Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Trojan.agent in HKLM\ è [LOG] ComboFix

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Andrexli » gio gen 09, 2014 1:44 pm

Salve ragazzi sono Andrea da Livorno, prima di tutto ringrazio tutti coloro che hanno creato e si rendono partecipi in questo sito e forum che già un paio di volte mi ha tolto di mezzo alcune stranezze nel mio pc. E' la prima volta che scrivo per chiedervi aiuto, precedentemente ho sempre trovato soluzioni ai problemi utilizzando il cerca. Ora però il problema non riesco a risolverlo utilizzando le vostre divine guide.
Sul mio pc fisso con Windows 7 Home Premium e, utilizzando come browser internet Explorer, avevo installato una versione di prova di AVG. Scaduto il tempo di prova, ho ignorato per alcuni giorni l'invito a rinnovare e questo è stato per me fatale. Navigando su un sito, mi sono visto chiudere tutte le finestre, spegnere il pc, e riavviare da solo. Alchè ho fatto subito una scansione con Malware antimalware che avevo già presente sul Pc. Mi trova alcuni Trojan, li elimino e riavvio. Una volta riavviato mi metto subito alla ricerca di un nuovo antivirus da installare, ma aimè il pc non mi permette l'installazione. Riesco a scaricarli, ma al momento dell'installazione mi dà errore che vedremo più avanti. Provo quindi in modalità provvisoria ma niente, stesso problema. Rifaccio una scansione con malware anti.. e il trojan è di nuovo lì: (Trojan.Agent , registry value HKLM\Software\Microsoft\Windows\Current version\Policies\Explorer\Run|3744). Provo quindi a farmi un disco di ripristino preparandomi alla formattazione, ma anche qua il pc non me lo permette. Armato quindi di Vostra giuda, con il pc del lavoro mi scarico su pennetta Avira Antivir, Combofix e Hijackthis. Dopo aver disattivato "Ripristino configurazione di sistema" scarico in modalità provv i programmi sul pc e parto con l'installazione. Avira però mi da subito un messaggio di errore: "C:\users\utente\appdata\local\temp\rarsfx0" Verzeichnis kann nicht angesprochen werden. Premo OK e non succede altro. Ho provato quindi a disattivare in modalità normale i servizi relativi, ma nella mia finestra non compare "Servizio trasferimento intelligente in background", "Windows defender" e neanche "Windows update". Quindi Avira non riesco ad utilizzarlo.
In provvisoria faccio scansione con Malware Anti-Malware, che mi ritrova il solito trojan, e poi proseguo con l'utilizzo di Combofix, che procede fino alla fine generando il file di log. Proseguo poi con Hijackthis ma al momento dell'installazione mi compare questa finestra di errore:" Run-time error '481' Invalid Picture". A questo punto non so come procedere, intanto metto il log di combofix, e se qualche anima nobile mi aiuta lo ringrazio tanto :-) .

ComboFix 14-01-04.03 - Utente 08/01/2014 21:50:19.1.2 - x64 NETWORK
Eseguito da: C:\Users\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active



((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\9519~1\A535~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\@
C:\Program Files (x86)\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\9519~1\A535~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\L\00000004.@
C:\Program Files (x86)\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\9519~1\A535~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\L\76603ac3
C:\Program Files (x86)\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\9519~1\A535~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\U\00000004.@
C:\Program Files (x86)\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\9519~1\A535~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\U\00000008.@
C:\Program Files (x86)\WinRAR\Leggimi.Txt
C:\Program Files (x86)\WinRAR\Leggimi_1a.Txt
C:\Program Files (x86)\WinRAR\Licenza.Txt
C:\Program Files (x86)\WinRAR\NoteTecniche.Txt
C:\Program Files (x86)\WinRAR\Ordin.htm
C:\Program Files (x86)\WinRAR\Ordina.htm
C:\Program Files (x86)\WinRAR\SorgUnRAR.Txt
C:\ProgramData\Local Settings\Temp
C:\Users\Utente\AppData\Local\cygwin1.dll
C:\Users\Utente\AppData\Local\Google\Desktop\Install
C:\Users\Utente\AppData\Local\Google\Desktop\Install\{8be8d218-b518-3efe-d751-86471f1c36fa}\2E2F~1\28F0~1\E628~1\{8be8d218-b518-3efe-d751-86471f1c36fa}\@
C:\Users\Utente\AppData\Local\wuauclt.exe
C:\Users\Utente\AppData\Roaming\7go.ico


((((((((((((((((((((((((( Files Creati Da 2013-12-08 al 2014-01-08 )))))))))))))))))))))))))))))))))))


2014-01-08 20:54:48 . 2014-01-08 20:54:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2014-01-07 21:09:05 . 2014-01-07 21:09:05 422216 ----a-w- C:\Windows\system32\drivers\xinwaihy.sys
2014-01-07 21:09:04 . 2014-01-07 21:09:04 -------- d-----w- C:\ProgramData\AVAST Software
2013-12-30 20:38:46 . 2013-12-30 20:38:47 -------- d-----w- C:\Windows\7zS6637.tmp
2013-12-30 19:34:47 . 2013-12-30 19:34:47 422216 ----a-w- C:\Windows\system32\drivers\fefnpaue.sys
2013-12-30 18:32:51 . 2013-12-30 18:32:51 422216 ----a-w- C:\Windows\system32\drivers\llrowzja.sys
2013-12-30 17:54:53 . 2013-12-30 17:54:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2013-12-30 17:21:29 . 2013-12-30 17:21:29 422216 ----a-w- C:\Windows\system32\drivers\mwxpjilt.sys
2013-12-30 14:47:50 . 2013-12-30 14:47:50 422216 ----a-w- C:\Windows\system32\drivers\zhfvymlc.sys
2013-12-30 14:42:54 . 2013-12-30 14:42:54 422216 ----a-w- C:\Windows\system32\drivers\mbufbarj.sys
2013-12-30 14:38:24 . 2013-12-30 14:38:24 422216 ----a-w- C:\Windows\system32\drivers\avwqopgy.sys
2013-12-30 14:37:25 . 2013-12-30 14:37:25 422216 ----a-w- C:\Windows\system32\drivers\coykfbcl.sys
2013-12-30 12:51:13 . 2013-12-30 12:51:13 79824 ----a-w- C:\Windows\system32\drivers\201ffaf37a80d188.sys
2013-12-30 12:50:15 . 2014-01-08 20:54:27 -------- d-----w- C:\ProgramData\Local Settings
2013-12-19 09:14:12 . 2013-12-30 12:59:01 -------- d-----w- C:\Users\Utente\AppData\Roaming\VSStore
2013-12-14 12:56:48 . 2013-12-14 12:56:49 -------- d-----w- C:\Users\Utente\.android
2013-12-14 12:56:45 . 2013-12-14 12:56:45 -------- d-----w- C:\Users\Utente\AppData\Local\cache
2013-12-14 12:56:44 . 2013-12-14 12:56:44 -------- d-----w- C:\Users\Utente\AppData\Local\genienext
2013-12-14 12:56:43 . 2013-12-14 12:57:46 -------- d-----w- C:\Users\Utente\AppData\Local\Mobogenie
2013-12-14 12:56:26 . 2013-12-14 12:57:46 -------- d-----w- C:\Program Files (x86)\Mobogenie
2013-12-14 12:55:42 . 2013-12-30 12:59:02 -------- d-----w- C:\Users\Utente\AppData\Roaming\Iminent
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-12-11 18:37:21 . 2013-03-07 18:45:59 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 18:37:21 . 2012-01-11 15:56:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-04 16:35:46 . 2013-10-27 18:26:42 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-11-04 16:35:42 . 2013-11-04 16:35:42 375632 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-10-27 18:26:38 . 2013-10-27 18:26:38 375632 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-07-14 01:52:21 . !HASH: COULD NOT OPEN FILE !!!!! . 24128 . . [------] .. C:\Windows\system32\drivers\atapi.sys

[-] 2009-07-14 00:10:13 . !HASH: COULD NOT OPEN FILE !!!!! . 23040 . . [------] .. C:\Windows\system32\drivers\asyncmac.sys

[-] 2009-07-14 01:48:04 . !HASH: COULD NOT OPEN FILE !!!!! . 50768 . . [------] .. C:\Windows\system32\drivers\kbdclass.sys

[-] 2012-08-22 18:12:40 . !HASH: COULD NOT OPEN FILE !!!!! . 950128 . . [------] .. C:\Windows\system32\drivers\ndis.sys

[-] 2011-08-22 08:11:13 . !HASH: COULD NOT OPEN FILE !!!!! . 1659776 . . [------] .. C:\Windows\system32\drivers\ntfs.sys

[-] 2009-07-13 23:19:38 . !HASH: COULD NOT OPEN FILE !!!!! . 6144 . . [------] .. C:\Windows\system32\drivers\null.sys

[-] 2012-08-22 18:12:50 . !HASH: COULD NOT OPEN FILE !!!!! . 1913200 . . [------] .. C:\Windows\system32\drivers\tcpip.sys

[-] 2010-11-21 03:24:32 . !HASH: COULD NOT OPEN FILE !!!!! . 119296 . . [------] .. C:\Windows\system32\drivers\tdx.sys

[7] 2012-05-04 10:03:53 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987 (win7sp1_ldr.120503-2030)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[7] 2012-05-04 10:03:50 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835 (win7sp1_gdr.120503-2030)] .. C:\Windows\erdnt\cache86\ntoskrnl.exe
[7] 2012-05-04 10:03:50 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835 (win7sp1_gdr.120503-2030)] .. C:\Windows\SysWOW64\ntoskrnl.exe
[7] 2012-05-04 10:03:50 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835 (win7sp1_gdr.120503-2030)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[7] 2012-03-31 04:39:37 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803 (win7sp1_gdr.120330-1504)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 04:37:33 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955 (win7sp1_ldr.120330-1503)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2012-03-06 05:59:41 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790 (win7sp1_gdr.120305-1505)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2012-03-06 05:41:34 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936 (win7sp1_ldr.120305-1505)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2011-08-23 12:05:04 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640 (win7sp1_gdr.110622-1506)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-08-23 12:05:04 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755 (win7sp1_ldr.110622-1503)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-08-22 08:15:23 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592 (win7sp1_gdr.110408-1631)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2011-08-22 08:15:23 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701 (win7sp1_ldr.110408-1634)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-21 03:23:51 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[-] 2012-05-04 11:06:22 . !HASH: COULD NOT OPEN FILE !!!!! . 5559664 . . [------] .. C:\Windows\system32\ntoskrnl.exe

