ComboFix 13-07-03.01 - Utente 03/07/2013 17:52:41.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3838.2212 [GMT 2:0 0] Eseguito da: c:\users\Utente\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 192 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))) )))))))))))))))))))))))))))))))) . . c:\users\Utente\AppData\Roaming\inst.exe D:\install.exe . . ((((((((((((((((((((((((( Files Creati Da 2013-06-03 al 2013-07-03 )))))))))) ))))))))))))))))))))))))) . . 2013-07-03 07:33 . 2013-07-03 07:33 225280 ----a-wc:\programdata\M icrosoft\Media Tools\MediaIconsOverlays.dll 2013-07-03 07:33 . 2013-07-03 07:37 -------d-----wc:\progr am files (x86)\x264 Video Codec 2013-07-03 07:09 . 2013-06-12 03:08 9552976 ----a-wc:\programdata\M icrosoft\Windows Defender\Definition Updates\{2066F420-4FAB-4BDA-918A-BFE4C6B0D9 1D}\mpengine.dll 2013-07-02 13:52 . 2013-07-02 13:57 -------d-----wc:\users \Utente\AppData\Roaming\Nitro PDF 2013-06-29 14:07 . 2013-07-02 13:29 -------d-----wc:\users \Utente\AppData\Roaming\Downloaded Installations 2013-06-29 13:33 . 2013-06-29 13:33 -------d-----wc:\progr amdata\FLEXnet 2013-06-29 13:29 . 2013-06-29 13:41 -------d-----wc:\progr am files (x86)\Common Files\Adobe 2013-06-29 13:12 . 2013-06-29 14:10 -------d-----wc:\users \Utente\AppData\Roaming\Media Player Classic 2013-06-29 13:11 . 2013-06-29 13:11 -------d-----wc:\progr am files\K-Lite Codec Pack x64 2013-06-29 07:32 . 2013-07-03 07:31 -------d-----wc:\users \Utente\AppData\Roaming\vlc 2013-06-28 16:20 . 2013-06-28 16:20 972712 ----a-wc:\windows\syste m32\deployJava1.dll 2013-06-28 16:20 . 2013-06-28 16:20 312232 ----a-wc:\windows\syste m32\javaws.exe 2013-06-28 16:20 . 2013-06-28 16:20 1093032 ----a-wc:\windows\syste m32\npDeployJava1.dll 2013-06-28 16:20 . 2013-06-28 16:20 108968 ----a-wc:\windows\syste m32\WindowsAccessBridge-64.dll 2013-06-28 16:20 . 2013-06-28 16:20 189352 ----a-wc:\windows\syste m32\javaw.exe 2013-06-28 16:20 . 2013-06-28 16:20 188840 ----a-wc:\windows\syste m32\java.exe 2013-06-28 16:20 . 2013-06-28 16:20 -------d-----wc:\progr am files\Java 2013-06-27 07:01 . 2013-06-27 07:05 -------d-----wc:\users \Utente\AppData\Roaming\eM Client for SoftMaker 2013-06-27 06:56 . 2013-06-27 06:59 -------d-----wc:\users
\Utente\AppData\Roaming\SoftMaker 2013-06-27 06:56 . 2013-06-27 06:57 -------d-----wc:\progr am files (x86)\SoftMaker Office Professional 2012 2013-06-26 14:19 . 2013-06-26 14:19 -------d-----wc:\users \Utente\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant 2013-06-26 14:19 . 2013-06-26 14:19 -------d-----wc:\progr am files (x86)\Adobe Download Assistant 2013-06-26 14:19 . 2013-06-27 07:33 -------d-----wc:\progr am files (x86)\Common Files\Adobe AIR 2013-06-26 09:53 . 