PROBLEMA Ragazzi mi serve un aiuto col log di combofix!!!

DianaWilliams86

Nuovo Utente
3
0
Mi aiutate a capire qual'è il problema? Io non ci capisco niente!

* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-22 al 2012-03-22 )))))))))))))))))))))))))))))))))))
.
.
2012-03-22 21:11 . 2012-03-22 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 19:47 . 2012-03-22 19:47 -------- d-----w- c:\users\Rosa\AppData\Local\Mozilla
2012-03-22 16:55 . 2012-03-22 19:19 -------- d-----w- c:\users\Rosa\AppData\Roaming\dvdcss
2012-03-22 16:53 . 2012-03-22 16:54 -------- d-----w- c:\programdata\Freemake
2012-03-22 16:53 . 2012-03-22 16:53 -------- d-----w- c:\program files (x86)\Freemake
2012-03-20 20:49 . 2012-03-20 20:59 -------- d-----w- c:\program files (x86)\AoA Audio Extractor
2012-03-20 19:47 . 2012-03-20 19:47 20 ----a-w- c:\windows\system32\SSUBTMR6.DLL
2012-03-20 19:47 . 2007-08-31 17:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-03-20 19:47 . 2003-01-26 12:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-03-20 19:20 . 2012-03-20 19:20 -------- d-----w- c:\users\Rosa\AppData\Roaming\FreeAudioExtractor
2012-03-20 15:48 . 2012-03-20 15:48 -------- d-----w- c:\users\Rosa\AppData\Roaming\Digiarty
2012-03-20 15:47 . 2012-03-20 15:47 -------- d-----w- c:\program files (x86)\Digiarty
2012-03-20 11:20 . 2012-03-20 19:35 -------- d-----w- c:\users\Rosa\AppData\Local\Smartbar
2012-03-20 11:03 . 2012-03-20 11:20 -------- d-----w- c:\users\Rosa\AppData\Local\Linkury
2012-03-20 10:46 . 2012-03-20 10:46 -------- d-----w- c:\users\Rosa\AppData\Roaming\Media Player Classic
2012-03-20 10:42 . 2012-03-20 10:42 -------- d-----w- c:\users\Rosa\AppData\Roaming\Canneverbe Limited
2012-03-20 10:42 . 2012-03-20 10:42 -------- d-----w- c:\programdata\Canneverbe Limited
2012-03-20 10:42 . 2012-03-20 10:42 -------- d-----w- c:\users\Rosa\AppData\Roaming\OpenCandy
2012-03-20 10:29 . 2011-01-28 08:00 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-03-20 10:29 . 2010-12-07 18:40 183808 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-03-20 10:29 . 2010-12-07 18:22 810496 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-03-20 10:29 . 2010-11-03 19:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2012-03-20 10:29 . 2010-03-15 10:31 165376 ----a-w- c:\windows\SysWow64\unrar.dll
2012-03-20 10:29 . 2010-01-17 16:18 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-03-20 10:29 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-03-20 10:29 . 2012-03-20 10:30 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-03-18 11:10 . 2012-03-18 11:10 -------- d-----w- c:\users\Rosa\AppData\Local\Nero_AG
2012-03-17 16:38 . 2012-03-21 14:32 -------- d-----w- c:\users\Rosa\Il mio filmato
2012-03-15 18:57 . 2012-03-15 18:57 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle
2012-03-15 18:57 . 2012-03-15 18:57 -------- d-----w- c:\users\Rosa\AppData\Local\Downloaded Installations
2012-03-15 18:57 . 2012-03-21 13:58 -------- d-----w- c:\users\Rosa\AppData\Local\Pinnacle
2012-03-15 18:56 . 2012-03-15 18:56 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate Collection
2012-03-15 18:52 . 2012-03-15 18:52 -------- d-----w- c:\program files (x86)\Common Files\Yahoo!
2012-03-15 18:52 . 2012-03-15 18:52 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging
2012-03-15 18:52 . 2012-03-15 18:52 -------- d-----w- c:\programdata\Studio 15
2012-03-15 18:52 . 2012-03-15 18:52 -------- d-----w- c:\programdata\Pinnacle Studio Plus
2012-03-15 18:42 . 2012-03-15 18:55 -------- d-----w- c:\programdata\Pinnacle
2012-03-15 18:42 . 2012-03-15 18:52 -------- d-----w- c:\program files (x86)\Pinnacle
2012-03-14 02:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 02:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 19:58 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 19:58 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 19:58 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 19:55 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 19:55 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 19:55 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 19:55 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 19:55 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 19:55 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 19:55 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 14:36 . 2008-02-28 12:26 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll
2012-03-10 16:54 . 2012-03-10 18:19 -------- d-----w- c:\users\Rosa\AppData\Roaming\AVG
2012-03-09 19:54 . 2012-03-11 09:49 -------- d-----w- c:\users\Rosa\AppData\Local\ServUpdater
2012-03-09 19:54 . 2012-03-09 19:55 -------- d-----w- c:\users\Rosa\AppData\Local\PosService
2012-03-09 19:54 . 2012-03-09 19:54 -------- d-----w- c:\users\Rosa\AppData\Local\PowerOffer
2012-02-29 21:07 . 2012-02-29 21:07 -------- d-----w- c:\users\Rosa\AppData\Local\BuildAGadget Content
2012-02-27 11:54 . 2012-02-27 11:54 -------- d-----w- c:\users\Rosa\AppData\Local\ElevatedDiagnostics