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-30 17:54:47 3333144 ----a-w- C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll" [2013-12-30 17:54:47 3333144]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 16:36:46 30040]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 12:02:04 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
R1 Avgdiska;AVG Disk Driver;C:\Windows\system32\DRIVERS\avgdiska.sys;C:\Windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;C:\Windows\system32\DRIVERS\a38ccid.sys;C:\Windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys;C:\Windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys;C:\Windows\SYSNATIVE\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys;C:\Windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys;C:\Windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys;C:\Windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys;C:\Windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;C:\Windows\system32\drivers\avgtpx64.sys;C:\Windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - 201ffaf37a80d188

Contenuto della cartella 'Scheduled Tasks'

2014-01-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-15 19:04:33 . 2013-12-11 18:37:21]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 11:17:34 8067616]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 17:30:44 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 17:30:44 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 17:30:44 363544]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://nmd.msn.com
mLocal Page = C:\Windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
Toolbar-{9E131A93-EED7-4BEB-B015-A0ADB30B5646} - (no file)
Wow6432Node-HKLM-Explorer_Run-3744 - C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat
Toolbar-Locked - (no file)
AddRemove-UnityWebPlayer - C:\Users\Utente\AppData\Local\Unity\WebPlayer\Uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\201ffaf37a80d188]
"ImagePath"="\SystemRoot\System32\Drivers\201ffaf37a80d188.sys"

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3393571389-480633730-1725549892-1000\Software\Microsoft\Internet Explorer\Approved Extensions]
@DACL=(02 0000)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2c,94,
62,f1,66,4a,01,a8,fa,40,fc,19,73,e6,64
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,3b,1b,ff,33,22,
21,ab,9d,e7,09,b0,e8,98,4e,9e,2d,f3,a0
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,26,3c,
5d,8a,3f,12,0b,8f,f6,b6,9b,01,7e,3c,6f
"{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"=hex:51,66,7a,6c,4c,1d,3b,1b,83,07,02,
8e,e3,b8,83,07,af,16,eb,ed,b7,40,13,5c
"{000F18F2-09EB-4A59-82B2-5AE4184C39C3}"=hex:51,66,7a,6c,4c,1d,3b,1b,e2,05,1e,
10,df,5f,31,06,9d,b1,11,a4,1c,07,7c,d9
"{1FAFD711-ABF9-4F6A-8130-5166C7371427}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,ca,be,
0f,cd,fd,02,03,9e,33,1a,26,c3,7c,51,3d
"{112BA211-334C-4A90-90EC-2AD1CDAB287C}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,bf,3a,
01,78,65,f8,06,8f,ef,61,91,c9,e0,6d,66

[HKEY_USERS\S-1-5-21-3393571389-480633730-1725549892-1000_Classes\CLSID\{57A50FF4-D894-A049-85B7-1ED6854B694C}]
@Denied: (A 4) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Ora fine scansione: 2014-01-08 21:57:18
ComboFix-quarantined-files.txt 2014-01-08 20:57:18

Pre-Run: 87.858.012.160 byte disponibili
Post-Run: 87.621.619.712 byte disponibili

- - End Of File - - 135731F2CDEF95A70B648ACF56CC2AF0
A36C5E4F47E84449FF07ED3517B43A31
Avatar utente
Andrexli
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: gio gen 09, 2014 11:56 am
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » gio gen 09, 2014 5:19 pm

andiamo per ordine
disinstalla bene AVG segui qui come fare http://www.windoctor.it/sicurezza/disin ... -avg-2014/

per ora non installare nessun Antivirus

poi segui questa guida alla lettera saltando solo la scansione con aswMBR e Malwarebytes Anti-Rootkit
http://www.windoctor.it/sicurezza/ripul ... 8-i-virus/
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Andrexli » ven gen 10, 2014 9:17 pm

Ciao Geronimo, innanzitutto ti ringrazio per la tua tempestiva risposta e per l'interessamento. Ho seguito alla lettera i tuoi consigli e la guida che mi hai indicato; di seguito i risultati:
Rimozione AVG con avg_remover non và a buon fine, dopo un po' che gira appare una finestra dove dice che avg utility ha smesso di funzionare. Qua il log