2013-06-26 15:30 -------d-----wc:\progr am files (x86)\Mozilla Thunderbird 2013-06-24 07:14 . 2013-06-25 06:19 -------d-----wc:\progr am files (x86)\MisuraInternetSpeedTest 2013-06-21 08:22 . 2013-06-25 06:18 -------d-----wc:\users \Utente\AppData\Local\CouponDropDown Plugin 2013-06-21 08:22 . 2013-06-25 06:18 -------d-----wc:\progr am files (x86)\CouponDropDown Plugin 2013-06-21 08:21 . 2013-06-21 08:37 -------d-----wc:\progr am files (x86)\uTorrent Ultra Accelerator 2013-06-21 07:07 . 2013-06-26 06:57 -------d-----wc:\progr am files\WinRAR 2013-06-18 06:45 . 2009-09-04 15:29 235344 ----a-wc:\windows\SysWo w64\d3dx11_42.dll 2013-06-18 06:40 . 2008-03-05 13:56 1420824 ----a-wc:\windows\SysWo w64\D3DCompiler_37.dll 2013-06-18 06:40 . 2008-02-05 21:07 462864 ----a-wc:\windows\SysWo w64\d3dx10_37.dll 2013-06-18 06:40 . 2008-03-05 13:56 4910088 ----a-wc:\windows\syste m32\D3DX9_37.dll 2013-06-18 06:40 . 2008-03-05 13:56 3786760 ----a-wc:\windows\SysWo w64\D3DX9_37.dll 2013-06-18 06:40 . 2007-10-22 01:40 411656 ----a-wc:\windows\syste m32\xactengine2_10.dll 2013-06-18 06:40 . 2007-10-22 01:39 267272 ----a-wc:\windows\SysWo w64\xactengine2_10.dll 2013-06-18 06:40 . 2007-10-12 13:14 2006552 ----a-wc:\windows\syste m32\D3DCompiler_36.dll 2013-06-18 06:40 . 2007-10-02 07:56 508264 ----a-wc:\windows\syste m32\d3dx10_36.dll 2013-06-18 06:40 . 2007-10-22 01:37 17928 ----a-wc:\windows\SysWo w64\X3DAudio1_2.dll 2013-06-18 06:40 . 2007-10-22 01:37 21000 ----a-wc:\windows\syste m32\X3DAudio1_2.dll 2013-06-17 13:19 . 2005-07-22 17:59 3807440 ----a-wc:\windows\syste m32\d3dx9_27.dll 2013-06-17 13:19 . 2005-05-26 13:34 3767504 ----a-wc:\windows\syste m32\d3dx9_26.dll 2013-06-17 13:19 . 2005-05-26 13:34 2297552 ----a-wc:\windows\SysWo w64\d3dx9_26.dll 2013-06-17 13:19 . 2005-03-18 15:19 3823312 ----a-wc:\windows\syste m32\d3dx9_25.dll 2013-06-17 13:19 . 2005-02-05 17:45 3544272 ----a-wc:\windows\syste m32\d3dx9_24.dll 2013-06-17 09:13 . 2013-06-17 09:13 -------d-----wc:\users \Utente\AppData\Roaming\IsolatedStorage 2013-06-17 09:13 . 2013-06-17 09:13 -------d-----wc:\progr amdata\IsolatedStorage 2013-06-17 09:13 . 2013-06-17 09:13 -------d-----wc:\users \Utente\AppData\Local\ _ 2013-06-17 09:12 . 2013-06-17 12:33 -------d-----wc:\progr
am files\FileViewPro 2013-06-17 08:13 . 2013-06-18 08:27 -------d-----wc:\users \Utente\AppData\Roaming\Rovio 2013-06-14 08:20 . 2013-06-14 08:27 -------d-----wc:\progr am files (x86)\PSPaudioware 2013-06-12 13:36 . 2013-06-12 13:36 -------d-----wc:\users \Utente\.MakeMKV 2013-06-12 13:36 . 2013-06-14 08:28 -------d-----wc:\progr am files (x86)\MakeMKV 2013-06-12 06:31 . 2013-06-08 12:28 2706432 ----a-wc:\windows\syste m32\mshtml.tlb 2013-06-12 06:28 . 2013-05-08 06:39 1910632 ----a-wc:\windows\syste m32\drivers\tcpip.sys 2013-06-10 14:21 . 