gile4d
Nuovo Utente
- Messaggi
- 4
- Reazioni
- 0
- Punteggio
- 23
Ciao a tutti. Ho letto il topic "Ripulire un computer infetto" e ho constatato che il mio pc presenta quasi tutti i sintomi di infezione elencati. Ho installato Combofix e avviato la scansione (ci ha messo almeno 20 minuti invece dei 10 'tipici'). Vi metto qui il report sperando che qualcuno riesca ad aiutarmi, appena ha un po' di tempo.
Grazie in anticipo, spero di aver postato nella sezione giusta e rispettando le vostre regole, sono iscritto da poco e devo ancora orientarmi un po'.
ComboFix 14-09-09.01 - Casa 09/09/2014 15:35:46.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3071.1819 [GMT 2:00]
Eseguito da: c:\users\Casa\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-09 al 2014-09-09 )))))))))))))))))))))))))))))))))))
.
.
2014-09-09 13:49 . 2014-09-09 13:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-09 13:49 . 2014-09-09 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-09 13:24 . 2014-09-09 13:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B7646D-CD72-4123-A490-AC17754ED612}\offreg.dll
2014-09-09 12:44 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B7646D-CD72-4123-A490-AC17754ED612}\mpengine.dll
2014-09-08 20:56 . 2014-09-08 20:56 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-08 20:56 . 2014-09-08 20:56 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-08 20:56 . 2014-09-08 20:56 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-08 20:56 . 2014-09-08 20:56 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-08 20:56 . 2014-09-08 20:56 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-08 20:56 . 2014-09-08 20:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-08 20:56 . 2014-09-08 20:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-08 20:56 . 2014-09-08 20:56 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-08 20:56 . 2014-09-08 20:56 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-08 20:56 . 2014-09-08 20:56 43152 ----a-w- c:\windows\avastSS.scr
2014-09-08 20:44 . 2014-09-08 20:45 -------- d-----w- c:\programdata\AVAST Software
2014-08-29 07:21 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 07:21 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 17:56 . 2014-08-26 11:28 -------- d-----w- c:\users\Casa\AppData\Local\Spotify
2014-08-24 17:47 . 2014-08-27 20:33 -------- d-----w- c:\users\Casa\AppData\Roaming\Spotify
2014-08-22 14:21 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-22 14:21 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-22 14:21 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-22 14:21 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 14:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-22 14:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-22 14:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 14:19 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-22 14:19 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-18 11:10 . 2014-08-18 11:10 -------- d-----w- c:\users\Casa\AppData\Local\Adobe
2014-08-13 16:25 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 16:25 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 16:25 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 16:25 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 11:21 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 11:21 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 11:21 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-13 11:21 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-13 11:20 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 11:20 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-13 11:20 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-13 11:20 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-13 11:20 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 11:15 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 11:15 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 11:08 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 11:08 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 18:44 . 2013-11-06 16:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-17 18:44 . 2013-11-06 16:09 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-10 07:05 . 2014-08-10 07:05 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 07:20 . 2013-10-27 12:43 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-06-18 01:51 . 2014-07-09 06:54 646144 ----a-w- c:\windows\system32\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-08 20:56 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixMyRegistry"="c:\program files\SmartTweak\FixMyRegistry\FixMyRegistry.exe" [2014-05-26 1886840]
"Spotify Web Helper"="c:\users\Casa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2013-10-28 2289952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-08 4085896]
.
c:\users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-09-08 71944]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-28 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [2011-06-03 51760]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-09-08 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-09-08 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-09-08 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-09-08 67824]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ASWRVRT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 16:20 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06 18:44]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-24 09:02]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-24 09:02]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\2alma0w4.default\
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2014-09-09 15:58:11
ComboFix-quarantined-files.txt 2014-09-09 13:58
.
Pre-Run: 220.302.450.688 byte disponibili
Post-Run: 222.638.096.384 byte disponibili
.
- - End Of File - - 1386C6F4A9236F930C5BB755FAD28C4E
A36C5E4F47E84449FF07ED3517B43A31
Grazie in anticipo, spero di aver postato nella sezione giusta e rispettando le vostre regole, sono iscritto da poco e devo ancora orientarmi un po'.