2014-01-10 17:42:53,540 INFO SystemChecking started.
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg8Uninstall\Directories (error: e0010013)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9Uninstall\Directories (error: e0010013)
2014-01-10 17:42:59,227 WARN AvgDir parameter is empty, but Remover found AvgDir at 'C:\Program Files (x86)\AVG\AVG2014\', use this path as default.
2014-01-10 17:42:59,227 WARN AvgDataDir parameter is empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2014\', use this path as default.
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG\AVG IDS\IDS (error: e0010013)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG SafeGuard toolbar (error: e0010013)
2014-01-10 17:42:59,227 WARN Reading "Uninstall" value failed (error: e001003d)
2014-01-10 17:42:59,227 WARN Reading "installPath" value failed (error: e001003d)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 17:42:59,227 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 17:42:59,227 INFO Attempting to uninstall AVG Identity Protection.
2014-01-10 17:42:59,227 INFO Attempting to uninstall AVG IG toolbar.
2014-01-10 17:42:59,227 INFO AVG IG toolbar not present in the system
2014-01-10 17:42:59,227 INFO Attempting to uninstall AVG Visionize toolbar.
2014-01-10 17:42:59,227 INFO (Google) toolbar not present in the system
2014-01-10 17:42:59,227 INFO (Yahoo) toolbar not present in the system
2014-01-10 17:42:59,227 INFO Attempting to remove MSI Data.
2014-01-10 17:42:59,227 DEBUG Obtained product code GUID '{34883B9C-CDFE-46F0-9C5B-935484C218C3}' related to upgrade code '{BD747F83-79CD-4E4B-9541-E21291F9D901}'
2014-01-10 17:42:59,227 DEBUG Obtained product code GUID '{7F624BD1-4FE0-432F-B928-68302E156D04}' related to upgrade code '{F4E9DD60-F3F7-4C9F-B12C-DB462AEC81EF}'
2014-01-10 17:42:59,227 DEBUG MSI remover failed with error 0xe0010058
2014-01-10 17:42:59,227 INFO Attempting to remove Exchange server plugins.
2014-01-10 17:42:59,227 INFO Removing AvgOutlook addin
2014-01-10 17:42:59,227 DEBUG RootKey Software\Microsoft\Office\Outlook\Addins found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key avgoutlook.Addin.1 (forced:1)
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048} (forced:1)
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A} (forced:1)
2014-01-10 17:42:59,227 INFO Removing Sharepoint plugin if exists
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83} (forced:1)
2014-01-10 17:42:59,227 DEBUG Failed to delete key 'CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83}': 0xe001003d
2014-01-10 17:42:59,227 DEBUG RootKey (null) found, remove key CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} (forced:1)
2014-01-10 17:42:59,227 DEBUG Failed to delete key 'CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}': 0xe001003d
2014-01-10 17:42:59,227 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 17:42:59,227 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 17:42:59,227 INFO Exchange 2007/2010 not instaled on this machine
2014-01-10 17:42:59,227 INFO Attempting to remove NDIS driver.
2014-01-10 17:42:59,227 DEBUG Extracting avgremoverndis?.exe from .cab archive
2014-01-10 17:42:59,227 DEBUG NDIS remover failed with error 0xe0010058
2014-01-10 17:42:59,227 INFO Attempting to remove AVG from WSC.
2014-01-10 17:42:59,227 INFO unregistering from WSC
2014-01-10 17:42:59,227 INFO COM API WINDOWS SECURITY CENTER
2014-01-10 17:42:59,227 INFO WSC object created
2014-01-10 17:42:59,243 INFO WSC object attached
2014-01-10 17:42:59,368 INFO WSC object registered
2014-01-10 17:42:59,383 INFO WSC object unregistered
2014-01-10 17:42:59,383 INFO Begin of EnableWinFW.
2014-01-10 17:42:59,415 ERROR Turning WinFW on/off failed: 0x800706D9
2014-01-10 17:42:59,415 INFO End of EnableWinFW: 0x800706D9
2014-01-10 17:42:59,415 INFO Attempting to remove AVG services.
2014-01-10 17:42:59,430 INFO Processing service avg8emc, it can take several minutes...
2014-01-10 17:42:59,430 INFO Service avg8emc is not installed
2014-01-10 17:42:59,430 DEBUG Service avg8emc RegCleanup
2014-01-10 17:42:59,430 DEBUG Registry keys for service avg8emc are not present
2014-01-10 17:42:59,430 INFO Service avgfws8 is not installed
2014-01-10 17:42:59,430 DEBUG Service avgfws8 RegCleanup
2014-01-10 17:42:59,430 DEBUG Registry keys for service avgfws8 are not present
2014-01-10 17:42:59,446 DEBUG Service avg9wd RegCleanup
2014-01-10 17:42:59,446 DEBUG Registry keys for service avg9wd are not present
2014-01-10 17:42:59,430 INFO Processing service AvgMfx86, it can take several minutes...
2014-01-10 17:42:59,430 INFO Processing service AvgWFPx, it can take several minutes...
2014-01-10 17:42:59,446 INFO Service AvgMfx64 is not running
2014-01-10 17:42:59,446 DEBUG Service avg8wd RegCleanup
2014-01-10 17:42:59,446 DEBUG Registry keys for service avg8wd are not present
2014-01-10 17:42:59,446 DEBUG Service AvgMfx64 Delete
2014-01-10 17:42:59,446 INFO Processing service AvgLdx86, it can take several minutes...
2014-01-10 17:42:59,430 INFO Service AvgWFPa is not installed
2014-01-10 17:42:59,446 DEBUG Service AvgWFPa RegCleanup
2014-01-10 17:42:59,446 DEBUG Registry keys for service AvgWFPa are not present
2014-01-10 17:42:59,446 INFO Service AvgMfx86 is not installed
2014-01-10 17:42:59,461 DEBUG Service AvgMfx86 RegCleanup
2014-01-10 17:42:59,461 DEBUG Registry keys for service AvgMfx86 are not present
2014-01-10 17:42:59,446 INFO Processing service AvgWfpA, it can take several minutes...
2014-01-10 17:42:59,446 DEBUG Service AvgMfx64 RegCleanup
2014-01-10 17:42:59,477 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2014-01-10 17:42:59,477 DEBUG Service AvgWFPx RegCleanup
2014-01-10 17:42:59,493 DEBUG Registry keys for service AvgWFPx are not present
2014-01-10 17:42:59,461 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2014-01-10 17:42:59,493 INFO Processing service XmppAuth, it can take several minutes...
2014-01-10 17:42:59,493 INFO Processing service ContentFilter, it can take several minutes...
2014-01-10 17:42:59,508 INFO Processing service avgwd, it can take several minutes...
2014-01-10 17:42:59,508 INFO Processing service raserver, it can take several minutes...
2014-01-10 17:42:59,508 INFO Processing service AvgRemote, it can take several minutes...
2014-01-10 17:42:59,524 INFO Service ContentFilter is not installed
2014-01-10 17:42:59,524 DEBUG Service ContentFilter RegCleanup
2014-01-10 17:42:59,524 DEBUG Registry keys for service ContentFilter are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSErHrw7x is not installed
2014-01-10 17:42:59,524 DEBUG Service AVGIDSErHrw7x RegCleanup
2014-01-10 17:42:59,524 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSShimvtx is not installed
2014-01-10 17:42:59,524 INFO Service raserver is not installed
2014-01-10 17:42:59,524 INFO Service avgfws is not installed
2014-01-10 17:42:59,524 DEBUG Service avgfws RegCleanup
2014-01-10 17:42:59,524 INFO Service AVGIDSDriverw7a is not installed
2014-01-10 17:42:59,524 DEBUG Service AVGIDSShimvtx RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSShimvtx are not present
2014-01-10 17:42:59,524 INFO Service AvgApiWrapper is not installed
2014-01-10 17:42:59,540 DEBUG Service AvgApiWrapper RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AvgApiWrapper are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSFilterw7a is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSFilterw7a RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2014-01-10 17:42:59,524 INFO Service AvgTdiX is not installed
2014-01-10 17:42:59,540 DEBUG Service AvgTdiX RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AvgTdiX are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSErHrvta is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSErHrvta RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSErHrvta are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSErHrxpx is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSErHrxpx RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSWatcher is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSWatcher RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSWatcher are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSFiltervtx is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSFiltervtx RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2014-01-10 17:42:59,524 INFO Service avgfws9 is not installed
2014-01-10 17:42:59,540 DEBUG Service avgfws9 RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service avgfws9 are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSShimw7x is not installed
2014-01-10 17:42:59,540 DEBUG Service AVGIDSShimw7x RegCleanup
2014-01-10 17:42:59,540 DEBUG Registry keys for service AVGIDSShimw7x are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSFiltervta is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSFiltervta RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSFiltervta are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSDriverw7x is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSDriverw7x RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2014-01-10 17:42:59,524 INFO Service AvgWfpA is not installed
2014-01-10 17:42:59,555 DEBUG Service AvgWfpA RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AvgWfpA are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSDriverxpx is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSDriverxpx RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2014-01-10 17:42:59,524 INFO Service AvgWfpX is not installed
2014-01-10 17:42:59,555 DEBUG Service AvgWfpX RegCleanup
2014-01-10 17:42:59,524 INFO Service XmppAuth is not installed
2014-01-10 17:42:59,555 DEBUG Service XmppAuth RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service XmppAuth are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSErHrw7a is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSErHrw7a RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSFilterxpx is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSFilterxpx RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSFilterw7x is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSFilterw7x RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2014-01-10 17:42:59,524 INFO Service avg9emc is not installed
2014-01-10 17:42:59,555 DEBUG Service avg9emc RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service avg9emc are not present
2014-01-10 17:42:59,524 INFO Service AvgRkx86 is not installed
2014-01-10 17:42:59,524 DEBUG Service raserver RegCleanup
2014-01-10 17:42:59,555 DEBUG Registry keys for service raserver are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSErHrvtx is not installed
2014-01-10 17:42:59,555 DEBUG Service AVGIDSErHrvtx RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSDrivervta is not installed
2014-01-10 17:42:59,571 DEBUG Service AVGIDSDrivervta RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AVGIDSDrivervta are not present
2014-01-10 17:42:59,524 INFO Service AVGIDSDrivervtx is not installed
2014-01-10 17:42:59,571 DEBUG Service AVGIDSDrivervtx RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2014-01-10 17:42:59,524 INFO Service AvgLdx86 is not installed
2014-01-10 17:42:59,571 DEBUG Service AvgLdx86 RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AvgLdx86 are not present
2014-01-10 17:42:59,524 INFO Service AvgRemote is not installed
2014-01-10 17:42:59,571 DEBUG Service AvgRemote RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AvgRemote are not present
2014-01-10 17:42:59,524 DEBUG Service avgwd BeforeStop
2014-01-10 17:42:59,524 INFO Service AVGIDSShimxpx is not installed
2014-01-10 17:42:59,571 DEBUG Service AVGIDSShimxpx RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AVGIDSShimxpx are not present
2014-01-10 17:42:59,540 DEBUG Registry keys for service avgfws are not present
2014-01-10 17:42:59,540 INFO Service AvgLdx64 is not running
2014-01-10 17:42:59,571 DEBUG Service AvgLdx64 Delete
2014-01-10 17:42:59,540 INFO Service AVGIDSAgent is not running
2014-01-10 17:42:59,571 DEBUG Service AVGIDSAgent Delete
2014-01-10 17:42:59,540 DEBUG Service AvgRkx64 Stop
2014-01-10 17:42:59,540 DEBUG Service AvgTdiA Stop
2014-01-10 17:42:59,540 DEBUG Service AVGIDSDriverw7a RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2014-01-10 17:42:59,555 DEBUG Registry keys for service AvgWfpX are not present
2014-01-10 17:42:59,555 DEBUG Service AvgRkx86 RegCleanup
2014-01-10 17:42:59,571 DEBUG Registry keys for service AvgRkx86 are not present
2014-01-10 17:42:59,571 DEBUG SendWDCommand failed, error e0010127
2014-01-10 17:42:59,571 DEBUG SendWDCommand failed, error e0010127
2014-01-10 17:42:59,571 DEBUG SendWDCommand failed, error e0010127
2014-01-10 17:42:59,571 DEBUG Service AvgLdx64 RegCleanup
2014-01-10 17:42:59,571 DEBUG SendWDCommand failed, error e0010127