2013-06-10 14:21 -------d-----wc:\progr am files (x86)\Shark007 2013-06-10 14:19 . 2013-06-29 12:54 -------d-----wc:\progr amdata\Advanced 2013-06-10 14:11 . 2013-06-10 14:23 -------d-----wc:\users \Utente\AppData\Roaming\Shark007 2013-06-10 14:11 . 2013-06-10 14:23 -------d-----wc:\progr amdata\Shark007 2013-06-10 14:11 . 2013-03-17 08:22 3554304 ----a-wc:\windows\syste m32\x264vfw.dll 2013-06-10 14:11 . 2012-07-21 10:55 180736 ----a-wc:\windows\syste m32\ac3acm.acm 2013-06-10 14:11 . 2012-07-21 10:54 361472 ----a-wc:\windows\syste m32\aacacm.acm 2013-06-10 14:11 . 2011-12-07 18:37 148992 ----a-wc:\windows\syste m32\lagarith.dll 2013-06-10 14:11 . 2013-04-05 19:27 2231296 ----a-wc:\windows\syste m32\ac3filter.acm 2013-06-10 14:11 . 2012-07-17 13:21 206336 ----a-wc:\windows\syste m32\unrar64.dll 2013-06-10 14:11 . 2013-06-21 18:00 127488 ----a-wc:\windows\syste m32\ff_vfw.dll 2013-06-10 14:11 . 2013-06-10 14:23 -------d-----wc:\progr am files\Shark007 2013-06-10 14:11 . 2013-05-31 09:00 1922048 ----a-wc:\windows\syste m32\VSFilter.dll 2013-06-10 14:11 . 2009-01-22 20:51 124909 ----a-wc:\windows\syste m32\pthreadGC2.dll 2013-06-09 09:41 . 2013-06-09 09:41 -------d-----wc:\users \Utente\AppData\Roaming\Malwarebytes 2013-06-09 09:41 . 2013-06-09 09:41 -------d-----wc:\progr amdata\Malwarebytes 2013-06-09 09:41 . 2013-06-09 09:41 -------d-----wc:\progr am files (x86)\Malwarebytes' Anti-Malware 2013-06-09 09:41 . 2013-04-04 12:50 25928 ----a-wc:\windows\syste m32\drivers\mbam.sys 2013-06-08 16:29 . 2013-06-08 17:11 -------d-----wc:\progr amdata\Tarma Installer 2013-06-08 16:29 . 2013-06-08 16:33 -------d-----wc:\progr am files (x86)\YourFileDownloader 2013-06-08 16:29 . 2013-06-08 16:29 -------d-----wc:\users \Utente\AppData\Roaming\YourFileDownloader 2013-06-08 07:45 . 2013-06-08 16:41 -------d-----wc:\progr am files (x86)\7 Quick Fix 2013-06-05 08:02 . 2013-06-05 08:02 -------d-----wc:\users \Utente\AppData\Roaming\TuneUp Software 2013-06-05 08:02 . 2013-06-05 09:30 -------d-----wc:\progr
amdata\TuneUp Software 2013-06-05 08:01 . 2013-06-05 08:13 -------d-sh--wc:\progr amdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))) )))))))))))))))))))))))))))))) . 2013-07-01 08:08 . 2013-05-09 16:23 867240 ----a-wc:\windows\SysWo w64\npDeployJava1.dll 2013-07-01 08:08 . 2013-05-09 16:23 789416 ----a-wc:\windows\SysWo w64\deployJava1.dll 2013-06-27 20:51 . 2013-05-12 06:12 189936 ----a-wc:\windows\syste m32\drivers\aswVmm.sys 2013-06-27 20:51 . 2013-05-12 06:12 378944 ----a-wc:\windows\syste m32\drivers\aswSP.sys 2013-06-27 20:51 . 2013-05-12 06:12 1030952 ----a-wc:\windows\syste m32\drivers\aswSnx.sys 2013-06-19 07:04 . 2013-05-10 16:02 71048 ----a-wc:\windows\SysWo w64\FlashPlayerCPLApp.cpl 2013-06-19 07:04 . 