\Administrator\AppData\Local\Crossbrowse
2015-05-28 14:56 . 2015-05-28 16:28 -------- d-----w- c:\windows\SysWow64\Flash
2015-05-28 14:54 . 2015-05-29 14:54 -------- d-----w- c:\programdata\{2755c150-36ad-1e39-2755-5c15036a0540}
2015-05-28 14:50 . 2015-05-27 19:55 48776 ----a-w- c:\windows\system32\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}Gw64.sys
2015-05-28 14:49 . 2015-05-28 16:29 -------- d-----w- c:\program files\WaIEn
2015-05-28 14:48 . 2015-05-28 14:48 -------- d-----w- c:\programdata\IHProtectUpDate
2015-05-28 14:47 . 2015-05-28 16:29 -------- d-----w- c:\program files (x86)\XTab
2015-05-28 14:47 . 2015-05-28 16:29 -------- d-----w- c:\programdata\WindowsMangerProtect
2015-05-28 14:47 . 2015-05-28 16:29 -------- d-----w- c:\users\Aurora\AppData\Roaming\mystartsearch
2015-05-28 14:45 . 2015-05-29 09:25 -------- d-----w- c:\program files (x86)\Edu App
2015-05-28 14:44 . 2015-05-28 16:29 -------- d-----w- c:\program files (x86)\gmsd_it_434
2015-05-28 14:44 . 2015-05-28 16:29 -------- d-----w- c:\users\Aurora\AppData\Local\gmsd_it_434
2015-05-28 14:43 . 2015-05-28 14:43 -------- d-----w- c:\programdata\28341ff220e0446c9fff27c4493d622e
2015-05-28 14:43 . 2015-05-28 16:29 -------- d-----w- c:\programdata\FlashBeat
2015-05-28 14:34 . 2015-05-29 20:24 -------- d-----w- c:\users\Aurora\AppData\Local\D678AB00-1432830882-11DE-AEA9-00269E352224
2015-05-28 14:34 . 2015-05-28 16:29 -------- d-----w- c:\users\Aurora\AppData\Local\D678AB00-1432830864-11DE-AEA9-00269E352224
2015-05-28 14:32 . 2015-05-29 20:22 -------- d-----w- c:\users\Aurora\AppData\Local\gmsd_it_429
2015-05-28 14:32 . 2015-05-28 16:29 -------- d-----w- c:\program files (x86)\gmsd_it_429
2015-05-28 14:31 . 2015-05-29 09:16 -------- d-----w- c:\program files (x86) Optimizer Proarrow-10x10.png 3.95
2015-05-28 14:31 . 2015-05-29 14:31 -------- d-----w- c:\programdata\{4b1487b5-0121-0470-4b14-487b50121ed4}
2015-05-28 14:31 . 2015-05-29 09:23 -------- d-----w- c:\program files (x86)\GUPlayer
2015-05-28 14:31 . 2015-05-28 16:29 -------- d-----w- c:\users\Aurora\AppData\Roaming\D678AB00-1432823465-11DE-AEA9-00269E352224
2015-05-28 14:30 . 2015-05-28 16:29 -------- d-----w- c:\program files (x86)\CandyBox
2015-05-17 16:34 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 16:34 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-17 15:59 . 2015-04-21 15:46 2125824 ----a-w- c:\windows\system32\inetcpl.cpl
2015-05-17 15:58 . 2015-04-27 19:23 1254400 ----a-w- c:\windows\system32\diagtrack.dll
2015-05-17 15:58 . 2015-04-27 18:06 36864 ----a-w- c:\windows\system32\UtcResources.dll
2015-05-17 15:34 . 2015-05-05 01:29 342016 ----a-w- c:\windows\system32\schannel.dll
2015-05-17 15:34 . 2015-05-05 01:12 248832 ----a-w- c:\windows\SysWow64\schannel.dll
2015-05-17 15:34 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-05-17 15:34 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-05-17 15:32 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-17 15:25 . 2015-01-29 03:19 2543104 ----a-w- c:\windows\system32\wpdshext.dll
2015-05-17 15:25 . 2015-01-29 03:19 1195008 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-05-17 15:25 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2015-05-17 15:24 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-05-17 15:24 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
2015-05-17 15:24 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-17 15:24 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-17 15:24 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-17 15:24 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-17 15:24 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-17 15:24 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-17 15:24 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-07 10:26 . 2015-04-17 02:43 52392 ----a-w- c:\windows\system32\drivers\iSafeNetFilter.sys
2015-05-07 10:24 . 2015-05-07 10:24 -------- d-----w- c:\users\Aurora\AppData\Roaming\Elex-tech
2015-05-07 09:55 . 2015-05-07 10:10 -------- d-----w- C:\AdwCleaner
