Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
help! dllhost.exe Com Surrogate virus damaged system
Message
<blockquote data-quote="Adry" data-source="post: 516388" data-attributes="member: 53210"><p>Hello!</p><p>I had some time to perform additional scans after chkdsk.</p><p>Again adwcleaner then with combofix and Rkill</p><p>Now some program it opens correctly but I still not have audio from files and from browser; multiple processes dllhost.exe start when I open control panel and or other window function...</p><p>finally I still do not know why I can't attach the log file so I put in the follow....</p><p>best!</p><p>adriano</p><p></p><p>Controllo in corso del file system su C: Il file system è di tipo NTFS. L'etichetta del volume è OS. Il disco sarà ora controllato come pianificato. Il disco sarà ora controllato. Verifica dei file in corso (fase 1 di 5)... 420096 record di file elaborati. Verifica file completata. 2487 record di file di grandi dimensioni elaborati. 0 record file non validi elaborati. 0 record EA elaborati. 8645 record reparse elaborati. Verifica degli indici in corso (fase 2 di 5)... 581416 voci di indice elaborate. Verifica indici completata. 0 file non indicizzati analizzati. 0 file non indicizzati ripristinati. Verifica dei descrittori di sicurezza in corso (fase 3 di 5)... 420096 descrittori di protezione/SID di file elaborati. Pulizia di 207 voci inutilizzate dall'indice $SII del file 0x9. Pulizia di 207 voci inutilizzate dall'indice $SDH del file 0x9. Pulizia dei descrittori di sicurezza inutilizzati 207. Verifica descrittori di sicurezza completata. 80661 file di dati elaborati. CHKDSK sta verificando il journal USN... 37440536 byte USN elaborati. Verifica del journal USN completata. Verifica dei dati dei file in corso (fase 4 di 5))... Lettura non riuscita con stato 0xc00000b5 a offset 0x517950000 per 0x10000 byte. Lettura non riuscita con stato 0xc00000b5 a offset 0x51795a000 per 0x1000 byte. Impossibile sostituire i cluster danneggiati nel file 213526 di nome \hiberfil.sys. 420080 file elaborati. Verifica dei dati del file completata. CHKDSK sta verificando la spazio disponibile (fase 5 di 5)... Cluster liberi elaborati: 2961576. Verifica dello spazio disponibile completata. Aggiunta di 1 cluster danneggiati al file dei cluster danneggiati Correzione errori nella mappa di bit del volume. Correzioni apportate al file system. 78142463 KB di spazio totale su disco. 65520392 KB in 319627 file. 246312 KB in 80662 indici. 4 KB in settori danneggiati. 529451 KB in uso dal sistema. 65536 KB occupati dal file registro. 11846304 KB disponibili su disco. 4096 byte in ogni unità di allocazione. 19535615 unità totali di allocazione su disco. 2961576 unità di allocazione disponibili su disco. Informazioni interne: 00 69 06 00 ab 1b 06 00 dc bf 0b 00 00 00 00 00 .i.............. 70 02 00 00 c5 21 00 00 00 00 00 00 00 00 00 00 p....!.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Controllo del disco completato. Attendere il riavvio del computer. </p><p></p><p># AdwCleaner v5.200 - File registro eventi creato 15/06/2016 a 23:13:48</p><p># Aggiornato 14/06/2016 by ToolsLib</p><p># Database : 2016-06-15.2 [Server]</p><p># Sistema operativo : Windows 7 Home Premium Service Pack 1 (X64)</p><p># Nome utente : adry_ra - ADRY_RA-PC</p><p># In esecuzione da : C:\Users\adry_ra\Downloads\adwcleaner_5.200.exe</p><p># Opzione : Scansione</p><p># Supporto : <a href="https://toolslib.net/forum" target="_blank">ToolsLib</a></p><p></p><p>***** [ Servizi ] *****</p><p></p><p></p><p>***** [ Cartelle ] *****</p><p></p><p></p><p>***** [ File ] *****</p><p></p><p></p><p>***** [ DLL ] *****</p><p></p><p></p><p>***** [ WMI ] *****</p><p></p><p></p><p>***** [ Collegamenti ] *****</p><p></p><p></p><p>***** [ Attività pianificate ] *****</p><p></p><p></p><p>***** [ Registro ] *****</p><p></p><p>Chiave Trovato : HKU\S-1-5-21-3459282354-3617026214-509342545-1000\Software\Driver Pro</p><p></p><p>***** [ Browser web ] *****</p><p></p><p></p><p>*************************</p><p></p><p>C:\AdwCleaner\AdwCleaner[C1].txt - [4030 byte] - [11/06/2016 20:56:53]</p><p>C:\AdwCleaner\AdwCleaner[C2].txt - [1186 byte] - [11/06/2016 21:52:34]</p><p>C:\AdwCleaner\AdwCleaner[S1].txt - [4031 byte] - [11/06/2016 20:54:41]</p><p>C:\AdwCleaner\AdwCleaner[S2].txt - [1033 byte] - [11/06/2016 21:19:30]</p><p>C:\AdwCleaner\AdwCleaner[S3].txt - [1107 byte] - [11/06/2016 21:49:41]</p><p>C:\AdwCleaner\AdwCleaner[S4].txt - [1253 byte] - [12/06/2016 00:31:48]</p><p>C:\AdwCleaner\AdwCleaner[S5].txt - [1212 byte] - [15/06/2016 23:13:48]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1284 byte] ##########</p><p></p><p></p><p>Rkill 2.8.2 by Lawrence Abrams (Grinler)</p><p><a href="http://www.bleepingcomputer.com/" target="_blank">BleepingComputer</a></p><p>Copyright 2008-2016 BleepingComputer.com</p><p>More Information about Rkill can be found at this link:</p><p> <a href="http://www.bleepingcomputer.com/forums/topic308364.html" target="_blank">RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software</a></p><p></p><p>Program started at: 06/15/2016 11:07:22 PM in x64 mode.