2013-05-10 16:02 692104 ----a-wc:\windows\SysWo w64\FlashPlayerApp.exe 2013-06-12 06:36 . 2013-05-09 15:48 75825640 ----a-wc:\windo ws\system32\MRT.exe 2013-05-16 12:59 . 2013-05-16 12:59 367200 ----a-wc:\windows\syste m32\drivers\afcdp.sys 2013-05-16 12:59 . 2013-05-16 12:59 1340040 ----a-wc:\windows\syste m32\drivers\tdrpman.sys 2013-05-16 12:59 . 2013-05-16 12:59 1093256 ----a-wc:\windows\syste m32\drivers\tib_mounter.sys 2013-05-16 12:59 . 2013-05-16 12:59 228488 ----a-wc:\windows\syste m32\drivers\vididr.sys 2013-05-16 12:59 . 2013-05-16 12:59 166024 ----a-wc:\windows\syste m32\drivers\vidsflt.sys 2013-05-16 12:59 . 2013-05-16 12:59 340104 ----a-wc:\windows\syste m32\drivers\snapman.sys 2013-05-16 12:59 . 2013-05-16 12:59 155272 ----a-wc:\windows\syste m32\drivers\fltsrv.sys 2013-05-16 07:57 . 2013-05-16 07:57 82816 ----a-wc:\users\Utente\ AppData\Roaming\pcouffin.sys 2013-05-12 06:37 . 2013-05-12 06:38 1187697 ----a-wc:\windows\unins 000.exe 2013-05-09 15:27 . 2013-05-09 15:27 97280 ----a-wc:\windows\syste m32\mshtmled.dll 2013-05-09 15:27 . 2013-05-09 15:27 92160 ----a-wc:\windows\syste m32\SetIEInstalledDate.exe 2013-05-09 15:27 . 2013-05-09 15:27 905728 ----a-wc:\windows\syste m32\mshtmlmedia.dll 2013-05-09 15:27 . 2013-05-09 15:27 81408 ----a-wc:\windows\syste m32\icardie.dll 2013-05-09 15:27 . 2013-05-09 15:27 77312 ----a-wc:\windows\syste m32\tdc.ocx 2013-05-09 15:27 . 2013-05-09 15:27 762368 ----a-wc:\windows\syste m32\ieapfltr.dll 2013-05-09 15:27 . 2013-05-09 15:27 73728 ----a-wc:\windows\SysWo w64\SetIEInstalledDate.exe 2013-05-09 15:27 . 2013-05-09 15:27 719360 ----a-wc:\windows\SysWo w64\mshtmlmedia.dll 2013-05-09 15:27 . 2013-05-09 15:27 62976 ----a-wc:\windows\syste
m32\pngfilt.dll 2013-05-09 15:27 . w64\tdc.ocx 2013-05-09 15:27 . m32\vbscript.dll 2013-05-09 15:27 . w64\vbscript.dll 2013-05-09 15:27 . m32\msfeedsbs.dll 2013-05-09 15:27 . m32\imgutil.dll 2013-05-09 15:27 . w64\mshtmler.dll 2013-05-09 15:27 . m32\mshtmler.dll 2013-05-09 15:27 . m32\dxtmsft.dll 2013-05-09 15:27 . m32\html.iec 2013-05-09 15:27 . w64\imgutil.dll 2013-05-09 15:27 . w64\html.iec 2013-05-09 15:27 . m32\dxtrans.dll 2013-05-09 15:27 . m32\licmgr10.dll 2013-05-09 15:27 . m32\iedkcs32.dll 2013-05-09 15:27 . m32\webcheck.dll 2013-05-09 15:27 . m32\url.dll 2013-05-09 15:27 . w64\licmgr10.dll 2013-05-09 15:27 . m32\elshyph.dll 2013-05-09 15:27 . m32\msls31.dll 2013-05-09 15:27 . m32\msrating.dll 2013-05-09 15:27 . w64\elshyph.dll 2013-05-09 15:27 . m32\ieUnatt.exe 2013-05-09 15:27 . m32\iexpress.exe 2013-05-09 15:27 . w64\msls31.dll 2013-05-09 15:27 . m32\inetcpl.cpl 2013-05-09 15:27 . w64\iexpress.exe 2013-05-09 15:27 . m32\occache.dll 2013-05-09 15:27 . m32\wextract.exe 2013-05-09 15:27 . w64\inetcpl.cpl 2013-05-09 15:27 .
