Problema risolto Problema injection Windows 7
- Autore discussione ADA
- Data d'inizio
- 4 Gennaio 2010
- 287
- 0
- Miglior risposta
- 0
Riferimento: Problema injection Windows 7
@arthur
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\audiodh.exe
c:\users\utente\AppData\Roaming\chrtmp
c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-07 al 2011-09-07 )))))))))))))))))))))))))))))))))))
.
.
2011-09-05 23:58 . 2011-09-05 23:58 -------- d-----w- C:\Download
2011-09-05 23:58 . 2011-09-06 21:51 -------- d-----w- C:\Nexon
2011-09-05 23:58 . 2011-09-05 23:58 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2011-09-05 23:39 . 2011-09-05 23:46 -------- d-----w- C:\Fraps
2011-09-05 18:00 . 2011-09-05 18:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-09-03 10:47 . 2011-09-03 10:47 -------- d-----w- c:\users\utente\AppData\Roaming\TeamViewer
2011-09-03 01:29 . 2011-09-03 01:29 -------- d-----w- c:\windows\Sun
2011-09-01 22:18 . 2011-09-01 22:18 -------- d-----w- c:\users\utente\AppData\Roaming\Macrovision
2011-09-01 21:17 . 2007-11-05 09:56 112512 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-01 21:17 . 2011-09-01 21:17 -------- d-----w- c:\users\utente\AppData\Local\Programs
2011-09-01 21:17 . 2011-09-01 21:17 -------- d-----w- c:\programdata\Macrovision
2011-09-01 21:16 . 2011-09-01 21:16 -------- d-----w- c:\users\utente\AppData\Local\Downloaded Installations
2011-08-31 23:32 . 2011-08-31 23:44 -------- d-----w- C:\SG Interactive
2011-08-31 23:22 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\AppData\Local\PMB Files
2011-08-31 23:22 . 2011-08-31 23:22 -------- d-----w- c:\programdata\PMB Files
2011-08-31 16:07 . 2011-08-31 22:17 -------- d-----w- c:\users\utente\AppData\Roaming\FileZilla
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\Application Updater
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\IObit Toolbar
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-08-30 21:49 . 2011-08-30 21:49 -------- d-----w- c:\programdata\IObit
2011-08-30 21:49 . 2011-08-30 21:49 -------- d-----w- c:\program files (x86)\IObit
2011-08-30 21:48 . 2011-08-30 21:49 -------- d-----w- c:\program files\CCleaner
2011-08-30 13:26 . 2011-08-30 13:26 -------- d-----w- c:\program files (x86)\TeamViewer
2011-08-30 13:24 . 2011-08-30 13:24 -------- d-----w- c:\users\utente\AppData\Local\Mozilla
2011-08-27 17:26 . 2011-08-27 17:57 -------- d-----w- c:\users\utente\AppData\Roaming\TS3Client
2011-08-27 17:23 . 2011-08-27 17:23 -------- d-----w- c:\users\utente\AppData\Local\TeamSpeak 3 Client
2011-08-26 10:15 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\Tracing
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Local\Cyberlink
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Roaming\CyberLink
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Roaming\PowerCinema
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Local\PowerCinema
2011-08-24 11:21 . 2011-08-31 10:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-24 08:35 . 2011-08-24 09:55 -------- d-----w- c:\program files (x86)\Pando Networks
2011-08-24 08:34 . 2007-07-19 16:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2011-08-24 08:34 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2011-08-24 08:34 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-08-24 08:34 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-08-24 08:19 . 2011-08-25 13:41 -------- d-----w- c:\program files (x86)\GamersFirst
2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\users\Public\OEM
2011-08-24 08:11 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\AppData\Roaming\Skype
2011-08-24 08:11 . 2011-08-24 08:11 -------- d-----r- c:\program files (x86)\Skype
2011-08-24 07:57 . 2011-08-24 07:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-24 07:55 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-24 07:55 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-24 07:55 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-24 07:55 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-24 07:55 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 07:55 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 07:53 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-24 07:49 . 2011-08-24 08:11 -------- d-----w- c:\programdata\Skype
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files (x86)\JRE
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-08-23 18:24 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-23 18:24 . 2011-08-24 07:56 -------- d-----w- c:\program files (x86)\Java
2011-08-23 17:48 . 2011-08-23 17:48 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-23 17:48 . 2011-08-23 17:48 -------- d-----w- c:\windows\system32\Wat
2011-08-23 17:32 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-08-23 17:32 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-08-23 17:31 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-23 17:31 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-08-23 17:31 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-23 17:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-23 17:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-08-23 17:29 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-08-23 17:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-08-23 17:29 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-08-23 17:29 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-23 17:28 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-08-23 17:28 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-08-23 17:28 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-08-23 