</p><p>Windows Version: Windows 7 Home Premium Service Pack 1</p><p></p><p>Checking for Windows services to stop:</p><p></p><p> * No malware services found to stop.</p><p></p><p>Checking for processes to terminate:</p><p></p><p> * No malware processes found to kill.</p><p></p><p>Checking Registry for malware related settings:</p><p></p><p> * No issues found in the Registry.</p><p></p><p>Resetting .EXE, .COM, & .BAT associations in the Windows Registry.</p><p></p><p>Performing miscellaneous checks:</p><p></p><p> * No issues found.</p><p></p><p>Checking Windows Service Integrity: </p><p></p><p> * TBS [Missing Service]</p><p></p><p>Searching for Missing Digital Signatures: </p><p></p><p> * No issues found.</p><p></p><p>Checking HOSTS File: </p><p></p><p> * No issues found.</p><p></p><p>Program finished at: 06/15/2016 11:11:41 PM</p><p>Execution time: 0 hours(s), 4 minute(s), and 19 seconds(s)</p><p></p><p></p><p> ComboFix 16-06-01.01 - adry_ra 16/06/2016 0:06.1.4 - x64</p><p>Eseguito da: c:\users\adry_ra\Downloads\abc.exe</p><p> * Creato nuovo punto di ripristino</p><p>.</p><p>. </p><p>((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\8094031.bat</p><p>c:\programdata\8094031.pad</p><p>c:\programdata\8094031.reg</p><p>c:\users\adry_ra\AppData\Local\uninst.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Creati Da 2016-05-15 al 2016-06-15 )))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp</p><p>2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp</p><p>2016-06-15 22:11 . 2016-06-15 22:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\offreg.1408.dll</p><p>2016-06-15 19:57 . 2016-06-15 19:57 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys</p><p>2016-06-13 21:13 . 2016-06-13 21:13 398152 ----a-w- c:\windows\system32\aswBoot.exe</p><p>2016-06-13 21:13 . 2016-06-13 21:13 52184 ----a-w- c:\windows\avastSS.scr</p><p>2016-06-13 00:59 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\mpengine.dll</p><p>2016-06-11 18:54 . 2016-06-15 21:16 -------- d-----w- C:\AdwCleaner</p><p>2016-06-10 17:48 . 2016-06-15 21:19 -------- d-----w- c:\windows\system32\wbem\repository</p><p>2016-06-10 17:43 . 2016-06-15 18:50 -------- d-----w- c:\program files\Zemana AntiMalware</p><p>2016-06-08 23:15 . 2016-06-15 19:56 -------- d-----w- c:\program files (x86)\Zemana AntiMalware</p><p>2016-06-08 23:15 . 2016-06-08 23:15 -------- d-----w- c:\users\adry_ra\AppData\Local\Zemana</p><p>2016-06-08 21:51 . 2016-06-08 21:54 -------- d-----w- C:\FRST</p><p>2016-06-08 21:41 . 2016-06-08 21:41 -------- d-----w- C:\sh4ldr</p><p>2016-06-08 21:39 . 2016-06-11 06:45 -------- d-----w- c:\program files\Enigma Software Group</p><p>2016-06-08 19:08 . 2016-06-08 19:32 -------- d-----w- c:\programdata\HitmanPro</p><p>2016-06-07 19:14 . 2016-06-07 19:14 -------- d-----w- C:\found.004</p><p>2016-06-06 21:02 . 2016-06-06 21:02 -------- d-----w- c:\users\adry_ra\AppData\Local\GWX</p><p>2016-06-06 18:33 . 2016-06-06 18:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware</p><p>2016-06-05 23:40 . 2016-06-15 21:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys</p><p>2016-06-05 23:39 . 2016-06-06 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2016-06-05 23:39 . 2016-06-05 23:39 -------- d-----w- c:\programdata\Malwarebytes</p><p>2016-06-05 23:39 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2016-06-05 23:39 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2016-06-05 23:39 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2016-05-29 07:11 . 2016-05-29 07:11 -------- d-----w- C:\found.003</p><p>2016-05-21 04:16 . 2016-05-21 04:16 -------- d-----w- C:\found.002</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2016-06-15 21:19 . 2010-06-24 18:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2016-06-13 21:13 . 2014-08-05 19:52 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys</p><p>2016-06-13 21:13 . 2014-01-18 08:55 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys</p><p>2016-06-13 21:13 . 2013-07-04 21:13 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys</p><p>2016-06-13 21:13 . 2013-07-04 21:13 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys</p><p>2016-06-13 21:13 . 2012-09-20 00:03 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys</p><p>2016-06-13 21:13 . 2011-12-19 19:03 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys</p><p>2016-06-13 21:13 . 2011-12-19 19:03 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys</p><p>2016-06-13 21:13 . 2011-12-19 19:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys</p><p>2016-06-13 21:13 . 2016-03-22 23:20 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys</p><p>2016-05-12 22:46 . 2013-04-10 19:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2016-05-12 22:46 . 2013-04-10 19:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2016-05-12 22:46 . 2016-05-12 22:46 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe</p><p>2016-04-23 17:08 . 