2014-01-10 17:42:59,571 WARN Service avgwd Failed to SetStoppable command (error: e0010127)
2014-01-10 17:42:59,571 DEBUG Service avgwd BeforeStop failed
2014-01-10 17:42:59,586 DEBUG Service AVGIDSAgent RegCleanup
2014-01-10 17:42:59,586 DEBUG Delete registry keys for service AVGIDSAgent failed (error: e001003d)
2014-01-10 17:42:59,586 DEBUG Service AVGIDSAgent RegCleanup failed
2014-01-10 17:42:59,586 INFO Service avgwd is not running
2014-01-10 17:42:59,586 DEBUG Service avgwd Delete
2014-01-10 17:42:59,586 DEBUG Restart required
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA Stop failed (error: c007041c), RESTART planned
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA Stop failed
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA Delete
2014-01-10 17:42:59,586 DEBUG Restart required
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 Stop failed (error: c007041c), RESTART planned
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 Stop failed
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 Delete
2014-01-10 17:42:59,586 DEBUG Service avgwd RegCleanup
2014-01-10 17:42:59,586 DEBUG Registry keys for service avgwd are not present
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA Delete failed (error: c007041c)
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA Delete failed
2014-01-10 17:42:59,586 DEBUG Service AvgTdiA RegCleanup
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 Delete failed (error: c007041c)
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 Delete failed
2014-01-10 17:42:59,586 DEBUG Service AvgRkx64 RegCleanup
2014-01-10 17:42:59,586 INFO Attempting to remove AVG drivers.
2014-01-10 17:42:59,586 DEBUG Deleting driver 'avgfwd6a'...
2014-01-10 17:42:59,946 DEBUG Deleting driver 'avgfwd6x'...
2014-01-10 17:43:00,133 DEBUG Deleting driver 'avgfwda'...
2014-01-10 17:43:00,290 DEBUG Deleting driver 'avgfwdx'...
2014-01-10 17:43:00,430 DEBUG Deleting driver 'AVGIDSDriver'...
2014-01-10 17:43:00,571 DEBUG Deleting driver 'AVGIDSEH'...
2014-01-10 17:43:00,711 DEBUG Deleting driver 'AVGIDSHX'...
2014-01-10 17:43:00,836 DEBUG Deleting driver 'AVGIDSfilter'...
2014-01-10 17:43:00,977 DEBUG Deleting driver 'AVGIDSShim'...
2014-01-10 17:43:01,118 DEBUG Deleting driver 'avgldx64'...
2014-01-10 17:43:01,243 DEBUG Deleting driver 'avgldx86'...
2014-01-10 17:43:01,368 DEBUG Deleting driver 'avgmfx64'...
2014-01-10 17:43:01,493 DEBUG Deleting driver 'avgmfx86'...
2014-01-10 17:43:01,618 DEBUG Deleting driver 'avgrkx64'...
2014-01-10 17:43:01,743 DEBUG Deleting driver 'avgrkx86'...
2014-01-10 17:43:01,868 DEBUG Deleting driver 'avgtdia'...
2014-01-10 17:43:01,977 DEBUG Deleting driver 'avgtdix'...
2014-01-10 17:43:02,102 DEBUG Deleting driver 'avgwfpa'...
2014-01-10 17:43:02,227 DEBUG Deleting driver 'avgwfpx'...
2014-01-10 17:43:02,352 DEBUG Deleting driver 'avglogdrvx86'...
2014-01-10 17:43:02,477 DEBUG Deleting driver 'avglogdrvx64'...
2014-01-10 17:43:02,602 DEBUG Deleting driver 'avglogx'...
2014-01-10 17:43:02,711 DEBUG Deleting driver 'avgloga'...
2014-01-10 17:43:02,836 DEBUG Deleting driver 'avgrkx86UniversalDD'...
2014-01-10 17:43:02,961 DEBUG Deleting driver 'avgbootx'...
2014-01-10 17:43:03,071 DEBUG Deleting driver 'avgboota'...
2014-01-10 17:43:03,196 DEBUG Deleting driver 'avgdiska'...
2014-01-10 17:43:03,321 DEBUG Deleting driver 'avgdiskx'...
2014-01-10 17:43:03,430 DEBUG Deleting driver 'avgfwd6a'...
2014-01-10 17:43:03,555 DEBUG Deleting driver 'avgfwd6x'...
2014-01-10 17:43:03,680 DEBUG Deleting driver 'avgfwda'...
2014-01-10 17:43:03,805 DEBUG Deleting driver 'avgfwdx'...
2014-01-10 17:43:03,915 DEBUG Deleting driver 'AVGIDSDriver'...
2014-01-10 17:43:04,040 DEBUG Deleting driver 'AVGIDSEH'...
2014-01-10 17:43:04,165 DEBUG Deleting driver 'AVGIDSHX'...
2014-01-10 17:43:04,290 DEBUG Deleting driver 'AVGIDSfilter'...
2014-01-10 17:43:04,399 DEBUG Deleting driver 'AVGIDSShim'...
2014-01-10 17:43:04,524 DEBUG Deleting driver 'avgldx64'...
2014-01-10 17:43:04,633 DEBUG Deleting driver 'avgldx86'...
2014-01-10 17:43:04,758 DEBUG Deleting driver 'avgmfx64'...
2014-01-10 17:43:04,883 DEBUG Deleting driver 'avgmfx86'...
2014-01-10 17:43:05,008 DEBUG Deleting driver 'avgrkx64'...
2014-01-10 17:43:05,133 DEBUG Deleting driver 'avgrkx86'...
2014-01-10 17:43:05,258 DEBUG Deleting driver 'avgtdia'...
2014-01-10 17:43:05,368 DEBUG Deleting driver 'avgtdix'...
2014-01-10 17:43:05,493 DEBUG Deleting driver 'avgwfpa'...
2014-01-10 17:43:05,618 DEBUG Deleting driver 'avgwfpx'...
2014-01-10 17:43:05,727 DEBUG Deleting driver 'avglogdrvx86'...
2014-01-10 17:43:05,852 DEBUG Deleting driver 'avglogdrvx64'...
2014-01-10 17:43:05,977 DEBUG Deleting driver 'avglogx'...
2014-01-10 17:43:06,102 DEBUG Deleting driver 'avgloga'...
2014-01-10 17:43:06,227 DEBUG Deleting driver 'avgrkx86UniversalDD'...
2014-01-10 17:43:06,336 DEBUG Deleting driver 'avgbootx'...
2014-01-10 17:43:06,461 DEBUG Deleting driver 'avgboota'...
2014-01-10 17:43:06,586 DEBUG Deleting driver 'avgdiska'...
2014-01-10 17:43:06,711 DEBUG Deleting driver 'avgdiskx'...
2014-01-10 17:43:06,821 INFO Attempting to remove AVG running processes.
2014-01-10 17:43:07,133 INFO Attempting to uninstall CloudCare.
2014-01-10 17:43:07,133 INFO CloudCare not instaled on this machine
2014-01-10 17:43:46,352 INFO SystemChecking started.
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg8Uninstall\Directories (error: e0010013)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9Uninstall\Directories (error: e0010013)
2014-01-10 17:43:47,696 WARN AvgDir parameter is empty, but Remover found AvgDir at 'C:\Program Files (x86)\AVG\AVG2014\', use this path as default.
2014-01-10 17:43:47,696 WARN AvgDataDir parameter is empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2014\', use this path as default.
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG\AVG IDS\IDS (error: e0010013)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG SafeGuard toolbar (error: e0010013)
2014-01-10 17:43:47,696 WARN Reading "Uninstall" value failed (error: e001003d)
2014-01-10 17:43:47,696 WARN Reading "installPath" value failed (error: e001003d)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 17:43:47,696 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 17:43:47,696 INFO Attempting to uninstall AVG Identity Protection.
2014-01-10 17:43:47,696 INFO Attempting to uninstall AVG IG toolbar.
2014-01-10 17:43:47,696 INFO AVG IG toolbar not present in the system
2014-01-10 17:43:47,696 INFO Attempting to uninstall AVG Visionize toolbar.
2014-01-10 17:43:47,696 INFO (Google) toolbar not present in the system
2014-01-10 17:43:47,696 INFO (Yahoo) toolbar not present in the system
2014-01-10 17:43:47,696 INFO Attempting to remove MSI Data.
2014-01-10 17:43:47,696 DEBUG Obtained product code GUID '{34883B9C-CDFE-46F0-9C5B-935484C218C3}' related to upgrade code '{BD747F83-79CD-4E4B-9541-E21291F9D901}'
2014-01-10 17:43:47,696 DEBUG Obtained product code GUID '{7F624BD1-4FE0-432F-B928-68302E156D04}' related to upgrade code '{F4E9DD60-F3F7-4C9F-B12C-DB462AEC81EF}'
2014-01-10 17:43:47,696 DEBUG MSI remover failed with error 0xe0010058
2014-01-10 17:43:47,696 INFO Attempting to remove Exchange server plugins.
2014-01-10 17:43:47,696 INFO Removing AvgOutlook addin
2014-01-10 17:43:47,696 DEBUG RootKey Software\Microsoft\Office\Outlook\Addins found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key avgoutlook.Addin.1 (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key AppID\avgoutlook.DLL (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey Software\Microsoft\Office\Outlook\Addins found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key avgoutlook.Addin (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key avgoutlook.Addin.1 (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key AppID\avgoutlook.DLL (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2014-01-10 17:43:47,696 INFO Removing Sharepoint plugin if exists
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG RootKey (null) found, remove key CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} (forced:1)
2014-01-10 17:43:47,696 DEBUG Failed to delete key 'CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}': 0xe001003d
2014-01-10 17:43:47,696 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 17:43:47,696 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 17:43:47,696 INFO Exchange 2007/2010 not instaled on this machine
2014-01-10 17:43:47,696 INFO Attempting to remove NDIS driver.
2014-01-10 17:43:47,696 DEBUG Extracting avgremoverndis?.exe from .cab archive
2014-01-10 17:43:47,696 DEBUG NDIS remover failed with error 0xe0010058
2014-01-10 17:43:47,696 INFO Attempting to remove AVG from WSC.
2014-01-10 17:43:47,696 INFO unregistering from WSC
2014-01-10 17:43:47,696 INFO COM API WINDOWS SECURITY CENTER
2014-01-10 17:43:47,696 INFO WSC object created
2014-01-10 17:43:47,711 INFO WSC object attached
2014-01-10 17:43:47,743 INFO WSC object registered
2014-01-10 17:43:47,758 INFO WSC object unregistered
2014-01-10 17:43:47,758 INFO Begin of EnableWinFW.
2014-01-10 17:43:47,774 ERROR Turning WinFW on/off failed: 0x800706D9
2014-01-10 17:43:47,774 INFO End of EnableWinFW: 0x800706D9
2014-01-10 17:43:47,774 INFO Attempting to remove AVG services.
2014-01-10 17:43:47,774 INFO Service avgfws8 is not installed
2014-01-10 17:43:47,790 DEBUG Service avgfws8 RegCleanup
2014-01-10 17:43:47,790 DEBUG Registry keys for service avgfws8 are not present
2014-01-10 17:43:47,774 INFO Service AvgWFPa is not installed
2014-01-10 17:43:47,790 DEBUG Service AvgWFPa RegCleanup
2014-01-10 17:43:47,790 DEBUG Registry keys for service AvgWFPa are not present
2014-01-10 17:43:47,774 INFO Processing service avg8emc, it can take several minutes...
2014-01-10 17:43:47,774 INFO Service AvgMfx86 is not installed
2014-01-10 17:43:47,790 DEBUG Service AvgMfx86 RegCleanup
2014-01-10 17:43:47,790 DEBUG Registry keys for service AvgMfx86 are not present
2014-01-10 17:43:47,805 DEBUG Registry keys for service avg8wd are not present
2014-01-10 17:43:47,790 DEBUG Service AvgTdiA Stop
2014-01-10 17:43:47,805 INFO Service avg9wd is not installed
2014-01-10 17:43:47,805 DEBUG Service avg9wd RegCleanup
2014-01-10 17:43:47,805 DEBUG Registry keys for service avg9wd are not present
2014-01-10 17:43:47,790 INFO Service avg8emc is not installed
2014-01-10 17:43:47,805 INFO Service AvgLdx64 is not installed
2014-01-10 17:43:47,821 DEBUG Service AvgLdx64 RegCleanup
2014-01-10 17:43:47,821 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2014-01-10 17:43:47,790 INFO Service AvgMfx64 is not installed
2014-01-10 17:43:47,821 DEBUG Service AvgMfx64 RegCleanup
2014-01-10 17:43:47,821 DEBUG Registry keys for service AvgMfx64 are not present
2014-01-10 17:43:47,805 INFO Processing service avg9emc, it can take several minutes...
2014-01-10 17:43:47,790 INFO Service AvgWfpA is not installed
2014-01-10 17:43:47,821 DEBUG Service AvgWfpA RegCleanup
2014-01-10 17:43:47,821 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2014-01-10 17:43:47,805 INFO Service AVGIDSAgent is not installed
2014-01-10 17:43:47,836 DEBUG Service AVGIDSAgent RegCleanup
2014-01-10 17:43:47,836 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2014-01-10 17:43:47,805 DEBUG Restart required
2014-01-10 17:43:47,805 INFO Service AVGIDSDriverxpx is not installed
2014-01-10 17:43:47,805 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2014-01-10 17:43:47,805 INFO Service AvgLdx86 is not installed
2014-01-10 17:43:47,836 DEBUG Service AvgLdx86 RegCleanup
2014-01-10 17:43:47,836 DEBUG Registry keys for service AvgLdx86 are not present
2014-01-10 17:43:47,805 INFO Processing service avgfws, it can take several minutes...
2014-01-10 17:43:47,821 DEBUG Service avg8emc RegCleanup
2014-01-10 17:43:47,836 DEBUG Registry keys for service avg8emc are not present
2014-01-10 17:43:47,821 INFO Processing service AVGIDSWatcher, it can take several minutes...
2014-01-10 17:43:47,790 INFO Processing service AvgWfpX, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service AVGIDSShimvtx, it can take several minutes...
2014-01-10 17:43:47,821 INFO Service AvgTdiX is not installed
2014-01-10 17:43:47,790 INFO Service AvgWFPx is not installed
2014-01-10 17:43:47,821 INFO Service AVGIDSFilterxpx is not installed
2014-01-10 17:43:47,821 INFO Service AVGIDSDrivervta is not installed
2014-01-10 17:43:47,821 INFO Service AvgRkx86 is not installed
2014-01-10 17:43:47,821 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2014-01-10 17:43:47,821 DEBUG Registry keys for service AvgLdx64 are not present
2014-01-10 17:43:47,805 INFO Processing service avgfws9, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2014-01-10 17:43:47,821 INFO Service AVGIDSErHrxpx is not installed
2014-01-10 17:43:47,821 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service avgwd, it can take several minutes...