2015-05-05 15:57 . 2015-05-05 15:57 -------- d-----w- c:\program files (x86)\Elex-tech
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-30 08:07 . 2013-10-07 14:19 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-17 15:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-25 03:24 . 2015-04-16 21:54 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-16 21:54 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-16 21:54 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-16 21:54 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-16 21:54 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-16 21:54 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-16 21:54 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-16 21:54 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-16 21:54 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-16 21:54 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-16 21:54 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-16 21:54 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-16 21:54 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-16 21:54 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-16 21:54 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-16 21:54 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-16 21:54 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-16 21:54 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-16 21:54 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-16 21:54 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-16 21:54 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-16 21:53 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-16 21:53 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-16 21:54 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-16 21:53 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-16 21:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-16 21:53 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-16 21:53 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-16 21:53 404480 ----a-w- c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-16 21:53 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-16 21:49 367552 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-16 21:49 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-17 15:24 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41 . 2015-05-17 15:24 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10 . 2015-04-16 21:49 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-17 15:24 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-17 15:24 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-17 15:24 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
2015-05-18 02:52 538240 ----a-w- c:\program files (x86)\XTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="c:\program files (x86)\Acer\Registration\GREG.exe" [2009-07-31 2844704]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"Akamai NetSession Interface"="c:\users\Aurora\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"HW_OPENEYE_OUC_Chiavetta Internet Tre.it"="c:\program files (x86)\Chiavetta Internet Tre.it\UpdateDog\ouc.exe" [2015-01-19 246112]
"Spotify Web Helper"="c:\users\Aurora\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-03-28 1964088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec Nortonarrow-10x10.png Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 825864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"gmsd_it_429"="c:\program files (x86)\gmsd_it_429\gmsd_it_429.exe" [2015-05-26 3980456]
"gmsd_it_434"="c:\program files (x86)\gmsd_it_434\gmsd_it_434.exe" [2015-05-27 3980456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"upgmsd_it_429.exe"="c:\users\Aurora\AppData\Local\gmsd_it_429\upgmsd_it_429.exe" [2015-05-26 3286984]
.
c:\users\Aurora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Aurora\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-8-22 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\programdata\FlashBeat\FlashBeat32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 innfd_1_10_0_14;innfd_1_10_0_14;c:\windows\system32\drivers\innfd_1_10_0_14.sys;c:\windows\SYSNATIVE\drivers\innfd_1_10_0_14.sys [x]