2016-05-11 04:01 394960 ----a-w- c:\windows\system32\iedkcs32.dll</p><p>2016-04-23 05:25 . 2016-05-11 04:01 25816064 ----a-w- c:\windows\system32\mshtml.dll</p><p>2016-04-23 05:16 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb</p><p>2016-04-23 05:16 . 2016-05-11 04:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll</p><p>2016-04-23 05:01 . 2016-05-11 04:01 66560 ----a-w- c:\windows\system32\iesetup.dll</p><p>2016-04-23 05:00 . 2016-05-11 04:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll</p><p>2016-04-23 05:00 . 2016-05-11 04:01 417792 ----a-w- c:\windows\system32\html.iec</p><p>2016-04-23 05:00 . 2016-05-11 04:01 2893312 ----a-w- c:\windows\system32\iertutil.dll</p><p>2016-04-23 05:00 . 2016-05-11 04:01 571904 ----a-w- c:\windows\system32\vbscript.dll</p><p>2016-04-23 05:00 . 2016-05-11 04:01 88064 ----a-w- c:\windows\system32\MshtmlDac.dll</p><p>2016-04-23 04:52 . 2016-05-11 04:01 54784 ----a-w- c:\windows\system32\jsproxy.dll</p><p>2016-04-23 04:51 . 2016-05-11 04:01 34304 ----a-w- c:\windows\system32\iernonce.dll</p><p>2016-04-23 04:48 . 2016-05-11 04:01 615936 ----a-w- c:\windows\system32\ieui.dll</p><p>2016-04-23 04:47 . 2016-05-11 04:01 114688 ----a-w- c:\windows\system32\ieetwcollector.exe</p><p>2016-04-23 04:47 . 2016-05-11 04:01 144384 ----a-w- c:\windows\system32\ieUnatt.exe</p><p>2016-04-23 04:47 . 2016-05-11 04:01 814080 ----a-w- c:\windows\system32\jscript9diag.dll</p><p>2016-04-23 04:47 . 2016-05-11 04:01 817664 ----a-w- c:\windows\system32\jscript.dll</p><p>2016-04-23 04:46 . 2016-05-11 04:01 6052352 ----a-w- c:\windows\system32\jscript9.dll</p><p>2016-04-23 04:40 . 2016-05-11 04:01 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe</p><p>2016-04-23 04:36 . 2016-05-11 04:01 489984 ----a-w- c:\windows\system32\dxtmsft.dll</p><p>2016-04-23 04:29 . 2016-05-11 04:01 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll</p><p>2016-04-23 04:27 . 2016-05-11 04:01 107520 ----a-w- c:\windows\system32\inseng.dll</p><p>2016-04-23 04:25 . 2016-05-11 04:01 199680 ----a-w- c:\windows\system32\msrating.dll</p><p>2016-04-23 04:24 . 2016-05-11 04:01 92160 ----a-w- c:\windows\system32\mshtmled.dll</p><p>2016-04-23 04:21 . 2016-05-11 04:01 315392 ----a-w- c:\windows\system32\dxtrans.dll</p><p>2016-04-23 04:20 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb</p><p>2016-04-23 04:20 . 2016-05-11 04:01 152064 ----a-w- c:\windows\system32\occache.dll</p><p>2016-04-23 04:09 . 2016-05-11 04:01 262144 ----a-w- c:\windows\system32\webcheck.dll</p><p>2016-04-23 04:08 . 2016-05-11 04:01 497152 ----a-w- c:\windows\SysWow64\vbscript.dll</p><p>2016-04-23 04:08 . 2016-05-11 04:01 62464 ----a-w- c:\windows\SysWow64\iesetup.dll</p><p>2016-04-23 04:08 . 2016-05-11 04:01 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll</p><p>2016-04-23 04:07 . 2016-05-11 04:01 341504 ----a-w- c:\windows\SysWow64\html.iec</p><p>2016-04-23 04:07 . 2016-05-11 04:01 725504 ----a-w- c:\windows\system32\ie4uinit.exe</p><p>2016-04-23 04:07 . 2016-05-11 04:01 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll</p><p>2016-04-23 04:06 . 2016-05-11 04:01 806400 ----a-w- c:\windows\system32\msfeeds.dll</p><p>2016-04-23 04:06 . 2016-05-11 04:01 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll</p><p>2016-04-23 04:05 . 2016-05-11 04:01 2131968 ----a-w- c:\windows\system32\inetcpl.cpl</p><p>2016-04-23 04:00 . 2016-05-11 04:01 15415808 ----a-w- c:\windows\system32\ieframe.dll</p><p>2016-04-23 03:58 . 2016-05-11 04:01 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe</p><p>2016-04-23 03:58 . 2016-05-11 04:01 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll</p><p>2016-04-23 03:51 . 2016-05-11 04:01 2596864 ----a-w- c:\windows\system32\wininet.dll</p><p>2016-04-23 03:45 . 2016-05-11 04:01 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll</p><p>2016-04-23 03:39 . 2016-05-11 04:01 1547776 ----a-w- c:\windows\system32\urlmon.dll</p><p>2016-04-23 03:36 . 2016-05-11 04:01 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll</p><p>2016-04-23 03:30 . 2016-05-11 04:01 2056192 ----a-w- c:\windows\SysWow64\inetcpl.cpl</p><p>2016-04-23 03:30 . 2016-05-11 04:01 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll</p><p>2016-04-23 03:28 . 2016-05-11 04:01 800768 ----a-w- c:\windows\system32\ieapfltr.dll</p><p>2016-04-23 03:12 . 2016-05-11 04:01 2121216 ----a-w- c:\windows\SysWow64\wininet.dll</p><p>2016-04-21 13:05 . 2014-05-17 21:59 453288 ------w- c:\windows\system32\MpSigStub.exe</p><p>2016-04-14 13:49 . 2016-05-11 04:01 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll</p><p>2016-04-14 13:21 . 2016-05-11 04:01 647680 ----a-w- c:\windows\system32\d3d10level9.dll</p><p>2016-04-09 07:02 . 2016-05-11 04:00 631176 ----a-w- c:\windows\system32\winresume.efi</p><p>2016-04-09 07:01 . 2016-05-11 04:00 706280 ----a-w- c:\windows\system32\winload.efi</p><p>2016-04-09 07:01 . 2016-05-11 04:00 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe</p><p>2016-04-09 07:01 . 