2014-01-10 17:43:47,821 INFO Service avg9emc is not installed
2014-01-10 17:43:47,821 INFO Processing service ContentFilter, it can take several minutes...
2014-01-10 17:43:47,821 DEBUG Registry keys for service AvgWfpA are not present
2014-01-10 17:43:47,805 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2014-01-10 17:43:47,821 INFO Processing service raserver, it can take several minutes...
2014-01-10 17:43:47,836 INFO Processing service AvgApiWrapper, it can take several minutes...
2014-01-10 17:43:47,836 INFO Service AVGIDSErHrw7a is not installed
2014-01-10 17:43:47,836 INFO Processing service XmppAuth, it can take several minutes...
2014-01-10 17:43:47,836 INFO Processing service AvgRemote, it can take several minutes...
2014-01-10 17:43:47,836 DEBUG Registry keys for service AVGIDSAgent are not present
2014-01-10 17:43:47,790 INFO Processing service AvgRkx64, it can take several minutes...
2014-01-10 17:43:47,836 INFO Service AvgTdiA is unstoppable, RESTART planned
2014-01-10 17:43:47,883 DEBUG Service AvgRkx64 Stop
2014-01-10 17:43:47,836 INFO Service AVGIDSErHrvta is not installed
2014-01-10 17:43:47,836 DEBUG Service AVGIDSDriverxpx RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2014-01-10 17:43:47,836 INFO Service AVGIDSFiltervtx is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSFiltervtx RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2014-01-10 17:43:47,836 INFO Service avgfws is not installed
2014-01-10 17:43:47,836 INFO Service AVGIDSWatcher is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSWatcher RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSWatcher are not present
2014-01-10 17:43:47,836 INFO Service AvgWfpX is not installed
2014-01-10 17:43:47,883 DEBUG Service AvgWfpX RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AvgWfpX are not present
2014-01-10 17:43:47,836 INFO Service AVGIDSShimvtx is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSShimvtx RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSShimvtx are not present
2014-01-10 17:43:47,836 DEBUG Service AvgTdiX RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AvgTdiX are not present
2014-01-10 17:43:47,836 DEBUG Service AvgWFPx RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AvgWFPx are not present
2014-01-10 17:43:47,836 INFO Service AVGIDSFiltervta is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSFiltervta RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSFiltervta are not present
2014-01-10 17:43:47,836 INFO Service AVGIDSDrivervtx is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSDrivervtx RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2014-01-10 17:43:47,852 INFO Service AVGIDSShimw7x is not installed
2014-01-10 17:43:47,883 DEBUG Service AVGIDSShimw7x RegCleanup
2014-01-10 17:43:47,883 DEBUG Registry keys for service AVGIDSShimw7x are not present
2014-01-10 17:43:47,852 INFO Service AVGIDSDriverw7x is not installed
2014-01-10 17:43:47,899 DEBUG Service AVGIDSDriverw7x RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2014-01-10 17:43:47,852 DEBUG Service AVGIDSFilterxpx RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2014-01-10 17:43:47,852 DEBUG Service AVGIDSDrivervta RegCleanup
2014-01-10 17:43:47,852 DEBUG Service AvgRkx86 RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service AVGIDSDrivervta are not present
2014-01-10 17:43:47,899 DEBUG Registry keys for service AvgRkx86 are not present
2014-01-10 17:43:47,852 INFO Service AVGIDSDriverw7a is not installed
2014-01-10 17:43:47,899 DEBUG Service AVGIDSDriverw7a RegCleanup
2014-01-10 17:43:47,852 INFO Service avgfws9 is not installed
2014-01-10 17:43:47,899 DEBUG Service avgfws9 RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service avgfws9 are not present
2014-01-10 17:43:47,852 INFO Service AVGIDSFilterw7x is not installed
2014-01-10 17:43:47,899 DEBUG Service AVGIDSFilterw7x RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2014-01-10 17:43:47,852 INFO Service AVGIDSErHrw7x is not installed
2014-01-10 17:43:47,899 DEBUG Service AVGIDSErHrw7x RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2014-01-10 17:43:47,852 INFO Service avgwd is not installed
2014-01-10 17:43:47,852 DEBUG Service avg9emc RegCleanup
2014-01-10 17:43:47,868 INFO Service ContentFilter is not installed
2014-01-10 17:43:47,899 DEBUG Service ContentFilter RegCleanup
2014-01-10 17:43:47,899 DEBUG Registry keys for service ContentFilter are not present
2014-01-10 17:43:47,868 INFO Service AVGIDSShimxpx is not installed
2014-01-10 17:43:47,899 DEBUG Service AVGIDSShimxpx RegCleanup
2014-01-10 17:43:54,665 DEBUG Deleting driver 'avgdiskx'...
2014-01-10 17:43:54,790 INFO Attempting to remove AVG running processes.
2014-01-10 17:43:54,883 INFO Attempting to uninstall CloudCare.
2014-01-10 17:43:54,883 INFO CloudCare not instaled on this machine
2014-01-10 18:29:30,538 INFO SystemChecking started.
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg8Uninstall\Directories (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avg9Uninstall\Directories (error: e0010013)
2014-01-10 18:29:33,538 WARN AvgDir parameter is empty, but Remover found AvgDir at 'C:\Program Files (x86)\AVG\AVG2014\', use this path as default.
2014-01-10 18:29:33,538 WARN AvgDataDir parameter is empty, but Remover found AvgDataDir at 'C:\ProgramData\AVG2014\', use this path as default.
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG\AVG IDS\IDS (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG SafeGuard toolbar (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG Secure Search (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key SOFTWARE\AVG Security Toolbar (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key Software\Microsoft\Exchange\v8.0\Setup (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Cannot open AvgUninstall key Software\Microsoft\ExchangeServer\v14\Setup (error: e0010013)
2014-01-10 18:29:33,538 DEBUG Disabling IDP Self Protection has failed with error 0xe0010054
2014-01-10 18:29:33,538 INFO Attempting to uninstall AVG Identity Protection.
2014-01-10 18:29:33,538 INFO Attempting to uninstall AVG IG toolbar.
2014-01-10 18:29:33,538 INFO AVG IG toolbar not present in the system
2014-01-10 18:29:33,538 INFO Attempting to uninstall AVG Visionize toolbar.
2014-01-10 18:29:33,538 INFO (Google) toolbar not present in the system
2014-01-10 18:29:33,538 INFO (Yahoo) toolbar not present in the system
2014-01-10 18:29:33,538 INFO Attempting to remove MSI Data.
2014-01-10 18:29:33,538 DEBUG Obtained product code GUID '{34883B9C-CDFE-46F0-9C5B-935484C218C3}' related to upgrade code '{BD747F83-79CD-4E4B-9541-E21291F9D901}'
2014-01-10 18:29:33,538 DEBUG Obtained product code GUID '{7F624BD1-4FE0-432F-B928-68302E156D04}' related to upgrade code '{F4E9DD60-F3F7-4C9F-B12C-DB462AEC81EF}'
2014-01-10 18:29:33,538 DEBUG MSI remover failed with error 0xe0010058
2014-01-10 18:29:33,538 INFO Attempting to remove Exchange server plugins.
2014-01-10 18:29:33,538 INFO Removing AvgOutlook addin
2014-01-10 18:29:33,538 DEBUG RootKey Software\Microsoft\Office\Outlook\Addins found, remove key avgoutlook.Addin (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key avgoutlook.Addin (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key avgoutlook.Addin.1 (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048} (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A} (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key AppID\avgoutlook.DLL (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey Software\Microsoft\Office\Outlook\Addins found, remove key avgoutlook.Addin (forced:1)
2014-01-10 18:29:33,538 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 18:29:33,538 DEBUG RootKey (null) found, remove key avgoutlook.Addin (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'avgoutlook.Addin': 0xe001003d
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key avgoutlook.Addin.1 (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'avgoutlook.Addin.1': 0xe001003d
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048} (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'CLSID\{9F39046C-801E-4E15-8CD9-ACF0ACF29048}': 0xe001003d
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A} (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'CLSID\{F083C5AB-08AD-4ABF-A2BE-8FA5C7D2F10A}': 0xe001003d
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key AppID\avgoutlook.DLL (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'AppID\avgoutlook.DLL': 0xe001003d
2014-01-10 18:29:33,553 INFO Removing Sharepoint plugin if exists
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83} (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'CLSID\{8B39AD4E-1AB3-4AE1-B533-706F1CACED83}': 0xe001003d
2014-01-10 18:29:33,553 DEBUG RootKey (null) found, remove key CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82} (forced:1)
2014-01-10 18:29:33,553 DEBUG Failed to delete key 'CLSID\{6E801D47-45B7-4D10-8268-DBBD5C233F82}': 0xe001003d
2014-01-10 18:29:33,553 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 18:29:33,553 DEBUG Failed to open key 'Software\Microsoft\Shared Tools\Web Server Extensions\AVScanner': 0xe0010013
2014-01-10 18:29:33,553 INFO Exchange 2007/2010 not instaled on this machine
2014-01-10 18:29:33,553 INFO Attempting to remove NDIS driver.
2014-01-10 18:29:33,553 DEBUG Extracting avgremoverndis?.exe from .cab archive
2014-01-10 18:29:33,553 DEBUG NDIS remover failed with error 0xe0010058
2014-01-10 18:29:33,553 INFO Attempting to remove AVG from WSC.
2014-01-10 18:29:33,553 INFO unregistering from WSC
2014-01-10 18:29:33,553 INFO COM API WINDOWS SECURITY CENTER
2014-01-10 18:29:33,553 INFO WSC object created
2014-01-10 18:29:33,553 INFO WSC object attached
2014-01-10 18:29:33,616 INFO WSC object registered
2014-01-10 18:29:33,631 INFO WSC object unregistered
2014-01-10 18:29:33,631 INFO Begin of EnableWinFW.
2014-01-10 18:29:33,631 ERROR Turning WinFW on/off failed: 0x800706D9
2014-01-10 18:29:33,631 INFO End of EnableWinFW: 0x800706D9
2014-01-10 18:29:33,631 INFO Attempting to remove AVG services.
2014-01-10 18:29:33,647 INFO Service avg8emc is not installed
2014-01-10 18:29:33,647 DEBUG Service avg8emc RegCleanup
2014-01-10 18:29:33,647 DEBUG Registry keys for service avg8emc are not present
2014-01-10 18:29:33,647 INFO Processing service avg8wd, it can take several minutes...
2014-01-10 18:29:33,647 INFO Service AvgWFPx is not installed
2014-01-10 18:29:33,647 DEBUG Service AvgWFPx RegCleanup
2014-01-10 18:29:33,647 DEBUG Registry keys for service AvgWFPx are not present
2014-01-10 18:29:33,647 INFO Service avgfws8 is not installed
2014-01-10 18:29:33,647 DEBUG Service avgfws8 RegCleanup
2014-01-10 18:29:33,663 DEBUG Registry keys for service avgfws8 are not present
2014-01-10 18:29:33,647 INFO Processing service AvgLdx64, it can take several minutes...
2014-01-10 18:29:33,647 INFO Service AvgMfx64 is not installed
2014-01-10 18:29:33,663 DEBUG Service AvgMfx64 RegCleanup
2014-01-10 18:29:33,663 DEBUG Registry keys for service AvgMfx64 are not present
2014-01-10 18:29:33,647 INFO Processing service AvgTdiA, it can take several minutes...
2014-01-10 18:29:33,647 INFO Service avg9wd is not installed
2014-01-10 18:29:33,663 DEBUG Service avg9wd RegCleanup
2014-01-10 18:29:33,663 DEBUG Registry keys for service avg9wd are not present
2014-01-10 18:29:33,647 INFO Service avg8wd is not installed
2014-01-10 18:29:33,663 DEBUG Service avg8wd RegCleanup
2014-01-10 18:29:33,663 DEBUG Registry keys for service avg8wd are not present
2014-01-10 18:29:33,647 INFO Processing service AvgWFPa, it can take several minutes...
2014-01-10 18:29:33,647 INFO Processing service AvgMfx86, it can take several minutes...
2014-01-10 18:29:33,647 INFO Processing service AvgLdx86, it can take several minutes...
2014-01-10 18:29:33,647 INFO Processing service AvgTdiX, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSWatcher, it can take several minutes...
2014-01-10 18:29:33,663 INFO Service AvgLdx64 is not installed
2014-01-10 18:29:33,678 DEBUG Service AvgLdx64 RegCleanup
2014-01-10 18:29:33,678 DEBUG Registry keys for service AvgLdx64 are not present
2014-01-10 18:29:33,663 INFO Processing service AvgRkx86, it can take several minutes...
2014-01-10 18:29:33,663 INFO Service AvgTdiA is not installed
2014-01-10 18:29:33,678 DEBUG Service AvgTdiA RegCleanup
2014-01-10 18:29:33,678 DEBUG Registry keys for service AvgTdiA are not present
2014-01-10 18:29:33,678 INFO Processing service AVGIDSFilterxpx, it can take several minutes...
2014-01-10 18:29:33,663 INFO Processing service AvgRkx64, it can take several minutes...
2014-01-10 18:29:33,663 INFO Service AvgWFPa is not installed
2014-01-10 18:29:33,678 DEBUG Service AvgWFPa RegCleanup