2013-05-09 15:27
61952
----a-w-
c:\windows\SysWo
2013-05-09 15:27
599552 ----a-w-
c:\windows\syste
2013-05-09 15:27
523264 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
52224
----a-w-
c:\windows\syste
2013-05-09 15:27
51200
----a-w-
c:\windows\syste
2013-05-09 15:27
48640
----a-w-
c:\windows\SysWo
2013-05-09 15:27
48640
----a-w-
c:\windows\syste
2013-05-09 15:27
452096 ----a-w-
c:\windows\syste
2013-05-09 15:27
441856 ----a-w-
c:\windows\syste
2013-05-09 15:27
38400
----a-w-
c:\windows\SysWo
2013-05-09 15:27
361984 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
281600 ----a-w-
c:\windows\syste
2013-05-09 15:27
27648
----a-w-
c:\windows\syste
2013-05-09 15:27
270848 ----a-w-
c:\windows\syste
2013-05-09 15:27
247296 ----a-w-
c:\windows\syste
2013-05-09 15:27
235008 ----a-w-
c:\windows\syste
2013-05-09 15:27
23040
----a-w-
c:\windows\SysWo
2013-05-09 15:27
226304 ----a-w-
c:\windows\syste
2013-05-09 15:27
216064 ----a-w-
c:\windows\syste
2013-05-09 15:27
197120 ----a-w-
c:\windows\syste
2013-05-09 15:27
185344 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
173568 ----a-w-
c:\windows\syste
2013-05-09 15:27
167424 ----a-w-
c:\windows\syste
2013-05-09 15:27
158720 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
1509376 ----a-w-
c:\windows\syste
2013-05-09 15:27
150528 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
149504 ----a-w-
c:\windows\syste
2013-05-09 15:27
144896 ----a-w-
c:\windows\syste
2013-05-09 15:27
1441280 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
1400416 ----a-w-
c:\windows\syste
m32\ieapfltr.dat 2013-05-09 15:27 . 2013-05-09 15:27 w64\wextract.exe 2013-05-09 15:27 . 2013-05-09 15:27 m32\mshta.exe 2013-05-09 15:27 . 2013-05-09 15:27 w64\ieUnatt.exe 2013-05-09 15:27 . 2013-05-09 15:27 m32\iepeers.dll 2013-05-09 15:27 . 2013-05-09 15:27 m32\IEAdvpack.dll 2013-05-09 15:27 . 2013-05-09 15:27 w64\mshta.exe 2013-05-09 15:27 . 2013-05-09 15:27 m32\msfeedssync.exe 2013-05-09 15:27 . 2013-05-09 15:27 w64\IEAdvpack.dll 2013-05-09 15:27 . 2013-05-09 15:27 m32\MsSpellCheckingFacility.exe 2013-05-09 15:27 . 2013-05-09 15:27 m32\inseng.dll 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswRdr2.sys 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswTdi.sys 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswRvrt.sys 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswFsBlk.sys 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswKbd.sys 2013-05-09 08:59 . 2013-05-12 06:12 m32\drivers\aswMonFlt.sys 2013-05-09 08:58 . 2013-05-12 06:11 SS.scr 2013-05-09 08:58 . 2013-05-09 17:23 m32\aswBoot.exe 2013-05-08 08:00 . 2013-05-08 08:00 w64\RealMediaSplitter.ax 2013-05-08 08:00 . 2013-05-08 08:00 (x86)\Common Files\atimpenc.dll 2013-05-02 00:06 . 2010-11-21 03:27 m32\MpSigStub.exe 2013-04-15 09:50 . 2013-05-18 08:44 m32\drivers\scdemu.sys 2013-04-13 05:49 . 2013-05-16 05:59 tch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 05:59 tch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 05:59 tch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 05:59 tch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 05:59 tch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 05:59 tch\AcGenral.dll 2013-04-12 14:45 . 2013-05-09 14:47 m32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-16 05:59
138752 ----a-w-
c:\windows\SysWo
13824
----a-w-
c:\windows\syste
137216 ----a-w-
c:\windows\SysWo
136192 ----a-w-
c:\windows\syste
135680 ----a-w-
c:\windows\syste
12800
----a-w-
c:\windows\SysWo
12800
----a-w-
c:\windows\syste
110592 ----a-w-
c:\windows\SysWo
1054720 ----a-w-
c:\windows\syste
102912 ----a-w-
c:\windows\syste
72016
----a-w-
c:\windows\syste
64288
----a-w-
c:\windows\syste
65336
----a-w-
c:\windows\syste
33400
----a-w-
c:\windows\syste
22600
----a-w-
c:\windows\syste
80816
----a-w-
c:\windows\syste
41664
----a-w-
c:\windows\avast
287840 ----a-w-
c:\windows\syste
421888 ----a-w-
c:\windows\SysWo
2174976 ----a-w-
c:\program files
278800 ------w-
c:\windows\syste
127384 ----a-w-
c:\windows\syste
135168 ----a-w-
c:\windows\apppa
350208 ----a-w-
c:\windows\apppa
308736 ----a-w-
c:\windows\apppa
111104 ----a-w-
c:\windows\apppa
474624 ----a-w-
c:\windows\apppa
2176512 ----a-w-
c:\windows\apppa
1656680 ----a-w-
c:\windows\syste
265064 ----a-w-
c:\windows\syste
m32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-16 05:59 983400 ----a-wc:\windows\syste m32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-16 06:20 3153920 ----a-wc:\windows\syste m32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))) ))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe" [2010-02-10 98304] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMount er\TibMounterMonitor.exe" [2012-07-24 942376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch ed.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch ed.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c :\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft .NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mba mservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [ x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c: \program files (x86)\Skype\Updater\Updater.exe [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\ program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x] R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNAT IVE\DRIVERS\PFC027.SYS [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri vers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI VE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD .sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\ WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.s ys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c :\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows \SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c :\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\A cronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv .exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a tiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSN ATIVE\drivers\aswMonFlt.sys [x] S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvan y.