2016-05-11 04:00 154344 ----a-w- c:\windows\system32\drivers\ksecpkg.sys</p><p>2016-04-09 07:01 . 2016-05-11 04:00 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys</p><p>2016-04-09 07:01 . 2016-05-11 04:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys</p><p>2016-04-09 07:01 . 2016-05-11 04:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys</p><p>2016-04-09 06:59 . 2016-05-11 04:00 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe</p><p>2016-04-09 06:59 . 2016-05-11 04:00 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe</p><p>2016-04-09 06:59 . 2016-05-11 04:00 1732864 ----a-w- c:\windows\system32\ntdll.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 362496 ----a-w- c:\windows\system32\wow64win.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 243712 ----a-w- c:\windows\system32\wow64.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 215552 ----a-w- c:\windows\system32\winsrv.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 210432 ----a-w- c:\windows\system32\wdigest.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 13312 ----a-w- c:\windows\system32\wow64cpu.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:01 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 86528 ----a-w- c:\windows\system32\TSpkg.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 503808 ----a-w- c:\windows\system32\srcore.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 135680 ----a-w- c:\windows\system32\sspicli.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 28672 ----a-w- c:\windows\system32\sspisrv.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 50176 ----a-w- c:\windows\system32\srclient.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 1212928 ----a-w- c:\windows\system32\rpcrt4.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 344064 ----a-w- c:\windows\system32\schannel.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 190464 ----a-w- c:\windows\system32\rpchttp.dll</p><p>2016-04-09 06:58 . 2016-05-11 04:00 28160 ----a-w- c:\windows\system32\secur32.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 16384 ----a-w- c:\windows\system32\ntvdm64.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 312320 ----a-w- c:\windows\system32\ncrypt.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 316416 ----a-w- c:\windows\system32\msv1_0.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 60416 ----a-w- c:\windows\system32\msobjs.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 146432 ----a-w- c:\windows\system32\msaudite.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 1464320 ----a-w- c:\windows\system32\lsasrv.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 730624 ----a-w- c:\windows\system32\kerberos.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 419840 ----a-w- c:\windows\system32\KernelBase.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:00 1163264 ----a-w- c:\windows\system32\kernel32.dll</p><p>2016-04-09 06:57 . 2016-05-11 04:01 405504 ----a-w- c:\windows\system32\gdi32.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Nota* i valori vuoti & legittimi/default non sono visualizzati. </p><p>REGEDIT4</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-13 7405752]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"SoftwareSASGeneration"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x]</p><p>R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe [x]</p><p>R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]</p><p>R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]</p><p>R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 aswRvrt;avast! Revert; [x]</p><p>S0 aswVmm;avast! VM Monitor; [x]</p><p>S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]</p><p>S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]</p><p>S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]</p><p>S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]</p><p>S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x]</p><p>S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]</p><p>S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]</p><p>S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]</p><p>S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]</p><p>S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]</p><p>S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]</p><p>S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]</p><p>S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe;c:\program files\Zemana AntiMalware\ZAM.exe [x]</p><p>S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]</p><p>S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]</p><p>S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]</p><p>.</p><p>.</p><p>--- Altri Servizi/Drivers In Memoria ---</p><p>.</p><p>*NewlyCreated* - 53922776</p><p>*Deregistered* - 53922776</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</p><p>LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc</p><p>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]</p><p>2016-05-12 21:49 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe</p><p>.