Combo Fix

ComboFix 13-07-03.01 - Utente 03/07/2013 17:52:41.1.
1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3838.2212 [GMT 2:0
0]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 192 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))
))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Roaming\inst.exe
D:\install.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-06-03 al 2013-07-03 ))))))))))
)))))))))))))))))))))))))
.
.
2013-07-03 07:33 . 2013-07-03 07:33
225280 ----a-wc:\programdata\M
icrosoft\Media Tools\MediaIconsOverlays.dll
2013-07-03 07:33 . 2013-07-03 07:37
-------d-----wc:\progr
am files (x86)\x264 Video Codec
2013-07-03 07:09 . 2013-06-12 03:08
9552976 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{2066F420-4FAB-4BDA-918A-BFE4C6B0D9
1D}\mpengine.dll
2013-07-02 13:52 . 2013-07-02 13:57
-------d-----wc:\users
\Utente\AppData\Roaming\Nitro PDF
2013-06-29 14:07 . 2013-07-02 13:29
-------d-----wc:\users
\Utente\AppData\Roaming\Downloaded Installations
2013-06-29 13:33 . 2013-06-29 13:33
-------d-----wc:\progr
amdata\FLEXnet
2013-06-29 13:29 . 2013-06-29 13:41
-------d-----wc:\progr
am files (x86)\Common Files\Adobe
2013-06-29 13:12 . 2013-06-29 14:10
-------d-----wc:\users
\Utente\AppData\Roaming\Media Player Classic
2013-06-29 13:11 . 2013-06-29 13:11
-------d-----wc:\progr
am files\K-Lite Codec Pack x64
2013-06-29 07:32 . 2013-07-03 07:31
-------d-----wc:\users
\Utente\AppData\Roaming\vlc
2013-06-28 16:20 . 2013-06-28 16:20
972712 ----a-wc:\windows\syste
m32\deployJava1.dll
2013-06-28 16:20 . 2013-06-28 16:20
m32\javaws.exe
2013-06-28 16:20 . 2013-06-28 16:20
m32\npDeployJava1.dll
2013-06-28 16:20 . 2013-06-28 16:20
m32\WindowsAccessBridge-64.dll
2013-06-28 16:20 . 2013-06-28 16:20
m32\javaw.exe
2013-06-28 16:20 . 2013-06-28 16:20
m32\java.exe
2013-06-28 16:20 . 2013-06-28 16:20
-------d-----wc:\progr
am files\Java
2013-06-27 07:01 . 2013-06-27 07:05
-------d-----wc:\users
\Utente\AppData\Roaming\eM Client for SoftMaker
2013-06-27 06:56 . 2013-06-27 06:59
-------d-----wc:\users
\Utente\AppData\Roaming\SoftMaker
2013-06-27 06:56 . 2013-06-27 06:57
-------d-----wc:\progr
am files (x86)\SoftMaker Office Professional 2012
2013-06-26 14:19 . 2013-06-26 14:19
-------d-----wc:\users
\Utente\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-06-26 14:19 . 2013-06-26 14:19
-------d-----wc:\progr
am files (x86)\Adobe Download Assistant
2013-06-26 14:19 . 2013-06-27 07:33
-------d-----wc:\progr
am files (x86)\Common Files\Adobe AIR
2013-06-26 09:53 . 2013-06-26 15:30
-------d-----wc:\progr
am files (x86)\Mozilla Thunderbird
2013-06-24 07:14 . 2013-06-25 06:19
-------d-----wc:\progr
am files (x86)\MisuraInternetSpeedTest
2013-06-21 08:22 . 2013-06-25 06:18
-------d-----wc:\users
\Utente\AppData\Local\CouponDropDown Plugin
2013-06-21 08:22 . 2013-06-25 06:18
-------d-----wc:\progr
am files (x86)\CouponDropDown Plugin
2013-06-21 08:21 . 2013-06-21 08:37
-------d-----wc:\progr
am files (x86)\uTorrent Ultra Accelerator
2013-06-21 07:07 . 2013-06-26 06:57
-------d-----wc:\progr
am files\WinRAR
2013-06-18 06:45 . 2009-09-04 15:29
235344 ----a-wc:\windows\SysWo
w64\d3dx11_42.dll
2013-06-18 06:40 . 2008-03-05 13:56
w64\D3DCompiler_37.dll
2013-06-18 06:40 . 2008-02-05 21:07
w64\d3dx10_37.dll
2013-06-18 06:40 . 2008-03-05 13:56
m32\D3DX9_37.dll
2013-06-18 06:40 . 2008-03-05 13:56
w64\D3DX9_37.dll
2013-06-18 06:40 . 2007-10-22 01:40
m32\xactengine2_10.dll
2013-06-18 06:40 . 2007-10-22 01:39
w64\xactengine2_10.dll
2013-06-18 06:40 . 2007-10-12 13:14
m32\D3DCompiler_36.dll
2013-06-18 06:40 . 2007-10-02 07:56
m32\d3dx10_36.dll
2013-06-18 06:40 . 2007-10-22 01:37
w64\X3DAudio1_2.dll
2013-06-18 06:40 . 2007-10-22 01:37
m32\X3DAudio1_2.dll
2013-06-17 13:19 . 2005-07-22 17:59
m32\d3dx9_27.dll
2013-06-17 13:19 . 2005-05-26 13:34
m32\d3dx9_26.dll
2013-06-17 13:19 . 2005-05-26 13:34
w64\d3dx9_26.dll
2013-06-17 13:19 . 2005-03-18 15:19
m32\d3dx9_25.dll
2013-06-17 13:19 . 2005-02-05 17:45
m32\d3dx9_24.dll
2013-06-17 09:13 . 2013-06-17 09:13
-------d-----wc:\users
\Utente\AppData\Roaming\IsolatedStorage
2013-06-17 09:13 . 2013-06-17 09:13
-------d-----wc:\progr
amdata\IsolatedStorage
2013-06-17 09:13 . 2013-06-17 09:13
-------d-----wc:\users
\Utente\AppData\Local\ _
2013-06-17 09:12 . 2013-06-17 12:33
-------d-----wc:\progr
am files\FileViewPro
2013-06-17 08:13 . 2013-06-18 08:27
-------d-----wc:\users
\Utente\AppData\Roaming\Rovio
2013-06-14 08:20 . 2013-06-14 08:27
-------d-----wc:\progr
am files (x86)\PSPaudioware
2013-06-12 13:36 . 2013-06-12 13:36
-------d-----wc:\users
\Utente\.MakeMKV
2013-06-12 13:36 . 2013-06-14 08:28
-------d-----wc:\progr
am files (x86)\MakeMKV
2013-06-12 06:31 . 2013-06-08 12:28
m32\mshtml.tlb
2013-06-12 06:28 . 2013-05-08 06:39
m32\drivers\tcpip.sys