R2 Chiavetta Internet Tre.it. RunOuc;Chiavetta Internet Tre.it. OUC;c:\program files (x86)\Chiavetta Internet Tre.it\UpdateDog\ouc.exe;c:\program files (x86)\Chiavetta Internet Tre.it\UpdateDog\ouc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gotofude;Online Dial-up;c:\users\Aurora\AppData\Local\D678AB00-1432830864-11DE-AEA9-00269E352224\cnsx5B25.tmp;c:\users\Aurora\AppData\Local\D678AB00-1432830864-11DE-AEA9-00269E352224\cnsx5B25.tmp [x]
R2 holyxuti;Magenta Background;c:\users\Aurora\AppData\Local\D678AB00-1432830882-11DE-AEA9-00269E352224\snsh9C47.tmp;c:\users\Aurora\AppData\Local\D678AB00-1432830882-11DE-AEA9-00269E352224\snsh9C47.tmp [x]
R2 pogifipi;Hands-free Question Mark;c:\users\Aurora\AppData\Roaming\D678AB00-1432823465-11DE-AEA9-00269E352224\jnsw8EDD.tmp;c:\users\Aurora\AppData\Roaming\D678AB00-1432823465-11DE-AEA9-00269E352224\jnsw8EDD.tmp [x]
R2 PowerOffer Service;Pos Service;c:\users\Aurora\AppData\Local\PosService\Pos.exe;c:\users\Aurora\AppData\Local\PosService\Pos.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\Aurora\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\Aurora\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 Update Edu App;Update Edu App;c:\program files (x86)\Edu App\updateEduApp.exe;c:\program files (x86)\Edu App\updateEduApp.exe [x]
R2 Update PacFunction;Update PacFunction;c:\program files (x86)\PacFunction\updatePacFunction.exe;c:\program files (x86)\PacFunction\updatePacFunction.exe [x]
R2 Util Edu App;Util Edu App;c:\program files (x86)\Edu App\bin\utilEduApp.exe;c:\program files (x86)\Edu App\bin\utilEduApp.exe [x]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 {36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64;{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64;c:\windows\system32\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64.sys;c:\windows\SYSNATIVE\drivers\{36ed28a4-ac0a-4653-91ff-10beb4246550}Gw64.sys [x]
S1 {848705a5-8a27-403e-9b59-732d0608bcbc}Gw64;{848705a5-8a27-403e-9b59-732d0608bcbc}Gw64;c:\windows\system32\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}Gw64.sys;c:\windows\SYSNATIVE\drivers\{848705a5-8a27-403e-9b59-732d0608bcbc}Gw64.sys [x]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]
S2 AUS;Auto Update Service;c:\program files (x86)\CandyBox\aus.exe;c:\program files (x86)\CandyBox\aus.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IHProtect Service;IHProtect Service;c:\program files (x86)\XTab\ProtectService.exe;c:\program files (x86)\XTab\ProtectService.exe [x]
S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 Log S.M.;Log Session Manager;c:\program files (x86)\CandyBox\cab.exe;c:\program files (x86)\CandyBox\cab.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 WaIEn Monitor;WaIEn Monitor;c:\program files\WaIEn\wajam_64.exe;c:\program files\WaIEn\wajam_64.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-05-29 c:\windows\Tasks\Bidaily Synchronize Task[3c32].job
- c:\programdata\{4b1487b5-0121-0470-4b14-487b50121ed4}\hqghumeaylnlf.exe [2014-05-28 14:31]
.
2015-05-29 c:\windows\Tasks\Bidaily Synchronize Task[74c7].job
- c:\programdata\{2755c150-36ad-1e39-2755-5c15036a0540}\hqghumeaylnlf.exe [2014-05-28 14:54]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29 12:06]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-29 12:06]
.
2015-05-29 c:\windows\Tasks\JJYMKAFR1.job
- c:\programdata\FlashBeat\FlashBeat.exe [2015-05-28 23:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\Aurora\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-12 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-12 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-12 365592]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1432824448&z=a3b7f068161dd014c8e8f76gcz0c4oabco8z5zfzdw&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&ts=1432824448&z=a3b7f068161dd014c8e8f76gcz0c4oabco8z5zfzdw&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134&q={searchTerms}