17:28 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-23 17:28 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-08-23 17:28 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-08-23 17:28 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-08-23 17:28 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-08-23 17:28 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-08-23 17:28 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-08-23 17:27 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-23 17:27 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-08-23 17:27 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-08-23 17:27 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-08-23 17:27 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-08-23 17:27 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-08-23 17:26 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-08-23 17:26 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-08-23 17:26 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-08-23 17:26 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-23 17:26 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-08-23 17:26 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-08-23 17:26 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-08-23 17:26 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-08-23 17:26 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-08-23 17:26 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-08-23 17:26 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-08-23 17:26 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-08-23 17:25 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-23 17:25 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-23 17:25 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-23 17:24 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-08-23 17:24 . 2010-03-04 07:57 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-23 17:24 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-08-23 17:24 . 2010-03-04 07:33 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-08-23 17:24 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-08-23 17:24 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-23 17:24 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-23 17:23 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-23 17:23 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-23 17:21 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-23 17:21 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-23 17:19 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-08-23 17:19 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2011-08-23 17:19 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-08-23 17:19 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-08-23 17:19 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-23 17:19 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-08-23 17:19 . 2011-08-23 17:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-23 17:17 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-23 17:17 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-23 17:17 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-23 17:17 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-23 17:17 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-23 17:17 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-23 17:17 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-23 17:17 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-23 17:17 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-24 07:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-31 3077528]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-02-05 124136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 135664]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\utente\AppData\Local\Temp\00598F6.tmp [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Servizio Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - mfeavfk01
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 22:06]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 22:06]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817901677-2389514277-2486069845-1000Core.job
- c:\users\utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:12]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817901677-2389514277-2486069845-1000UA.job
- c:\users\utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_m5910&r=17360211c205pe436v1h5w6861u72r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_m5910&r=17360211c205pe436v1h5w6861u72r
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\yhgiucpw.default\
FF - prefs.js: network.proxy.type - 1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Windows Graphisolierung für Audiohdgeräte - c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
Toolbar-Locked - (no file)
HKLM-Run-Windows Graphisolierung für Audiohdgeräte - c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\utente\AppData\Local\Temp\00598F6.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-07 11:00:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-07 09:00
.
Pre-Run: 439.901.769.728 byte disponibili
Post-Run: 439.359.635.456 byte disponibili
.
- - End Of File - - 19E775CED3FFAEA4072D70BBEF927CF9
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\programdata\FullRemove.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\audiodh.exe
c:\users\utente\AppData\Roaming\chrtmp
c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2011-08-07 al 2011-09-07 )))))))))))))))))))))))))))))))))))
.
.