2014-01-10 18:29:33,678 INFO Processing service AVGIDSFiltervtx, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSDrivervtx, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSErHrxpx, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSErHrvta, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSErHrw7a, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSShimw7x, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSDriverw7x, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSDriverw7a, it can take several minutes...
2014-01-10 18:29:33,694 INFO Service AVGIDSErHrw7a is not installed
2014-01-10 18:29:33,694 DEBUG Service AVGIDSErHrw7a RegCleanup
2014-01-10 18:29:33,663 INFO Processing service AvgWfpA, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service avgfws, it can take several minutes...
2014-01-10 18:29:33,678 INFO Service AVGIDSWatcher is not installed
2014-01-10 18:29:33,694 DEBUG Service AVGIDSWatcher RegCleanup
2014-01-10 18:29:33,694 DEBUG Registry keys for service AVGIDSWatcher are not present
2014-01-10 18:29:33,678 INFO Service AvgRkx86 is not installed
2014-01-10 18:29:33,694 DEBUG Service AvgRkx86 RegCleanup
2014-01-10 18:29:33,694 DEBUG Registry keys for service AvgRkx86 are not present
2014-01-10 18:29:33,678 INFO Service AVGIDSFilterxpx is not installed
2014-01-10 18:29:33,709 DEBUG Service AVGIDSFilterxpx RegCleanup
2014-01-10 18:29:33,709 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2014-01-10 18:29:33,709 INFO Processing service AvgApiWrapper, it can take several minutes...
2014-01-10 18:29:33,678 DEBUG Registry keys for service AvgWFPa are not present
2014-01-10 18:29:33,709 INFO Service avgfws is not installed
2014-01-10 18:29:33,709 DEBUG Service avgfws RegCleanup
2014-01-10 18:29:33,663 INFO Processing service avgfws9, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSDrivervta, it can take several minutes...
2014-01-10 18:29:33,678 INFO Service AVGIDSFiltervtx is not installed
2014-01-10 18:29:33,678 INFO Processing service AVGIDSFilterw7x, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSFilterw7a, it can take several minutes...
2014-01-10 18:29:33,663 INFO Service AvgMfx86 is not installed
2014-01-10 18:29:33,709 DEBUG Service AvgMfx86 RegCleanup
2014-01-10 18:29:33,694 INFO Service AVGIDSDrivervtx is not installed
2014-01-10 18:29:33,678 INFO Service AvgLdx86 is not installed
2014-01-10 18:29:33,694 INFO Service AVGIDSErHrxpx is not installed
2014-01-10 18:29:33,678 INFO Processing service AVGIDSAgent, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSFiltervta, it can take several minutes...
2014-01-10 18:29:33,694 INFO Service AVGIDSErHrvta is not installed
2014-01-10 18:29:33,725 DEBUG Service AVGIDSErHrvta RegCleanup
2014-01-10 18:29:33,725 DEBUG Registry keys for service AVGIDSErHrvta are not present
2014-01-10 18:29:33,678 INFO Service AvgTdiX is not installed
2014-01-10 18:29:33,725 DEBUG Service AvgTdiX RegCleanup
2014-01-10 18:29:33,725 DEBUG Registry keys for service AvgTdiX are not present
2014-01-10 18:29:33,678 INFO Processing service AVGIDSShimxpx, it can take several minutes...
2014-01-10 18:29:33,663 INFO Processing service AvgWfpX, it can take several minutes...
2014-01-10 18:29:33,694 INFO Processing service AVGIDSErHrvtx, it can take several minutes...
2014-01-10 18:29:33,694 INFO Service AVGIDSDriverw7x is not installed
2014-01-10 18:29:33,725 DEBUG Service AVGIDSDriverw7x RegCleanup
2014-01-10 18:29:33,725 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2014-01-10 18:29:33,694 INFO Service AVGIDSDriverw7a is not installed
2014-01-10 18:29:33,725 DEBUG Service AVGIDSDriverw7a RegCleanup
2014-01-10 18:29:33,725 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2014-01-10 18:29:33,694 INFO Processing service AVGIDSErHrw7x, it can take several minutes...
2014-01-10 18:29:33,678 INFO Processing service AVGIDSDriverxpx, it can take several minutes...
2014-01-10 18:29:33,694 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2014-01-10 18:29:33,694 INFO Processing service avgwd, it can take several minutes...
2014-01-10 18:29:33,694 INFO Service AVGIDSShimw7x is not installed
2014-01-10 18:29:33,741 DEBUG Service AVGIDSShimw7x RegCleanup
2014-01-10 18:29:33,741 DEBUG Registry keys for service AVGIDSShimw7x are not present
2014-01-10 18:29:33,709 INFO Service AvgWfpA is not installed
2014-01-10 18:29:33,741 DEBUG Service AvgWfpA RegCleanup
2014-01-10 18:29:33,741 DEBUG Registry keys for service AvgWfpA are not present
2014-01-10 18:29:33,663 INFO Processing service avg9emc, it can take several minutes...
2014-01-10 18:29:33,709 INFO Processing service AvgRemote, it can take several minutes...
2014-01-10 18:29:33,678 INFO Service AvgRkx64 is not installed
2014-01-10 18:29:33,756 DEBUG Service AvgRkx64 RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AvgRkx64 are not present
2014-01-10 18:29:33,709 DEBUG Registry keys for service avgfws are not present
2014-01-10 18:29:33,709 INFO Service AvgApiWrapper is not installed
2014-01-10 18:29:33,756 DEBUG Service AvgApiWrapper RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AvgApiWrapper are not present
2014-01-10 18:29:33,709 DEBUG Service AVGIDSFiltervtx RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2014-01-10 18:29:33,709 INFO Service avgfws9 is not installed
2014-01-10 18:29:33,709 DEBUG Registry keys for service AvgMfx86 are not present
2014-01-10 18:29:33,709 INFO Service AVGIDSDrivervta is not installed
2014-01-10 18:29:33,756 DEBUG Service AVGIDSDrivervta RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSDrivervta are not present
2014-01-10 18:29:33,709 INFO Service AVGIDSFilterw7x is not installed
2014-01-10 18:29:33,756 DEBUG Service AVGIDSFilterw7x RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2014-01-10 18:29:33,709 INFO Service AVGIDSFilterw7a is not installed
2014-01-10 18:29:33,756 DEBUG Service AVGIDSFilterw7a RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2014-01-10 18:29:33,709 DEBUG Service AVGIDSDrivervtx RegCleanup
2014-01-10 18:29:33,709 DEBUG Service AvgLdx86 RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AvgLdx86 are not present
2014-01-10 18:29:33,709 DEBUG Service AVGIDSErHrxpx RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2014-01-10 18:29:33,725 INFO Service AVGIDSAgent is not installed
2014-01-10 18:29:33,725 INFO Service AVGIDSFiltervta is not installed
2014-01-10 18:29:33,756 DEBUG Service AVGIDSFiltervta RegCleanup
2014-01-10 18:29:33,756 DEBUG Registry keys for service AVGIDSFiltervta are not present
2014-01-10 18:29:33,725 INFO Service AVGIDSShimxpx is not installed
2014-01-10 18:29:33,725 INFO Service AVGIDSErHrvtx is not installed
2014-01-10 18:29:33,772 DEBUG Service AVGIDSErHrvtx RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2014-01-10 18:29:33,725 INFO Service AvgWfpX is not installed
2014-01-10 18:29:33,741 INFO Service AVGIDSErHrw7x is not installed
2014-01-10 18:29:33,772 DEBUG Service AVGIDSErHrw7x RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2014-01-10 18:29:33,741 INFO Service AVGIDSDriverxpx is not installed
2014-01-10 18:29:33,772 DEBUG Service AVGIDSDriverxpx RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2014-01-10 18:29:33,741 INFO Service avgwd is not installed
2014-01-10 18:29:33,772 DEBUG Service avgwd RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service avgwd are not present
2014-01-10 18:29:33,741 INFO Service ContentFilter is not installed
2014-01-10 18:29:33,772 DEBUG Service ContentFilter RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service ContentFilter are not present
2014-01-10 18:29:33,741 INFO Service raserver is not installed
2014-01-10 18:29:33,772 DEBUG Service raserver RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service raserver are not present
2014-01-10 18:29:33,741 INFO Service AVGIDSShimvtx is not installed
2014-01-10 18:29:33,741 INFO Service XmppAuth is not installed
2014-01-10 18:29:33,772 DEBUG Service XmppAuth RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service XmppAuth are not present
2014-01-10 18:29:33,756 INFO Service AvgRemote is not installed
2014-01-10 18:29:33,772 DEBUG Service AvgRemote RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AvgRemote are not present
2014-01-10 18:29:33,756 DEBUG Service avgfws9 RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service avgfws9 are not present
2014-01-10 18:29:33,756 DEBUG Service AVGIDSAgent RegCleanup
2014-01-10 18:29:33,756 DEBUG Service AVGIDSShimxpx RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSShimxpx are not present
2014-01-10 18:29:33,772 DEBUG Service AVGIDSShimvtx RegCleanup
2014-01-10 18:29:33,756 INFO Service avg9emc is not installed
2014-01-10 18:29:33,772 DEBUG Service avg9emc RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service avg9emc are not present
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSAgent are not present
2014-01-10 18:29:33,772 DEBUG Service AvgWfpX RegCleanup
2014-01-10 18:29:33,772 DEBUG Registry keys for service AvgWfpX are not present
2014-01-10 18:29:33,772 DEBUG Registry keys for service AVGIDSShimvtx are not present
2014-01-10 18:29:33,772 INFO Attempting to remove AVG drivers.
2014-01-10 18:29:33,788 DEBUG Deleting driver 'avgfwd6a'...
2014-01-10 18:29:34,397 DEBUG Deleting driver 'avgfwd6x'...
2014-01-10 18:29:34,522 DEBUG Deleting driver 'avgfwda'...
2014-01-10 18:29:34,647 DEBUG Deleting driver 'avgfwdx'...
2014-01-10 18:29:34,756 DEBUG Deleting driver 'AVGIDSDriver'...
2014-01-10 18:29:34,881 DEBUG Deleting driver 'AVGIDSEH'...
2014-01-10 18:29:35,006 DEBUG Deleting driver 'AVGIDSHX'...
2014-01-10 18:29:35,116 DEBUG Deleting driver 'AVGIDSfilter'...
2014-01-10 18:29:35,225 DEBUG Deleting driver 'AVGIDSShim'...
2014-01-10 18:29:35,350 DEBUG Deleting driver 'avgldx64'...
2014-01-10 18:29:35,491 DEBUG Deleting driver 'avgldx86'...
2014-01-10 18:29:35,600 DEBUG Deleting driver 'avgmfx64'...
2014-01-10 18:29:35,725 DEBUG Deleting driver 'avgmfx86'...
2014-01-10 18:29:35,850 DEBUG Deleting driver 'avgrkx64'...
2014-01-10 18:29:35,959 DEBUG Deleting driver 'avgrkx86'...
2014-01-10 18:29:36,084 DEBUG Deleting driver 'avgtdia'...
2014-01-10 18:29:36,209 DEBUG Deleting driver 'avgtdix'...
2014-01-10 18:29:36,334 DEBUG Deleting driver 'avgwfpa'...
2014-01-10 18:29:36,444 DEBUG Deleting driver 'avgwfpx'...
2014-01-10 18:29:36,553 DEBUG Deleting driver 'avglogdrvx86'...
2014-01-10 18:29:36,678 DEBUG Deleting driver 'avglogdrvx64'...
2014-01-10 18:29:36,788 DEBUG Deleting driver 'avglogx'...
2014-01-10 18:29:36,913 DEBUG Deleting driver 'avgloga'...
2014-01-10 18:29:37,022 DEBUG Deleting driver 'avgrkx86UniversalDD'...
2014-01-10 18:29:37,147 DEBUG Deleting driver 'avgbootx'...
2014-01-10 18:29:37,256 DEBUG Deleting driver 'avgboota'...
2014-01-10 18:29:37,366 DEBUG Deleting driver 'avgdiska'...
2014-01-10 18:29:37,491 DEBUG Deleting driver 'avgdiskx'...
2014-01-10 18:29:37,600 DEBUG Deleting driver 'avgfwd6a'...
2014-01-10 18:29:37,709 DEBUG Deleting driver 'avgfwd6x'...
2014-01-10 18:29:37,834 DEBUG Deleting driver 'avgfwda'...
2014-01-10 18:29:37,944 DEBUG Deleting driver 'avgfwdx'...
2014-01-10 18:29:38,069 DEBUG Deleting driver 'AVGIDSDriver'...
2014-01-10 18:29:38,178 DEBUG Deleting driver 'AVGIDSEH'...
2014-01-10 18:29:38,288 DEBUG Deleting driver 'AVGIDSHX'...
2014-01-10 18:29:38,413 DEBUG Deleting driver 'AVGIDSfilter'...
2014-01-10 18:29:38,522 DEBUG Deleting driver 'AVGIDSShim'...
2014-01-10 18:29:38,631 DEBUG Deleting driver 'avgldx64'...
2014-01-10 18:29:38,756 DEBUG Deleting driver 'avgldx86'...
2014-01-10 18:29:38,866 DEBUG Deleting driver 'avgmfx64'...
2014-01-10 18:29:38,991 DEBUG Deleting driver 'avgmfx86'...
2014-01-10 18:29:39,100 DEBUG Deleting driver 'avgrkx64'...
2014-01-10 18:29:39,225 DEBUG Deleting driver 'avgrkx86'...
2014-01-10 18:29:39,334 DEBUG Deleting driver 'avgtdia'...
2014-01-10 18:29:39,459 DEBUG Deleting driver 'avgtdix'...
2014-01-10 18:29:39,569 DEBUG Deleting driver 'avgwfpa'...
2014-01-10 18:29:39,678 DEBUG Deleting driver 'avgwfpx'...
2014-01-10 18:29:39,803 DEBUG Deleting driver 'avglogdrvx86'...
2014-01-10 18:29:39,913 DEBUG Deleting driver 'avglogdrvx64'...
2014-01-10 18:29:40,022 DEBUG Deleting driver 'avglogx'...
2014-01-10 18:29:40,131 DEBUG Deleting driver 'avgloga'...
2014-01-10 18:29:40,256 DEBUG Deleting driver 'avgrkx86UniversalDD'...
2014-01-10 18:29:40,366 DEBUG Deleting driver 'avgbootx'...
2014-01-10 18:29:40,491 DEBUG Deleting driver 'avgboota'...
2014-01-10 18:29:40,600 DEBUG Deleting driver 'avgdiska'...
2014-01-10 18:29:40,709 DEBUG Deleting driver 'avgdiskx'...
2014-01-10 18:29:40,834 INFO Attempting to remove AVG running processes.
2014-01-10 18:29:40,913 INFO Attempting to uninstall CloudCare.
2014-01-10 18:29:40,913 INFO CloudCare not instaled on this machine
Avatar utente
Andrexli
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: gio gen 09, 2014 11:56 am
Top
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Andrexli » ven gen 10, 2014 9:18 pm