2013-06-10 14:21 . 2013-06-10 14:21
-------d-----wc:\progr
am files (x86)\Shark007
2013-06-10 14:19 . 2013-06-29 12:54
-------d-----wc:\progr
amdata\Advanced
2013-06-10 14:11 . 2013-06-10 14:23
-------d-----wc:\users
\Utente\AppData\Roaming\Shark007
2013-06-10 14:11 . 2013-06-10 14:23
-------d-----wc:\progr
amdata\Shark007
2013-06-10 14:11 . 2013-03-17 08:22
m32\x264vfw.dll
2013-06-10 14:11 . 2012-07-21 10:55
m32\ac3acm.acm
2013-06-10 14:11 . 2012-07-21 10:54
m32\aacacm.acm
2013-06-10 14:11 . 2011-12-07 18:37
m32\lagarith.dll
2013-06-10 14:11 . 2013-04-05 19:27
m32\ac3filter.acm
2013-06-10 14:11 . 2012-07-17 13:21
m32\unrar64.dll
2013-06-10 14:11 . 2013-06-21 18:00
m32\ff_vfw.dll
2013-06-10 14:11 . 2013-06-10 14:23
-------d-----wc:\progr
am files\Shark007
2013-06-10 14:11 . 2013-05-31 09:00
m32\VSFilter.dll
2013-06-10 14:11 . 2009-01-22 20:51
m32\pthreadGC2.dll
2013-06-09 09:41 . 2013-06-09 09:41
-------d-----wc:\users
\Utente\AppData\Roaming\Malwarebytes
2013-06-09 09:41 . 2013-06-09 09:41
-------d-----wc:\progr
amdata\Malwarebytes
2013-06-09 09:41 . 2013-06-09 09:41
-------d-----wc:\progr
am files (x86)\Malwarebytes' Anti-Malware
2013-06-09 09:41 . 2013-04-04 12:50
m32\drivers\mbam.sys
2013-06-08 16:29 . 2013-06-08 17:11
-------d-----wc:\progr
amdata\Tarma Installer
2013-06-08 16:29 . 2013-06-08 16:33
-------d-----wc:\progr
am files (x86)\YourFileDownloader
2013-06-08 16:29 . 2013-06-08 16:29
-------d-----wc:\users
\Utente\AppData\Roaming\YourFileDownloader
2013-06-08 07:45 . 2013-06-08 16:41
-------d-----wc:\progr
am files (x86)\7 Quick Fix
2013-06-05 08:02 . 2013-06-05 08:02
-------d-----wc:\users
\Utente\AppData\Roaming\TuneUp Software
2013-06-05 08:02 . 2013-06-05 09:30
-------d-----wc:\progr
amdata\TuneUp Software
2013-06-05 08:01 . 2013-06-05 08:13
-------d-sh--wc:\progr
amdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
))))))))))))))))))))))))))))))
.
2013-07-01 08:08 . 2013-05-09 16:23
w64\npDeployJava1.dll
2013-07-01 08:08 . 2013-05-09 16:23
w64\deployJava1.dll
2013-06-27 20:51 . 2013-05-12 06:12
m32\drivers\aswVmm.sys
2013-06-27 20:51 . 2013-05-12 06:12
m32\drivers\aswSP.sys
2013-06-27 20:51 . 2013-05-12 06:12
m32\drivers\aswSnx.sys
2013-06-19 07:04 . 2013-05-10 16:02
w64\FlashPlayerCPLApp.cpl
2013-06-19 07:04 . 2013-05-10 16:02
w64\FlashPlayerApp.exe
2013-06-12 06:36 . 2013-05-09 15:48
75825640
----a-wc:\windo
ws\system32\MRT.exe
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\afcdp.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\tdrpman.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\tib_mounter.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\vididr.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\vidsflt.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\snapman.sys
2013-05-16 12:59 . 2013-05-16 12:59
m32\drivers\fltsrv.sys
2013-05-16 07:57 . 2013-05-16 07:57
82816 ----a-wc:\users\Utente\
AppData\Roaming\pcouffin.sys
2013-05-12 06:37 . 2013-05-12 06:38
1187697 ----a-wc:\windows\unins
000.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\mshtmled.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\SetIEInstalledDate.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\mshtmlmedia.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\icardie.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\tdc.ocx
2013-05-09 15:27 . 2013-05-09 15:27
m32\ieapfltr.dll
2013-05-09 15:27 . 2013-05-09 15:27
w64\SetIEInstalledDate.exe
2013-05-09 15:27 . 2013-05-09 15:27
w64\mshtmlmedia.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\pngfilt.dll
2013-05-09 15:27 .
w64\tdc.ocx
2013-05-09 15:27 .
m32\vbscript.dll
2013-05-09 15:27 .
w64\vbscript.dll
2013-05-09 15:27 .
m32\msfeedsbs.dll
2013-05-09 15:27 .
m32\imgutil.dll
2013-05-09 15:27 .
w64\mshtmler.dll
2013-05-09 15:27 .
m32\mshtmler.dll
2013-05-09 15:27 .
m32\dxtmsft.dll
2013-05-09 15:27 .
m32\html.iec
2013-05-09 15:27 .
w64\imgutil.dll
2013-05-09 15:27 .
w64\html.iec
2013-05-09 15:27 .
m32\dxtrans.dll
2013-05-09 15:27 .
m32\licmgr10.dll
2013-05-09 15:27 .
m32\iedkcs32.dll
2013-05-09 15:27 .
m32\webcheck.dll
2013-05-09 15:27 .
m32\url.dll
2013-05-09 15:27 .
w64\licmgr10.dll
2013-05-09 15:27 .
m32\elshyph.dll
2013-05-09 15:27 .
m32\msls31.dll
2013-05-09 15:27 .
m32\msrating.dll
2013-05-09 15:27 .
w64\elshyph.dll
2013-05-09 15:27 .
m32\ieUnatt.exe
2013-05-09 15:27 .
m32\iexpress.exe
2013-05-09 15:27 .
w64\msls31.dll
2013-05-09 15:27 .
m32\inetcpl.cpl
2013-05-09 15:27 .
w64\iexpress.exe
2013-05-09 15:27 .
m32\occache.dll
2013-05-09 15:27 .
m32\wextract.exe
2013-05-09 15:27 .
w64\inetcpl.cpl
2013-05-09 15:27 .
2013-05-09 15:27
61952
----a-w-
c:\windows\SysWo
2013-05-09 15:27
599552 ----a-w-
c:\windows\syste
2013-05-09 15:27
523264 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
52224
----a-w-
c:\windows\syste
2013-05-09 15:27
51200
----a-w-
c:\windows\syste
2013-05-09 15:27
48640
----a-w-
c:\windows\SysWo
2013-05-09 15:27
48640
----a-w-
c:\windows\syste
2013-05-09 15:27
452096 ----a-w-
c:\windows\syste
2013-05-09 15:27
441856 ----a-w-
c:\windows\syste
2013-05-09 15:27
38400
----a-w-
c:\windows\SysWo
2013-05-09 15:27
361984 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
281600 ----a-w-
c:\windows\syste
2013-05-09 15:27
27648
----a-w-
c:\windows\syste
2013-05-09 15:27
270848 ----a-w-
c:\windows\syste
2013-05-09 15:27
247296 ----a-w-
c:\windows\syste
2013-05-09 15:27
235008 ----a-w-
c:\windows\syste
2013-05-09 15:27
23040
----a-w-
c:\windows\SysWo
2013-05-09 15:27
226304 ----a-w-
c:\windows\syste
2013-05-09 15:27
216064 ----a-w-
c:\windows\syste
2013-05-09 15:27
197120 ----a-w-
c:\windows\syste
2013-05-09 15:27
185344 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
173568 ----a-w-
c:\windows\syste
2013-05-09 15:27
167424 ----a-w-
c:\windows\syste
2013-05-09 15:27
158720 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
1509376 ----a-w-
c:\windows\syste
2013-05-09 15:27
150528 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
149504 ----a-w-
c:\windows\syste
2013-05-09 15:27
144896 ----a-w-
c:\windows\syste
2013-05-09 15:27
1441280 ----a-w-
c:\windows\SysWo
2013-05-09 15:27
1400416 ----a-w-
c:\windows\syste
m32\ieapfltr.dat
2013-05-09 15:27 . 2013-05-09 15:27
w64\wextract.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\mshta.exe
2013-05-09 15:27 . 2013-05-09 15:27
w64\ieUnatt.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\iepeers.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\IEAdvpack.dll
2013-05-09 15:27 . 2013-05-09 15:27
w64\mshta.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\msfeedssync.exe
2013-05-09 15:27 . 2013-05-09 15:27
w64\IEAdvpack.dll
2013-05-09 15:27 . 2013-05-09 15:27
m32\MsSpellCheckingFacility.exe
2013-05-09 15:27 . 2013-05-09 15:27
m32\inseng.dll
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswKbd.sys
2013-05-09 08:59 . 2013-05-12 06:12
m32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-05-12 06:11
SS.scr
2013-05-09 08:58 . 2013-05-09 17:23
m32\aswBoot.exe
2013-05-08 08:00 . 2013-05-08 08:00
w64\RealMediaSplitter.ax
2013-05-08 08:00 . 2013-05-08 08:00
(x86)\Common Files\atimpenc.dll
2013-05-02 00:06 . 2010-11-21 03:27
m32\MpSigStub.exe
2013-04-15 09:50 . 2013-05-18 08:44
m32\drivers\scdemu.sys
2013-04-13 05:49 . 2013-05-16 05:59
tch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 05:59
tch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 05:59
tch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 05:59
tch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 05:59
tch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:59
tch\AcGenral.dll
2013-04-12 14:45 . 2013-05-09 14:47
m32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 05:59
138752 ----a-w-
c:\windows\SysWo
13824
----a-w-
c:\windows\syste
137216 ----a-w-
c:\windows\SysWo
136192 ----a-w-
c:\windows\syste
135680 ----a-w-
c:\windows\syste
12800
----a-w-
c:\windows\SysWo
12800
----a-w-
c:\windows\syste
110592 ----a-w-
c:\windows\SysWo
1054720 ----a-w-
c:\windows\syste
102912 ----a-w-
c:\windows\syste
72016
----a-w-
c:\windows\syste
64288
----a-w-
c:\windows\syste
65336
----a-w-
c:\windows\syste
33400
----a-w-
c:\windows\syste
22600
----a-w-
c:\windows\syste
80816
----a-w-
c:\windows\syste
41664
----a-w-
c:\windows\avast
287840 ----a-w-
c:\windows\syste
421888 ----a-w-
c:\windows\SysWo
2174976 ----a-w-
c:\program files
278800 ------w-
c:\windows\syste
127384 ----a-w-
c:\windows\syste
135168 ----a-w-
c:\windows\apppa
350208 ----a-w-
c:\windows\apppa
308736 ----a-w-
c:\windows\apppa
111104 ----a-w-
c:\windows\apppa
474624 ----a-w-
c:\windows\apppa
2176512 ----a-w-
c:\windows\apppa
1656680 ----a-w-
c:\windows\syste
265064 ----a-w-
c:\windows\syste
m32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 05:59
m32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 06:20
m32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart
.exe" [2010-02-10 98304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMount
er\TibMounterMonitor.exe" [2012-07-24 942376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute
REG_MULTI_SZ
PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mba
mservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [
x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:
\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\
program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNAT
IVE\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
VE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD
.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\
WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.s

ys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c
:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows
\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c
:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\A
cronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv
.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
tiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSN
ATIVE\drivers\aswMonFlt.sys [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvan
y.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware
\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamschedul
er.exe [x]
S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common
Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files
\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\wind
ows\SysWOW64\NLSSRV32.EXE [x]
S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\S
YSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\A
cronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\Sy
ncAgent\syncagentsrv.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVER
S\afcdp.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\wind
ows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\S
YSNATIVE\drivers\mbam.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria --.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58
133840 ----a-wc:\program files\AVAST Software\
Avast\ashShA64.dll
.
overlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-09-24 21:56
2736240 ----a-wc:\program files (x86)\Acronis\T
rueImageHome\tishell64.dll
.
overlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-09-24 21:56
.
overlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-09-24 21:56
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 654811
2]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedu
le2\schedhlp.exe" [2012-09-24 404144]
.
------- Scansione supplementare ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: Interfaces\{FEAF0D2E-4556-4C67-806B-89C64F6A0A86}: NameServer = 8.8.8.8,8.8
.4.4
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2
ybq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-09 19:33; [email protected]; c:\program files\AVAST Software\Av
ast\WebRep\FF
FF - ExtSQL: 2013-05-10 16:45; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{B17
C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
FF - ExtSQL: 2013-05-10 16:50; {66E978CD-981F-47DF-AC42-E3CF417C1467}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{66E
978CD-981F-47DF-AC42-E3CF417C1467}.xpi
FF - ExtSQL: 2013-05-11 15:55; [email protected]; c:\users\Utente\AppData\
Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\alldebrid@alldebrid
.com.xpi
FF - ExtSQL: 2013-05-13 15:24; [email protected]; c:\users\Utente\AppData\Roaming
\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\[email protected]
FF - ExtSQL: 2013-05-14 12:25; [email protected]; c:\users\Utente\AppData\Roaming\M
ozilla\Firefox\Profiles\s4g2ybq4.default\extensions\[email protected]
FF - ExtSQL: 2013-05-24 16:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{d10
d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-05-24 16:51; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{a0d
7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-06-12 15:45; jid1-MA2AfbgHyjJd9g@jetpack; c:\users\Utente\AppD

ata\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\jid1-MA2AfbgHyj
[email protected]
FF - ExtSQL: 2013-06-22 09:53; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{DDC
359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-06-25 12:03; [email protected]; c:\users\Utente\AppData\Roam
ing\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\[email protected]
FF - ExtSQL: 2013-06-26 10:47; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\
Utente\AppData\Roaming\Mozilla\Firefox\Profiles\s4g2ybq4.default\extensions\{053
8E3E3-7E9B-4d49-8831-A227C80A7AD3}
.
- - - - CHIAVI ORFANE RIMOSSE - - - .
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700
_224_ActiveX.exe,-101"
.
}\Elevation]
"Enabled"=dword:00000001
.
}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
9A66}]
@="IFlashBroker5"
.
9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}]
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700
_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
0C4-0800200C9A66}]
@="IFlashBroker5"
.
0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione -----------------------.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\srvany.exe
c:\windows\KMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
.
**************************************************************************
.
Ora fine scansione: 2013-07-03 18:04:34 - Il pc stato riavviato
ComboFix-quarantined-files.txt 2013-07-03 16:04
.
Pre-Run: 43.900.211.200 byte disponibili
Post-Run: 46.786.203.648 byte disponibili
.
- - End Of File - - 69DC7692C6E859F1E3495D6DE361FB99
A36C5E4F47E84449FF07ED3517B43A31

Combo Fix

Uploaded by

Copyright:

Available Formats

Combo Fix

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 13-07-03.01 - Utente 03/07/2013 17:52:41.1.

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.s

FF - ExtSQL: 2013-06-12 15:45; jid1-MA2AfbgHyjJd9g@jetpack; c:\users\Utente\AppD

You might also like