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432824421&z=1a03387f07e98859842ac73gaz4ceo6b6o1z9z5gct&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134&q={searchTerms}
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&ts=1432824448&z=a3b7f068161dd014c8e8f76gcz0c4oabco8z5zfzdw&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134
mStart Page = hxxp://www.mystartsearch.com/?type=hppp&ts=1432824448&z=a3b7f068161dd014c8e8f76gcz0c4oabco8z5zfzdw&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432824421&z=1a03387f07e98859842ac73gaz4ceo6b6o1z9z5gct&from=ima&uid=ST500LM011XHM501II_S24QJ9AC508134&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{F8D79880-7E1C-486C-AC8C-3AFC7DE16079}: NameServer = 81.218.119.5,82.163.142.130
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gotofude]
"ImagePath"="c:\users\Aurora\AppData\Local\D678AB00-1432830864-11DE-AEA9-00269E352224\cnsx5B25.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\holyxuti]
"ImagePath"="c:\users\Aurora\AppData\Local\D678AB00-1432830882-11DE-AEA9-00269E352224\snsh9C47.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pogifipi]
"ImagePath"="c:\users\Aurora\AppData\Roaming\D678AB00-1432823465-11DE-AEA9-00269E352224\jnsw8EDD.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2864101513-1128419510-4200347010-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,3b,1b,a1,de,02,
   3c,56,1b,bb,5d,82,12,41,d0,26,e7,8a,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c5,
   07,9e,ba,ec,0e,bc,9c,bb,17,8d,6c,fa,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,9f,
   6d,f6,62,4d,01,ae,f3,4a,fc,1c,7a,e4,6a
"{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}"=hex:51,66,7a,6c,4c,1d,3b,1b,e4,9c,e5,
   9c,47,de,ef,07,ac,b0,89,9d,d5,76,a2,d0
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,2a,
   8f,31,1e,d0,06,97,c6,10,24,77,4a,24,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,3b,1b,48,f1,42,
   b5,ee,53,fe,01,9a,39,8e,50,56,36,34,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,3b,1b,53,c2,73,
   b0,6b,2f,57,0a,af,f0,8f,26,b4,ef,67,49
"{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,3b,1b,ee,6e,57,
   d7,4e,b3,fa,0d,a2,2e,37,80,2f,6c,3b,5a
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,4e,
   35,c5,09,0a,0a,b1,a9,8e,e9,66,6c,05,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,82,1f,
   e0,69,9e,41,02,a6,31,d7,a9,28,94,12,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c2,f0,
   a2,56,90,bf,5d,a5,e7,41,e0,c8,48,f2,1b
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,06,09,
   81,e4,bc,84,07,a9,1f,e1,ed,b2,49,11,52
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,04,15,
   1f,d8,5b,36,06,9b,b8,1b,a4,19,0e,7e,d7
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,27,37,
   52,8d,3b,15,0b,89,ff,bc,9b,04,77,3e,61
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,84,92,
   87,1e,16,b2,05,80,dd,9d,c6,6a,aa,3a,a8
"{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,3b,1b,28,cb,f6,
   31,77,0a,f6,06,ad,bc,55,2b,f9,40,26,2f
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2015-05-29  22:54:11
ComboFix-quarantined-files.txt  2015-05-29 20:54
ComboFix2.txt  2015-05-29 19:44
.
Pre-Run: 131.934.593.024 byte disponibili
Post-Run: 131.609.161.728 byte disponibili
.
- - End Of File - - CE1C7C55DB94FA28B1EF1E741DF1E367
A36C5E4F47E84449FF07ED3517B43A31


BC AdBot (Login to Remove)

 


#2 livi83

livi83
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 29 May 2015 - 04:26 PM

hi 

I'm Livi, I'm Italian and my English is not very good. My pc is full of Malware. Please help me and my pc 



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:01 AM

Posted 31 May 2015 - 11:28 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi livi83,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:01 AM

Posted 07 June 2015 - 08:08 AM

Hi livi83,

 

How are you getting on?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:01 AM

Posted 12 June 2015 - 11:17 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users