RogueKiller: tutto ok

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Utente [Admin rights]
Mode : Scan -- Date : 01/10/2014 19:00:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][Rans.Gendarm] HKLM\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[RUN][Rans.Gendarm] HKLM\[...]\Wow6432Node\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS001\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> Trovato
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Le attività pianificate : 1 ¤¤¤
[V2][SUSP PATH] Windows Update Check - 0x180003BE : C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start - Menu\Programs\Startup\dtdasndku.exe [x][x] -> Trovato

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][File] @ : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][cartella] U : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] U : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] L : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] L : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> Trovato

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : Rans.Gendarm|Root.Necurs|ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200AAJS-00B4A0 ATA Device +++++
--- User ---
[MBR] 217e0b28ab78cf1afb61f1b574ee7934
[BSP] 34c484fc792cc8d7f89c3782428de819 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 136599 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 279755910 | Size: 168643 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01102014_190002.txt >>


HitmanPro: tutto ok

HitmanPro 3.7.7.205
www.hitmanpro.com

Computer name . . . . : UTENTE-PC
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : Utente-PC\Utente
UAC . . . . . . . . . : Disabled
License . . . . . . . : Trial (30 days left)

Scan date . . . . . . : 2014-01-10 19:07:24
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 49s
Disk access mode . . : Direct disk access (API)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 0
Traces . . . . . . . : 217

Objects scanned . . . : 1.340.486
Files scanned . . . . : 18.746
Remnants scanned . . : 338.122 files / 983.618 keys

Miniport ____________________________________________________________________

Failed

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\Mobogenie\ (Rocketfuel) -> Deleted
C:\Program Files (x86)\Mobogenie\mgusb.exe (Rocketfuel) -> Deleted
Size . . . . . . . : 88.256 bytes
Age . . . . . . . : 27.2 days (2013-12-14 13:56:34)
Entropy . . . . . : 6.3
SHA-256 . . . . . : AD59BA08A3C4828E5B1129903FDCCD5E28F5D430A960A9CC417BBB678ED90076
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
Forensic Cluster
-7.5s C:\Program Files (x86)\Mobogenie\
0.0s C:\Program Files (x86)\Mobogenie\mgusb.exe
0.5s C:\Program Files (x86)\Mobogenie\nengine.dll

C:\Program Files (x86)\Mobogenie\nengine.dll (Rocketfuel) -> Deleted
Size . . . . . . . : 1.283.584 bytes
Age . . . . . . . : 27.2 days (2013-12-14 13:56:34)
Entropy . . . . . : 6.7
SHA-256 . . . . . : 63EB9F4A508FD03CC44DB0B761FAF5986CC8A7C9947ADFD957D1A28FB956DDBC
Product . . . . . : nengine
Publisher . . . . : NewNextDotMe
Description . . . : NewNext Helper Engine
Version . . . . . : 0.3.2.0
Copyright . . . . : Copyright (C) 2013
Fuzzy . . . . . . : -8.0
Forensic Cluster
-8.1s C:\Program Files (x86)\Mobogenie\
-0.5s C:\Program Files (x86)\Mobogenie\mgusb.exe
0.0s C:\Program Files (x86)\Mobogenie\nengine.dll

C:\Program Files (x86)\Mobogenie\ok.htm (Rocketfuel) -> Deleted
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (Babylon) -> Deleted
C:\ProgramData\Babylon\ (Babylon) -> Deleted
C:\ProgramData\BitGuard\ (SpeedUpMyPC) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\ (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\client.time (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\Data\ (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\driverresult.log (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\mobo.uuid (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\Local\Mobogenie\Source.mu (Rocketfuel) -> Deleted
C:\Users\Utente\AppData\LocalLow\Claro LTD\ (Claro) -> Deleted
C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard\ (SpeedUpMyPC) -> Deleted
C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard\Uninstall .lnk (SpeedUpMyPC) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\ (Claro) -> Deleted
HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) -> Deleted
HKLM\SOFTWARE\Classes\s\ (Softonic) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}\ (Claro) -> PendingDelete
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) -> Deleted
HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} (Claro) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd\ (Rocketfuel) -> PendingDelete
HKU\S-1-5-21-3393571389-480633730-1725549892-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}\ (Babylon) -> Deleted
HKU\S-1-5-21-3393571389-480633730-1725549892-1000\Software\Softonic\ (Softonic) -> Deleted


TDSSKiller tutto ok

AdwCleaner tutto ok

# AdwCleaner v3.016 - Report created 10/01/2014 at 19:25:07
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Utente - UTENTE-PC
# Running from : C:\Users\Utente\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : VideoDownloadConverter_4zService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter
Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter_4z
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Utente\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Utente\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Utente\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Utente\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Utente\Documents\Mobogenie
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Windows\System32\Tasks\BitGuard