ComboFix 14-09-09.01 - Casa 09/09/2014 15:35:46.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3071.1819 [GMT 2:00]
Eseguito da: c:\users\Casa\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2014-08-09 al 2014-09-09 )))))))))))))))))))))))))))))))))))
.
.
2014-09-09 13:49 . 2014-09-09 13:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-09-09 13:49 . 2014-09-09 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-09 13:24 . 2014-09-09 13:24 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B7646D-CD72-4123-A490-AC17754ED612}\offreg.dll
2014-09-09 12:44 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68B7646D-CD72-4123-A490-AC17754ED612}\mpengine.dll
2014-09-08 20:56 . 2014-09-08 20:56 71944 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-08 20:56 . 2014-09-08 20:56 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-08 20:56 . 2014-09-08 20:56 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-08 20:56 . 2014-09-08 20:56 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-08 20:56 . 2014-09-08 20:56 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-08 20:56 . 2014-09-08 20:56 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-08 20:56 . 2014-09-08 20:56 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-08 20:56 . 2014-09-08 20:56 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-08 20:56 . 2014-09-08 20:56 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-08 20:56 . 2014-09-08 20:56 43152 ----a-w- c:\windows\avastSS.scr
2014-09-08 20:44 . 2014-09-08 20:45 -------- d-----w- c:\programdata\AVAST Software
2014-08-29 07:21 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 07:21 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-24 17:56 . 2014-08-26 11:28 -------- d-----w- c:\users\Casa\AppData\Local\Spotify
2014-08-24 17:47 . 2014-08-27 20:33 -------- d-----w- c:\users\Casa\AppData\Roaming\Spotify
2014-08-22 14:21 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-22 14:21 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-22 14:21 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-22 14:21 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 14:20 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-22 14:20 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-22 14:20 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 14:19 . 2014-05-14 07:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-22 14:19 . 2014-05-14 07:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-18 11:10 . 2014-08-18 11:10 -------- d-----w- c:\users\Casa\AppData\Local\Adobe
2014-08-13 16:25 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 16:25 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 16:25 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 16:25 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 11:21 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-13 11:21 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-13 11:21 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-13 11:21 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-13 11:20 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 11:20 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-13 11:20 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-13 11:20 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-13 11:20 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 11:15 . 2014-08-07 01:43 412160 ----a-w- c:\windows\system32\aepdu.dll
2014-08-13 11:15 . 2014-08-07 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-13 11:08 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 11:08 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-17 18:44 . 2013-11-06 16:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-17 18:44 . 2013-11-06 16:09 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-10 07:05 . 2014-08-10 07:05 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-05 07:20 . 2013-10-27 12:43 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-06-18 01:51 . 2014-07-09 06:54 646144 ----a-w- c:\windows\system32\osk.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08 131480 ----a-w- c:\users\Casa\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-08 20:56 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FixMyRegistry"="c:\program files\SmartTweak\FixMyRegistry\FixMyRegistry.exe" [2014-05-26 1886840]
"Spotify Web Helper"="c:\users\Casa\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-08-26 1245752]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2013-10-28 2289952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-08 4085896]
.
c:\users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-09-08 71944]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-07-25 108032]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-28 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 FSProFilter2;FSPro File Filter 2;c:\windows\System32\Drivers\FSPFltd2.sys [2011-06-03 51760]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-09-08 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-09-08 414520]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-09-08 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-09-08 67824]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-07-02 5037888]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ASWRVRT
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 16:20 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-06 18:44]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-24 09:02]
.
2014-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-04-24 09:02]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\2alma0w4.default\
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2014-09-09 15:58:11
ComboFix-quarantined-files.txt 2014-09-09 13:58
.
Pre-Run: 220.302.450.688 byte disponibili
Post-Run: 222.638.096.384 byte disponibili
.
- - End Of File - - 1386C6F4A9236F930C5BB755FAD28C4E
A36C5E4F47E84449FF07ED3517B43A31