</p><p>Contenuto della cartella 'Scheduled Tasks'</p><p>.</p><p>2016-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 22:46]</p><p>.</p><p>2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19]</p><p>.</p><p>2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]</p><p>@="{472083B0-C522-11CF-8763-00608CC02F24}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]</p><p>2016-06-13 21:13 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]</p><p>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]</p><p>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418328]</p><p>"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]</p><p>"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-29 2188904]</p><p>.</p><p>------- Scansione supplementare -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = <a href="http://www.google.com" target="_blank">www.google.com</a></p><p>mLocal Page = c:\windows\SysWOW64\blank.htm</p><p>TCP: DhcpNameServer = 192.168.0.1</p><p>FF - ProfilePath - c:\users\adry_ra\AppData\Roaming\Mozilla\Firefox\Profiles\x257dgpw.default-1427238564896\</p><p>.</p><p>- - - - CHIAVI ORFANE RIMOSSE - - - -</p><p>.</p><p>Toolbar-Locked - (no file)</p><p>ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</p><p>ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</p><p>ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>Toolbar-Locked - (no file)</p><p>ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll</p><p>ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll</p><p>ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll</p><p>ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll</p><p>HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe</p><p>HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd</p><p>HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe</p><p>.</p><p>.</p><p>.</p><p>--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>Ora fine scansione: 2016-06-16 00:36:03</p><p>ComboFix-quarantined-files.txt 2016-06-15 22:36</p><p>.</p><p>Pre-Run: 11.946.233.856 byte disponibili</p><p>Post-Run: 11.999.227.904 byte disponibili</p><p>.</p><p>- - End Of File - - 43FF199D7A2CD1AFF6A29FE7AF5A04FC</p></blockquote><p></p>
[QUOTE="Adry, post: 516388, member: 53210"] Hello! I had some time to perform additional scans after chkdsk. Again adwcleaner then with combofix and Rkill Now some program it opens correctly but I still not have audio from files and from browser; multiple processes dllhost.exe start when I open control panel and or other window function... finally I still do not know why I can't attach the log file so I put in the follow.... best! adriano Controllo in corso del file system su C: Il file system è di tipo NTFS. L'etichetta del volume è OS. Il disco sarà ora controllato come pianificato. Il disco sarà ora controllato. Verifica dei file in corso (fase 1 di 5)... 420096 record di file elaborati. Verifica file completata. 2487 record di file di grandi dimensioni elaborati. 0 record file non validi elaborati. 0 record EA elaborati. 8645 record reparse elaborati. Verifica degli indici in corso (fase 2 di 5)... 581416 voci di indice elaborate. Verifica indici completata. 0 file non indicizzati analizzati. 0 file non indicizzati ripristinati. Verifica dei descrittori di sicurezza in corso (fase 3 di 5)... 420096 descrittori di protezione/SID di file elaborati. Pulizia di 207 voci inutilizzate dall'indice $SII del file 0x9. Pulizia di 207 voci inutilizzate dall'indice $SDH del file 0x9. Pulizia dei descrittori di sicurezza inutilizzati 207. Verifica descrittori di sicurezza completata. 80661 file di dati elaborati. CHKDSK sta verificando il journal USN... 37440536 byte USN elaborati. Verifica del journal USN completata. Verifica dei dati dei file in corso (fase 4 di 5))... Lettura non riuscita con stato 0xc00000b5 a offset 0x517950000 per 0x10000 byte. Lettura non riuscita con stato 0xc00000b5 a offset 0x51795a000 per 0x1000 byte. Impossibile sostituire i cluster danneggiati nel file 213526 di nome \hiberfil.sys. 420080 file elaborati. Verifica dei dati del file completata. CHKDSK sta verificando la spazio disponibile (fase 5 di 5)... Cluster liberi elaborati: 2961576. Verifica dello spazio disponibile completata. Aggiunta di 1 cluster danneggiati al file dei cluster danneggiati Correzione errori nella mappa di bit del volume. Correzioni apportate al file system. 78142463 KB di spazio totale su disco. 65520392 KB in 319627 file. 246312 KB in 80662 indici. 4 KB in settori danneggiati. 529451 KB in uso dal sistema. 65536 KB occupati dal file registro. 11846304 KB disponibili su disco. 4096 byte in ogni unità di allocazione. 19535615 unità totali di allocazione su disco. 2961576 unità di allocazione disponibili su disco. Informazioni interne: 00 69 06 00 ab 1b 06 00 dc bf 0b 00 00 00 00 00 .i.............. 70 02 00 00 c5 21 00 00 00 00 00 00 00 00 00 00 p....!.