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bicnnkjibmphdeigoodpjlcklcnaobdj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter.ScriptHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.DynamicBarButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.FeedManager.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLPanel.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.MultipleButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.PseudoTransparentPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.Radio.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ScriptButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ThirdPartyInstaller.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.UrlAlertButton.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.XMLSessionPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Key Deleted : HKCU\Software\e6db8bb469bd41
Key Deleted : HKLM\SOFTWARE\e6db8bb469bd41
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_hijackthis_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_hijackthis_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_winrar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_winrar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A1260C1-2964-453F-B0BA-FA429472EB5F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363D5C92-10DC-4287-93E5-1832EECC48EC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3719959C-1CCD-4FA7-8EBB-7D9DED86FCCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B41BE90-F731-4137-AFF3-2CA951E7F0D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4128C64D-F0DD-4811-9405-D22294E8151F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66292684-B2C2-4C7C-B3D2-BF446E30744C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69407823-3494-4400-8D49-612549E8F4EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6BFF4BCB-7A73-45A7-AC4C-389A34E1D1EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{84B7B98F-E018-4DBB-AB4C-4DDD3DFCB5FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FCA5302-6D6D-4645-BF99-D43CF76CE474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD385519-22E7-4BE2-8A8D-35C66DF4858E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FF48DBA6-5DD8-4D10-9EB0-0FA968502E66}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{192F487E-E812-40C0-B0DE-CB4BFA20F37B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D3826A1-F3E8-45D6-94B5-C26D8EC0073B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{37923200-6887-4B44-95D4-CAE8F83ECFEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3EE17DD1-E28B-4AED-A3B2-9C29CB2C19D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{79332472-47F3-4E32-B07F-CF8DF4C58499}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{886F93AD-3CBB-4424-8442-A7340243540F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AA289DBC-59B6-40A5-AC7D-C90DF850289C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CA723163-6FAD-43D4-8B93-0D8C52BD9974}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F1F328EB-F5A5-432B-A54C-05F3EF5B0BD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FB0E8A09-F08C-44CF-9E15-97ADAC016248}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FE8DBB09-C3D3-4477-80CB-D38914B94BB8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A4E8BCB-5598-4CAF-9DEC-4D452760E28D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A86782D8-7B41-452F-A217-1854F72DBA54}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D429207-4689-492D-A0E5-CDC5DFBB5005}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9083CE-8758-4704-BA57-3C891D7452BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\AppDataLow\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\VideoDownloadConverter
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall Firefox

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450


*************************

AdwCleaner[R0].txt - [688 octets] - [10/01/2014 19:24:07]
AdwCleaner[S0].txt - [24873 octets] - [10/01/2014 19:25:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24934 octets] ##########


ADSSpy, il download a cui fa riferimento la guida è un .exe da 37 kb e non parte, si apre una finestra con scritto "invalid picture". Ho fatto una ricerca su altri siti, ne ho scaricati un altro paio, ma tutti da 37Kb e con il solito problema.
Fatto tutto questo, ho ripulito con CCleaner e riprovato l'installazione di AVIRA, ma il problema rimane. Mentre, facendo una scansione con Malware antimalware, il trojan è finalmente sparito!! Mi viene quindi da pensare che non riesco ad installare antivirus per via del vecchio AVG?
Avatar utente
Andrexli
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: gio gen 09, 2014 11:56 am
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » sab gen 11, 2014 11:06 am

hai una brutta infezione da togliere [ rootkit zero access) [bleh] aspetta l'intervento di Geronimo [^]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » sab gen 11, 2014 11:48 am

ciao
si hai beccato zero access [sh]

rimuovi gli ADS con hijackthis segui qui come fare
http://www.windoctor.it/sicurezza/i-mig ... ta-stream/

poi dopo posta anche un report di hijackthis
ricordati molto importante di lanciare hijackthis come AMMINISTRATORE
http://www.windoctor.it/forum/virus/com ... sul-forum/
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Pancrazio » sab gen 11, 2014 11:52 am

GERONIMO* ha scritto: hai beccato zero access [sh]


Cosa causerebbe questo virus?
Avatar utente
Pancrazio
Aficionado
Aficionado
 
Messaggi: 122
Iscritto il: lun dic 02, 2013 6:21 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » sab gen 11, 2014 12:13 pm

dipende dalle varianti

in genere infetta il kernel di windows
http://translate.google.it/translate?hl ... 26hs%3DB3x

http://blog.kaspersky.it/che-cosa-sono-i-rootkit/
http://searchsecurity.techtarget.it/una ... 44,00.html
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » sab gen 11, 2014 1:09 pm

ciao Geronimo difficilmente riuscira' a rimuovere quell'infezione con hijackthis [bleh]

Pancrazio

avvia una nuova scansione con RogueKiller e metti la spunta solamente a queste voci e clicca su Delete o elimina

Codice: Seleziona tutto
[RUN][Rans.Gendarm] HKLM\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[RUN][Rans.Gendarm] HKLM\[...]\Wow6432Node\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS001\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[ZeroAccess][File] @ : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][File] @ : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][cartella] U : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] U : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] L : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] L : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> Trovato



finita l'operazione di pulizia clicca su "Report" e allegalo nel forum
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » sab gen 11, 2014 1:42 pm

stevens ha scritto:ciao Geronimo difficilmente riuscira' a rimuovere quell'infezione con hijackthis [bleh]

Pancrazio

avvia una nuova scansione con RogueKiller e metti la spunta solamente a queste voci e clicca su Delete o elimina

Codice: Seleziona tutto
[RUN][Rans.Gendarm] HKLM\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[RUN][Rans.Gendarm] HKLM\[...]\Wow6432Node\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS001\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[ZeroAccess][File] @ : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][File] @ : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][cartella] U : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] U : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] L : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] L : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> Trovato



finita l'operazione di pulizia clicca su "Report" e allegalo nel forum


non è per rimuovere l'infezione che già dovrebbe essere stata eliminata da combofix,hitmanpro e roguekiller [sh] ,ma per rimuovere gli ads che il rootkit zero acces installa e per controllare se c'è qualche servizio che non gli fa installare l'antivirus
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » sab gen 11, 2014 1:51 pm

se non spunta quelle voci e le rimuove resteranno nel pc [rotolo]

per i servizi potrebbe usare questo o una scansione con otl [;)]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » sab gen 11, 2014 2:08 pm

chi ti ha detto che non le ha rimosse?
è vero che ha postato il report prima di eliminare le voci,ma deve dirlo lui se le ha eliminate
non è che devi insegnarmi tu come rimuovere un rootkit è? che sia ben chiaro [sh] [bleh] [rotfl]
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Pancrazio » sab gen 11, 2014 3:30 pm

stevens ha scritto:Pancrazio

avvia una nuova scansione con RogueKiller e metti la spunta solamente a queste voci e clicca su Delete o elimina

Codice: Seleziona tutto
[RUN][Rans.Gendarm] HKLM\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[RUN][Rans.Gendarm] HKLM\[...]\Wow6432Node\[...]\Run : 3744 (C:\PROGRA~3\LOCALS~1\Temp\mshrswr.bat [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CCSet\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS001\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[SERVICE][Root.Necurs] HKLM\[...]\CS002\[...]\Services : 201ffaf37a80d188 (C:\Windows\system32\201ffaf37a80d188.sys [x]) -> Trovato
[ZeroAccess][File] @ : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][File] @ : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\@ [-] --> Trovato
[ZeroAccess][cartella] U : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] U : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\U [-] --> Trovato
[ZeroAccess][cartella] L : C:\Windows\Installer\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] L : C:\Users\Utente\AppData\Local\{8be8d218-b518-3efe-d751-86471f1c36fa}\L [-] --> Trovato
[ZeroAccess][cartella] Install : C:\Program Files (x86)\Google\Desktop\Install [-] --> Trovato



finita l'operazione di pulizia clicca su "Report" e allegalo nel forum


[uhm] [uhm] [uhm].
Avatar utente
Pancrazio
Aficionado
Aficionado
 
Messaggi: 122
Iscritto il: lun dic 02, 2013 6:21 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » sab gen 11, 2014 8:22 pm


non è che devi insegnarmi tu come rimuovere un rootkit è? che sia ben chiaro


[bleh] [bleh] [B)] [applauso+]


Pancrazio ma hai clicato su elimina dopo aver spuntato le voci? ripeti la scansione con Roguekiller, [bleh] Geronimo sara' disperso [bleh]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Pancrazio » sab gen 11, 2014 10:06 pm

stevens ha scritto:

non è che devi insegnarmi tu come rimuovere un rootkit è? che sia ben chiaro


[bleh] [bleh] [B)] [applauso+]


Pancrazio ma hai clicato su elimina dopo aver spuntato le voci? ripeti la scansione con Roguekiller, [bleh] Geronimo sara' disperso [bleh]


[...] [...] [...].
Avatar utente
Pancrazio
Aficionado
Aficionado
 
Messaggi: 122
Iscritto il: lun dic 02, 2013 6:21 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » sab gen 11, 2014 10:35 pm

Pancrazio PARLA CA@@@ [rotfl]

hai rifatto la scansione con rogue killer?
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Pancrazio » dom gen 12, 2014 12:03 am

stevens ha scritto:Pancrazio PARLA CA@@@ [rotfl]

hai rifatto la scansione con rogue killer?


[acc2] [acc2] [acc2].
Avatar utente
Pancrazio
Aficionado
Aficionado
 
Messaggi: 122
Iscritto il: lun dic 02, 2013 6:21 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda GERONIMO* » dom gen 12, 2014 8:51 am

stevens,ma non è pancrazio ad avere il problema ma Andrexli [acc2] [rotolo]
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda stevens » dom gen 12, 2014 9:53 pm

io pensavo che era quel poveraccio di Pancrazio [:D] [:D] [crylol] [rotolo] [bleh] [bleh] [bleh] [bleh] [bleh] [bleh] [bleh] [bleh] [bleh] [rotolo] [rotolo] [rotolo] [rotolo] [rotolo] [B)] [B)] [B)] [applauso+] [applauso+] [applauso+] [applauso+] [applauso+] [applauso+] [applauso+] [B)] [B)] [B)] [B)] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [crylol] [:D] [:D] [:D] [:D] [:D] [:D]
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm
Top

Re: Trojan.agent in HKLM\ è [LOG] ComboFix

Messaggioda Andrexli » lun gen 13, 2014 9:07 pm

Eccomi ragazzi... grazie a tutti per le risposte!
Qui il report di RogueKiller

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Utente [Admin rights]
Mode : HOSTSFix -- Date : 01/13/2014 20:51:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost


Finished : << RKreport[0]_H_01132014_205149.txt >>
RKreport[0]_S_01132014_205059.txt


Allora Geronimo, come ti dicevo prima, ADS SPY non mi si installa, neanche in provvisoria.
HijackThis l'ho scaricato, ma al momento di aprirlo come amministratore, mi dà "Run-time error '481' Invalid picture" .
E ora.. che fare?
Andrexli
Avatar utente
Andrexli
Neo Iscritto
Neo Iscritto
 
Messaggi: 23
Iscritto il: gio gen 09, 2014 11:56 am
Top
Prossimo
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 56 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising