ComboFix 14-03-13.01 - Leonardo 14/03/2014 19:42:33.1.2 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2047.1375 [GMT 1:00]
Eseguito da: c:\users\Leonardo\Desktop\abc.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2014-02-14 al 2014-03-14 )))))))))))))))))))))))))))))))))))
.
.
2014-03-14 18:46 . 2014-03-14 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-09 12:24 . 2014-03-09 12:24 -------- d-----w- c:\programdata\AVG Secure Search
2014-02-13 14:07 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2014-03-12 19:17 . 2013-10-06 14:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-12 19:17 . 2013-10-06 14:15 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-09 12:24 . 2013-10-06 14:38 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-03-09 12:24 3461144 ----a-w- c:\program files\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.0.0.248\AVG Secure Search_toolbar.dll" [2014-03-09 3461144]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-14 20587680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-03-09 2539544]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview. exe" [2013-10-09 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2011-05-22 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-08 250080]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-04-11 302368]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [2012-12-05 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2013-10-15 5175856]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [2014-01-03 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-01-03 1748640]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R2 vToolbarUpdater18.0.0;vToolbarUpdater18.0.0;c:\pro gram files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.0\ToolbarUpdater.exe [2014-03-09 1759768]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIV ERS\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIV ERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\ avgidsshimx.sys [2011-12-23 17232]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2011-06-08 1215552]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2013-10-06 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgi dshx.sys [2012-04-19 24896]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
S0 oem-drv86;OEM-SLP2.1 Driver (HPD86);c:\windows\system32\DRIVERS\oem-drv86.sys [2013-10-06 8704]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.s ys [2014-03-09 42784]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2013-10-06 19:17]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 151.99.125.2 151.99.125.3
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.0\ViProtocol.dll
FF - ProfilePath - c:\users\Leonardo\AppData\Roaming\Mozilla\Firefox\ Profiles\kcab0u0n.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.it/
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-03-14 19:48:08
ComboFix-quarantined-files.txt 2014-03-14 18:48
.
Pre-Run: 971.729.350.656 byte disponibili
Post-Run: 971.335.622.656 byte disponibili
.
- - End Of File - - F4698D49FAD732CD8F6FD449F9FAC46F
A36C5E4F47E84449FF07ED3517B43A31
Rispondi quotando