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Controllo del disco completato. Attendere il riavvio del computer. # AdwCleaner v5.200 - File registro eventi creato 15/06/2016 a 23:13:48 # Aggiornato 14/06/2016 by ToolsLib # Database : 2016-06-15.2 [Server] # Sistema operativo : Windows 7 Home Premium Service Pack 1 (X64) # Nome utente : adry_ra - ADRY_RA-PC # In esecuzione da : C:\Users\adry_ra\Downloads\adwcleaner_5.200.exe # Opzione : Scansione # Supporto : [URL="https://toolslib.net/forum"]ToolsLib[/URL] ***** [ Servizi ] ***** ***** [ Cartelle ] ***** ***** [ File ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Collegamenti ] ***** ***** [ Attività pianificate ] ***** ***** [ Registro ] ***** Chiave Trovato : HKU\S-1-5-21-3459282354-3617026214-509342545-1000\Software\Driver Pro ***** [ Browser web ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [4030 byte] - [11/06/2016 20:56:53] C:\AdwCleaner\AdwCleaner[C2].txt - [1186 byte] - [11/06/2016 21:52:34] C:\AdwCleaner\AdwCleaner[S1].txt - [4031 byte] - [11/06/2016 20:54:41] C:\AdwCleaner\AdwCleaner[S2].txt - [1033 byte] - [11/06/2016 21:19:30] C:\AdwCleaner\AdwCleaner[S3].txt - [1107 byte] - [11/06/2016 21:49:41] C:\AdwCleaner\AdwCleaner[S4].txt - [1253 byte] - [12/06/2016 00:31:48] C:\AdwCleaner\AdwCleaner[S5].txt - [1212 byte] - [15/06/2016 23:13:48] ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1284 byte] ########## Rkill 2.8.2 by Lawrence Abrams (Grinler) [URL="http://www.bleepingcomputer.com/"]BleepingComputer[/URL] Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: [URL="http://www.bleepingcomputer.com/forums/topic308364.html"]RKill - What it does and What it Doesn't - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software[/URL] Program started at: 06/15/2016 11:07:22 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * TBS [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/15/2016 11:11:41 PM Execution time: 0 hours(s), 4 minute(s), and 19 seconds(s) ComboFix 16-06-01.01 - adry_ra 16/06/2016 0:06.1.4 - x64 Eseguito da: c:\users\adry_ra\Downloads\abc.exe * Creato nuovo punto di ripristino . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\8094031.bat c:\programdata\8094031.pad c:\programdata\8094031.reg c:\users\adry_ra\AppData\Local\uninst.tmp . . ((((((((((((((((((((((((( Files Creati Da 2016-05-15 al 2016-06-15 ))))))))))))))))))))))))))))))))))) . . 2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2016-06-15 22:32 . 2016-06-15 22:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-06-15 22:11 . 2016-06-15 22:11 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\offreg.1408.dll 2016-06-15 19:57 . 2016-06-15 19:57 203680 ----a-w- c:\windows\system32\drivers\zamguard64.sys 2016-06-13 21:13 . 2016-06-13 21:13 398152 ----a-w- c:\windows\system32\aswBoot.exe 2016-06-13 21:13 . 2016-06-13 21:13 52184 ----a-w- c:\windows\avastSS.scr 2016-06-13 00:59 . 2016-05-26 20:28 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7202CE2C-BCEE-47BB-9557-B75A61E1077E}\mpengine.dll 2016-06-11 18:54 . 2016-06-15 21:16 -------- d-----w- C:\AdwCleaner 2016-06-10 17:48 . 2016-06-15 21:19 -------- d-----w- c:\windows\system32\wbem\repository 2016-06-10 17:43 . 2016-06-15 18:50 -------- d-----w- c:\program files\Zemana AntiMalware 2016-06-08 23:15 . 2016-06-15 19:56 -------- d-----w- c:\program files (x86)\Zemana AntiMalware 2016-06-08 23:15 . 2016-06-08 23:15 -------- d-----w- c:\users\adry_ra\AppData\Local\Zemana 2016-06-08 21:51 . 2016-06-08 21:54 -------- d-----w- C:\FRST 2016-06-08 21:41 . 2016-06-08 21:41 -------- d-----w- C:\sh4ldr 2016-06-08 21:39 . 2016-06-11 06:45 -------- d-----w- c:\program files\Enigma Software Group 2016-06-08 19:08 . 2016-06-08 19:32 -------- d-----w- c:\programdata\HitmanPro 2016-06-07 19:14 . 2016-06-07 19:14 -------- d-----w- C:\found.004 2016-06-06 21:02 . 2016-06-06 21:02 -------- d-----w- c:\users\adry_ra\AppData\Local\GWX 2016-06-06 18:33 . 2016-06-06 18:33 -------- d-----w- c:\program files\Malwarebytes Anti-Malware 2016-06-05 23:40 . 2016-06-15 21:24 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-06-05 23:39 . 2016-06-06 20:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-06-05 23:39 . 2016-06-05 23:39 -------- d-----w- c:\programdata\Malwarebytes 2016-06-05 23:39 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-06-05 23:39 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-06-05 23:39 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-05-29 07:11 . 2016-05-29 07:11 -------- d-----w- C:\found.003 2016-05-21 04:16 . 2016-05-21 04:16 -------- d-----w- C:\found.002 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-06-15 21:19 . 2010-06-24 18:33 24800 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2016-06-13 21:13 . 2014-08-05 19:52 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-06-13 21:13 . 2014-01-18 08:55 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-06-13 21:13 . 2013-07-04 21:13 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-06-13 21:13 . 2013-07-04 21:13 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2016-06-13 21:13 . 