2011-09-05 23:58 . 2011-09-05 23:58 -------- d-----w- C:\Download
2011-09-05 23:58 . 2011-09-06 21:51 -------- d-----w- C:\Nexon
2011-09-05 23:58 . 2011-09-05 23:58 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2011-09-05 23:39 . 2011-09-05 23:46 -------- d-----w- C:\Fraps
2011-09-05 18:00 . 2011-09-05 18:00 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-09-03 10:47 . 2011-09-03 10:47 -------- d-----w- c:\users\utente\AppData\Roaming\TeamViewer
2011-09-03 01:29 . 2011-09-03 01:29 -------- d-----w- c:\windows\Sun
2011-09-01 22:18 . 2011-09-01 22:18 -------- d-----w- c:\users\utente\AppData\Roaming\Macrovision
2011-09-01 21:17 . 2007-11-05 09:56 112512 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-01 21:17 . 2011-09-01 21:17 -------- d-----w- c:\users\utente\AppData\Local\Programs
2011-09-01 21:17 . 2011-09-01 21:17 -------- d-----w- c:\programdata\Macrovision
2011-09-01 21:16 . 2011-09-01 21:16 -------- d-----w- c:\users\utente\AppData\Local\Downloaded Installations
2011-08-31 23:32 . 2011-08-31 23:44 -------- d-----w- C:\SG Interactive
2011-08-31 23:22 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\AppData\Local\PMB Files
2011-08-31 23:22 . 2011-08-31 23:22 -------- d-----w- c:\programdata\PMB Files
2011-08-31 16:07 . 2011-08-31 22:17 -------- d-----w- c:\users\utente\AppData\Roaming\FileZilla
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\Application Updater
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\IObit Toolbar
2011-08-30 21:50 . 2011-08-30 21:50 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-08-30 21:49 . 2011-08-30 21:49 -------- d-----w- c:\programdata\IObit
2011-08-30 21:49 . 2011-08-30 21:49 -------- d-----w- c:\program files (x86)\IObit
2011-08-30 21:48 . 2011-08-30 21:49 -------- d-----w- c:\program files\CCleaner
2011-08-30 13:26 . 2011-08-30 13:26 -------- d-----w- c:\program files (x86)\TeamViewer
2011-08-30 13:24 . 2011-08-30 13:24 -------- d-----w- c:\users\utente\AppData\Local\Mozilla
2011-08-27 17:26 . 2011-08-27 17:57 -------- d-----w- c:\users\utente\AppData\Roaming\TS3Client
2011-08-27 17:23 . 2011-08-27 17:23 -------- d-----w- c:\users\utente\AppData\Local\TeamSpeak 3 Client
2011-08-26 10:15 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\Tracing
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Local\Cyberlink
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Roaming\CyberLink
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Roaming\PowerCinema
2011-08-25 00:38 . 2011-08-25 00:38 -------- d-----w- c:\users\utente\AppData\Local\PowerCinema
2011-08-24 11:21 . 2011-08-31 10:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-24 08:35 . 2011-08-24 09:55 -------- d-----w- c:\program files (x86)\Pando Networks
2011-08-24 08:34 . 2007-07-19 16:14 444776 ----a-w- c:\windows\SysWow64\d3dx10_35.dll
2011-08-24 08:34 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\SysWow64\D3DCompiler_35.dll
2011-08-24 08:34 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2011-08-24 08:34 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2011-08-24 08:19 . 2011-08-25 13:41 -------- d-----w- c:\program files (x86)\GamersFirst
2011-08-24 08:14 . 2011-08-24 08:14 -------- d-----w- c:\users\Public\OEM
2011-08-24 08:11 . 2011-09-07 08:56 -------- d-----w- c:\users\utente\AppData\Roaming\Skype
2011-08-24 08:11 . 2011-08-24 08:11 -------- d-----r- c:\program files (x86)\Skype
2011-08-24 07:57 . 2011-08-24 07:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-24 07:55 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-24 07:55 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-24 07:55 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-08-24 07:55 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-08-24 07:55 . 2011-07-09 05:14 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 07:55 . 2011-07-09 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-24 07:53 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-08-24 07:49 . 2011-08-24 08:11 -------- d-----w- c:\programdata\Skype
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files (x86)\JRE
2011-08-23 18:25 . 2011-08-23 18:25 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2011-08-23 18:24 . 2011-05-04 02:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-23 18:24 . 2011-08-24 07:56 -------- d-----w- c:\program files (x86)\Java
2011-08-23 17:48 . 2011-08-23 17:48 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-23 17:48 . 2011-08-23 17:48 -------- d-----w- c:\windows\system32\Wat
2011-08-23 17:32 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-08-23 17:32 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-08-23 17:31 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-08-23 17:31 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-08-23 17:31 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-23 17:30 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2011-08-23 17:30 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2011-08-23 17:29 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-08-23 17:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-08-23 17:29 . 2011-02-26 06:23 2870272 ----a-w- c:\windows\explorer.exe
2011-08-23 17:29 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\SysWow64\explorer.exe
2011-08-23 17:28 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-08-23 17:28 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-08-23 17:28 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-08-23 17:28 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-23 17:28 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-08-23 17:28 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-08-23 17:28 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-08-23 17:28 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-08-23 17:28 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2011-08-23 17:28 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2011-08-23 17:27 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-23 17:27 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-08-23 17:27 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2011-08-23 17:27 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2011-08-23 17:27 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-08-23 17:27 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2011-08-23 17:26 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-08-23 17:26 . 2010-11-02 05:17 473600 ----a-w- c:\windows\system32\taskcomp.dll
2011-08-23 17:26 . 2010-11-02 05:17 1169408 ----a-w- c:\windows\system32\taskschd.dll
2011-08-23 17:26 . 2010-11-02 05:16 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2011-08-23 17:26 . 2010-11-02 05:10 464384 ----a-w- c:\windows\system32\taskeng.exe
2011-08-23 17:26 . 2010-11-02 05:10 285696 ----a-w- c:\windows\system32\schtasks.exe
2011-08-23 17:26 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2011-08-23 17:26 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2011-08-23 17:26 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2011-08-23 17:26 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2011-08-23 17:26 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-08-23 17:26 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-08-23 17:25 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-23 17:25 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-23 17:25 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-23 17:24 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-08-23 17:24 . 2010-03-04 07:57 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-23 17:24 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2011-08-23 17:24 . 2010-03-04 07:33 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-08-23 17:24 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2011-08-23 17:24 . 2010-08-04 07:05 288256 ----a-w- c:\windows\system32\MSNP.ax
2011-08-23 17:24 . 2010-08-04 06:15 204288 ----a-w- c:\windows\SysWow64\MSNP.ax
2011-08-23 17:23 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-23 17:23 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-23 17:21 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-23 17:21 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-08-23 17:19 . 2010-08-21 06:36 340992 ----a-w- c:\windows\system32\schannel.dll
2011-08-23 17:19 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2011-08-23 17:19 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-08-23 17:19 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-08-23 17:19 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-23 17:19 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2011-08-23 17:19 . 2011-08-23 17:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-23 17:17 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-08-23 17:17 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-08-23 17:17 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-23 17:17 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-08-23 17:17 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-08-23 17:17 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-23 17:17 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-23 17:17 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-08-23 17:17 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-16 04:32 . 2011-08-24 07:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-31 3077528]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-02-05 124136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 135664]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-02-01 305520]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va005;X6va005;c:\users\utente\AppData\Local\Temp\00598F6.tmp [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-08-17 402328]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Servizio Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - mfeavfk01
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 22:06]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-23 22:06]
.
2011-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817901677-2389514277-2486069845-1000Core.job
- c:\users\utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:12]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-817901677-2389514277-2486069845-1000UA.job
- c:\users\utente\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-24 22:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-24 9642528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_m5910&r=17360211c205pe436v1h5w6861u72r
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_m5910&r=17360211c205pe436v1h5w6861u72r
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\yhgiucpw.default\
FF - prefs.js: network.proxy.type - 1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Windows Graphisolierung für Audiohdgeräte - c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
Toolbar-Locked - (no file)
HKLM-Run-Windows Graphisolierung für Audiohdgeräte - c:\users\utente\AppData\Roaming\Microsoft\Windows\Templates\audiodh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\utente\AppData\Local\Temp\00598F6.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\utente\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Ora fine scansione: 2011-09-07 11:00:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-09-07 09:00
.
Pre-Run: 439.901.769.728 byte disponibili
Post-Run: 439.359.635.456 byte disponibili
.
- - End Of File - - 19E775CED3FFAEA4072D70BBEF927CF9
@arthur
Ultima modifica da un moderatore:
System32
Utente Stellare
Riferimento: Problema injection Windows 7
Metto il log dentro lo spoiler così non occupa mezza pagina.
Sì.
Metto il log dentro lo spoiler così non occupa mezza pagina.
Sì.
System32
Utente Stellare
Riferimento: Problema injection Windows 7
Devi vedere se ti spunta ancora quel messaggio di errore.
Devi vedere se ti spunta ancora quel messaggio di errore.