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware \mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamschedul er.exe [x] S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files \Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\wind ows\SysWOW64\NLSSRV32.EXE [x] S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\S YSNATIVE\DRIVERS\PDFsFilter.sys [x] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\A cronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\Sy ncAgent\syncagentsrv.exe [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVER S\afcdp.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\wind ows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\S YSNATIVE\drivers\mbam.sys [x] . . --- Altri Servizi/Drivers In Memoria --. *NewlyCreated* - WS2IFSL . . --------- X64 Entries ----------. . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-wc:\program files\AVAST Software\ Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\AcronisSyncError] @="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}] 2012-09-24 21:56 2736240 ----a-wc:\program files (x86)\Acronis\T rueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\AcronisSyncInProgress] @="{00F848DC-B1D4-4892-9C25-CAADC86A215D}" [HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}] 2012-09-24 21:56 2736240 ----a-wc:\program files (x86)\Acronis\T rueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon overlayidentifiers\AcronisSyncOk] @="{71573297-552E-46fc-BE3D-3DFAF88D47B7}" [HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}] 2012-09-24 21:56 2736240 ----a-wc:\program files (x86)\Acronis\T rueImageHome\tishell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 654811 2] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedu le2\schedhlp.exe" [2012-09-24 404144] . ------- Scansione supplementare ------. uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105 TCP: Interfaces\{FEAF0D2E-4556-4C67-806B-89C64F6A0A86}: NameServer = 8.8.8.8,8.8 .4.4 FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2 ybq4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/ FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: 2013-05-09 19:33;
[email protected]; c:\program files\AVAST Software\Av ast\WebRep\FF FF - ExtSQL: 2013-05-10 16:45; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{B17 C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi FF - ExtSQL: 2013-05-10 16:50; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{66E 978CD-981F-47DF-AC42-E3CF417C1467}.xpi FF - ExtSQL: 2013-05-11 15:55;
[email protected]; c:\users\Utente\AppData\ Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\alldebrid@alldebrid .com.xpi FF - ExtSQL: 2013-05-13 15:24;
[email protected]; c:\users\Utente\AppData\Roaming \Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\
[email protected] FF - ExtSQL: 2013-05-14 12:25;
[email protected]; c:\users\Utente\AppData\Roaming\M ozilla\Firefox\Profiles\s4g2ybq4.default\extensions\
[email protected] FF - ExtSQL: 2013-05-24 16:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{d10 d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2013-05-24 16:51; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{a0d 7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-06-12 15:45; jid1-MA2AfbgHyjJd9g@jetpack; c:\users\Utente\AppD ata\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\jid1-MA2AfbgHyj
[email protected] FF - ExtSQL: 2013-06-22 09:53; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{DDC 359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2013-06-25 12:03;
[email protected]; c:\users\Utente\AppData\Roam ing\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\
[email protected] FF - ExtSQL: 2013-06-26 10:47; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\ Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{053 8E3E3-7E9B-4d49-8831-A227C80A7AD3} . - - - - CHIAVI ORFANE RIMOSSE - - - . ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file) . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66 }] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700 _224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66 }\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66 }\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66 }\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C 9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C 9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C 9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700 _224_ActiveX.exe,-101" .
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID] @="FlashFactory.FlashFactory.1" .
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B 0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B 0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B 0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione -----------------------. c:\program files\AVAST Software\Avast\AvastSvc.exe c:\windows\SysWOW64\srvany.exe c:\windows\KMService.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe . ************************************************************************** . Ora fine scansione: 2013-07-03 18:04:34 - Il pc รจ stato riavviato ComboFix-quarantined-files.txt 2013-07-03 16:04 . Pre-Run: 43.900.211.200 byte disponibili Post-Run: 46.786.203.648 byte disponibili . - - End Of File - - 69DC7692C6E859F1E3495D6DE361FB99 A36C5E4F47E84449FF07ED3517B43A31