2012-02-23 21:24 . 2012-02-23 21:24 -------- d-----w- c:\users\Rosa\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 10:45 . 2011-11-09 19:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 10:37 . 2012-02-15 10:37 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-15 10:37 . 2012-02-15 10:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-13 21:31 . 2012-02-13 21:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{185D71C2-F9B6-41C5-9042-5131BD4C4A29}\offreg.dll
2012-02-07 15:17 . 2012-02-07 15:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-03 10:47 . 2012-02-03 10:47 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-01-30 14:42 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-29 04:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 03:39 . 2012-02-10 06:09 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{185D71C2-F9B6-41C5-9042-5131BD4C4A29}\mpengine.dll
2012-01-04 10:44 . 2012-02-16 03:49 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 03:49 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-16 03:49 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-16 03:49 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-16 03:49 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]
2012-01-18 09:34 225584 ----a-w- c:\program files (x86)\BrowserCompanion\jsloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 16:05 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]
2012-01-18 09:34 141104 ----a-w- c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
"{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}"= "c:\program files (x86)\uTorrentBar_IT\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-29 366024]
"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112]
"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2012-01-18 187696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 PowerOffer Service;Pos Service;c:\users\Rosa\AppData\Local\PosService\Pos.exe [2011-12-16 164352]
R2 ServUpdater;Serv Updater;c:\users\Rosa\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-12 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:39]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:39]
.
2012-03-18 c:\windows\Tasks\HPCeeScheduleForRosa.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2012-03-22 c:\windows\Tasks\OpenCandyHelper.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-03-22 c:\windows\Tasks\OpenCandyHelperRun.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-02 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-09-30 43320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2B3D1680-CF9A-49C5-9658-D52E6A440C2B}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{85B4B22D-281B-489A-AD58-47069ECDE662}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{970A6E21-CA64-4ACE-8B53-212E9ABE6032}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B0ED85A8-869D-49ED-A6FE-587317195E8F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{B740D1F1-1CCF-43D0-A7C9-8FDB797E201A}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CDCBE93A-61A0-40CC-904F-7FA3BE3D2F10}: NameServer = 176.31.229.24,176.31.229.25
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\6yzw64n8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B3bc917ab-5a2f-4fd0-87c0-ce6a5b58536b%7D&mid=402c8c417c1247d1b9cbd15cc5e8f6ec-f47a96b7de2f36a8c238579176a88379de0865cf&ds=AVG&v=10.2.0.3&lang=it&pr=pr&d=2012-02-07%2015%3A58%3A28&sap=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files (x86)\AVG\AVG2012\Firefox4
FF - Ext: AVG Security Toolbar: avg@toolbar - c:\programdata\AVG Secure Search\10.2.0.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-26611942-1839403967-2195990918-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*E¥ŸuE¥ŸuÖ[²]sÆ|õ]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"2"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
.
[HKEY_USERS\S-1-5-21-26611942-1839403967-2195990918-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*E¥ŸuE¥ŸuÖ[²]sÆ|õ]
"0"=hex:69,00,6f,00,20,00,65,00,20,00,62,00,75,00,6e,00,6e,00,79,00,20,00,31,
00,2e,00,6a,70,67,00,45,a5,9f,75,45,a5,9f,75,d6,5b,b2,5d,73,c6,7c,f5,10,01,\
"MRUListEx"=hex:02,00,00,00,01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:69,00,6f,00,20,00,65,00,20,00,62,00,75,00,6e,00,6e,00,79,00,20,00,32,
00,2e,00,6a,70,67,00,45,a5,9f,75,45,a5,9f,75,d6,5b,b2,5d,73,c6,7c,f5,10,01,\
"2"=hex:62,00,75,00,6e,00,6e,00,79,00,2e,00,6a,70,67,00,45,a5,9f,75,45,a5,9f,
75,d6,5b,b2,5d,73,c6,7c,f5,10,01,00,00,92,00,36,00,00,00,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-03-22 22:14:17
ComboFix-quarantined-files.txt 2012-03-22 21:14
.
Pre-Run: 258.386.317.312 byte disponibili
Post-Run: 267.979.444.224 byte disponibili
.
- - End Of File - - 1C53BFAA5E0DFC02D1CD4901953FB5DB
 
Ultima modifica:

tecnico24

Utente Èlite
10,706
1,072
Ciao ,
Scarica il file CFScript.txt che ti ho allegato in basso.
Adesso trascina il file con il tasto sx del mouse sull'icona di combofix.

Attendi il lavoro e il riavvio del pc.

Sei pregata di riepilogare i tuoi problemi , prima di postare il report di combofix.
 

Allegati

  • CFScript.txt
    1.3 KB · Visualizzazioni: 140

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!