2012-09-20 00:03 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-06-13 21:13 . 2011-12-19 19:03 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys 2016-06-13 21:13 . 2011-12-19 19:03 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2016-06-13 21:13 . 2011-12-19 19:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2016-06-13 21:13 . 2016-03-22 23:20 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2016-05-12 22:46 . 2013-04-10 19:37 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-05-12 22:46 . 2013-04-10 19:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-05-12 22:46 . 2016-05-12 22:46 5995712 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2016-04-23 17:08 . 2016-05-11 04:01 394960 ----a-w- c:\windows\system32\iedkcs32.dll 2016-04-23 05:25 . 2016-05-11 04:01 25816064 ----a-w- c:\windows\system32\mshtml.dll 2016-04-23 05:16 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2016-04-23 05:16 . 2016-05-11 04:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2016-04-23 05:01 . 2016-05-11 04:01 66560 ----a-w- c:\windows\system32\iesetup.dll 2016-04-23 05:00 . 2016-05-11 04:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2016-04-23 05:00 . 2016-05-11 04:01 417792 ----a-w- c:\windows\system32\html.iec 2016-04-23 05:00 . 2016-05-11 04:01 2893312 ----a-w- c:\windows\system32\iertutil.dll 2016-04-23 05:00 . 2016-05-11 04:01 571904 ----a-w- c:\windows\system32\vbscript.dll 2016-04-23 05:00 . 2016-05-11 04:01 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2016-04-23 04:52 . 2016-05-11 04:01 54784 ----a-w- c:\windows\system32\jsproxy.dll 2016-04-23 04:51 . 2016-05-11 04:01 34304 ----a-w- c:\windows\system32\iernonce.dll 2016-04-23 04:48 . 2016-05-11 04:01 615936 ----a-w- c:\windows\system32\ieui.dll 2016-04-23 04:47 . 2016-05-11 04:01 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2016-04-23 04:47 . 2016-05-11 04:01 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2016-04-23 04:47 . 2016-05-11 04:01 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2016-04-23 04:47 . 2016-05-11 04:01 817664 ----a-w- c:\windows\system32\jscript.dll 2016-04-23 04:46 . 2016-05-11 04:01 6052352 ----a-w- c:\windows\system32\jscript9.dll 2016-04-23 04:40 . 2016-05-11 04:01 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2016-04-23 04:36 . 2016-05-11 04:01 489984 ----a-w- c:\windows\system32\dxtmsft.dll 2016-04-23 04:29 . 2016-05-11 04:01 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2016-04-23 04:27 . 2016-05-11 04:01 107520 ----a-w- c:\windows\system32\inseng.dll 2016-04-23 04:25 . 2016-05-11 04:01 199680 ----a-w- c:\windows\system32\msrating.dll 2016-04-23 04:24 . 2016-05-11 04:01 92160 ----a-w- c:\windows\system32\mshtmled.dll 2016-04-23 04:21 . 2016-05-11 04:01 315392 ----a-w- c:\windows\system32\dxtrans.dll 2016-04-23 04:20 . 2016-05-11 04:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2016-04-23 04:20 . 2016-05-11 04:01 152064 ----a-w- c:\windows\system32\occache.dll 2016-04-23 04:09 . 2016-05-11 04:01 262144 ----a-w- c:\windows\system32\webcheck.dll 2016-04-23 04:08 . 2016-05-11 04:01 497152 ----a-w- c:\windows\SysWow64\vbscript.dll 2016-04-23 04:08 . 2016-05-11 04:01 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2016-04-23 04:08 . 2016-05-11 04:01 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2016-04-23 04:07 . 2016-05-11 04:01 341504 ----a-w- c:\windows\SysWow64\html.iec 2016-04-23 04:07 . 2016-05-11 04:01 725504 ----a-w- c:\windows\system32\ie4uinit.exe 2016-04-23 04:07 . 2016-05-11 04:01 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2016-04-23 04:06 . 2016-05-11 04:01 806400 ----a-w- c:\windows\system32\msfeeds.dll 2016-04-23 04:06 . 2016-05-11 04:01 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2016-04-23 04:05 . 2016-05-11 04:01 2131968 ----a-w- c:\windows\system32\inetcpl.cpl 2016-04-23 04:00 . 2016-05-11 04:01 15415808 ----a-w- c:\windows\system32\ieframe.dll 2016-04-23 03:58 . 2016-05-11 04:01 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2016-04-23 03:58 . 2016-05-11 04:01 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2016-04-23 03:51 . 2016-05-11 04:01 2596864 ----a-w- c:\windows\system32\wininet.dll 2016-04-23 03:45 . 2016-05-11 04:01 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2016-04-23 03:39 . 2016-05-11 04:01 1547776 ----a-w- c:\windows\system32\urlmon.dll 2016-04-23 03:36 . 2016-05-11 04:01 4611072 ----a-w- c:\windows\SysWow64\jscript9.dll 2016-04-23 03:30 . 2016-05-11 04:01 2056192 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2016-04-23 03:30 . 2016-05-11 04:01 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2016-04-23 03:28 . 2016-05-11 04:01 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2016-04-23 03:12 . 2016-05-11 04:01 2121216 ----a-w- c:\windows\SysWow64\wininet.dll 2016-04-21 13:05 . 2014-05-17 21:59 453288 ------w- c:\windows\system32\MpSigStub.exe 2016-04-14 13:49 . 2016-05-11 04:01 603648 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2016-04-14 13:21 . 2016-05-11 04:01 647680 ----a-w- c:\windows\system32\d3d10level9.dll 2016-04-09 07:02 . 2016-05-11 04:00 631176 ----a-w- c:\windows\system32\winresume.efi 2016-04-09 07:01 . 2016-05-11 04:00 706280 ----a-w- c:\windows\system32\winload.efi 2016-04-09 07:01 . 2016-05-11 04:00 5546216 ----a-w- c:\windows\system32\ntoskrnl.exe 2016-04-09 07:01 . 2016-05-11 04:00 154344 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2016-04-09 07:01 . 2016-05-11 04:00 95464 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2016-04-09 07:01 . 2016-05-11 04:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2016-04-09 07:01 . 2016-05-11 04:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2016-04-09 06:59 . 2016-05-11 04:00 3998952 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2016-04-09 06:59 . 2016-05-11 04:00 3943144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2016-04-09 06:59 . 2016-05-11 04:00 1732864 ----a-w- c:\windows\system32\ntdll.dll 2016-04-09 06:58 . 2016-05-11 04:00 362496 ----a-w- c:\windows\system32\wow64win.dll 2016-04-09 06:58 . 2016-05-11 04:00 243712 ----a-w- c:\windows\system32\wow64.dll 2016-04-09 06:58 . 2016-05-11 04:00 215552 ----a-w- c:\windows\system32\winsrv.dll 2016-04-09 06:58 . 2016-05-11 04:00 210432 ----a-w- c:\windows\system32\wdigest.dll 2016-04-09 06:58 . 2016-05-11 04:00 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2016-04-09 06:58 . 2016-05-11 04:01 2048 ----a-w- c:\windows\system32\tzres.dll 2016-04-09 06:58 . 2016-05-11 04:00 86528 ----a-w- c:\windows\system32\TSpkg.dll 2016-04-09 06:58 . 2016-05-11 04:00 503808 ----a-w- c:\windows\system32\srcore.dll 2016-04-09 06:58 . 2016-05-11 04:00 135680 ----a-w- c:\windows\system32\sspicli.dll 2016-04-09 06:58 . 2016-05-11 04:00 28672 ----a-w- c:\windows\system32\sspisrv.dll 2016-04-09 06:58 . 2016-05-11 04:00 50176 ----a-w- c:\windows\system32\srclient.dll 2016-04-09 06:58 . 2016-05-11 04:00 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2016-04-09 06:58 . 2016-05-11 04:00 1212928 ----a-w- c:\windows\system32\rpcrt4.dll 2016-04-09 06:58 . 2016-05-11 04:00 344064 ----a-w- c:\windows\system32\schannel.dll 2016-04-09 06:58 . 2016-05-11 04:00 190464 ----a-w- c:\windows\system32\rpchttp.dll 2016-04-09 06:58 . 2016-05-11 04:00 28160 ----a-w- c:\windows\system32\secur32.dll 2016-04-09 06:57 . 2016-05-11 04:00 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2016-04-09 06:57 . 2016-05-11 04:00 312320 ----a-w- c:\windows\system32\ncrypt.dll 2016-04-09 06:57 . 2016-05-11 04:00 316416 ----a-w- c:\windows\system32\msv1_0.dll 2016-04-09 06:57 . 2016-05-11 04:00 60416 ----a-w- c:\windows\system32\msobjs.dll 2016-04-09 06:57 . 2016-05-11 04:00 146432 ----a-w- c:\windows\system32\msaudite.dll 2016-04-09 06:57 . 2016-05-11 04:00 1464320 ----a-w- c:\windows\system32\lsasrv.dll 2016-04-09 06:57 . 2016-05-11 04:00 730624 ----a-w- c:\windows\system32\kerberos.dll 2016-04-09 06:57 . 2016-05-11 04:00 419840 ----a-w- c:\windows\system32\KernelBase.dll 2016-04-09 06:57 . 2016-05-11 04:00 1163264 ----a-w- c:\windows\system32\kernel32.dll 2016-04-09 06:57 . 2016-05-11 04:01 405504 ----a-w- c:\windows\system32\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-13 7405752] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam64.sys;c:\windows\SYSNATIVE\drivers\zam64.sys [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe;c:\program files\McAfee Security Scan\3.11.309\McCHSvc.exe [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard64.sys;c:\windows\SYSNATIVE\drivers\zamguard64.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe;c:\program files\Zemana AntiMalware\ZAM.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - 53922776 *Deregistered* - 53922776 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-05-12 21:49 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.102\Installer\chrmstp.exe . Contenuto della cartella 'Scheduled Tasks' . 2016-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 22:46] . 2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19] . 2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06 04:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-06-13 21:13 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418328] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-29 2188904] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = [URL="http://www.google.com"]www.google.com[/URL] mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\adry_ra\AppData\Roaming\Mozilla\Firefox\Profiles\x257dgpw.default-1427238564896\ . - - - - CHIAVI ORFANE RIMOSSE - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\adry_ra\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll HKLM-Run-ASUS WebStorage - c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2016-06-16 00:36:03 ComboFix-quarantined-files.txt 2016-06-15 22:36 . Pre-Run: 11.946.233.856 byte disponibili Post-Run: 11.999.227.904 byte disponibili . - - End Of File - - 43FF199D7A2CD1AFF6A29FE7AF5A04FC [/QUOTE]
Insert quotes…
Verification
Post reply
Top