aiuto lettura log Combofix

Moderatore: Staff forum IlSoftware.it

stefanog23
Messaggi: 1
Iscritto il: 24 mar 2015 09:55

aiuto lettura log Combofix

Messaggioda stefanog23 » 24 mar 2015 10:00

Ciao sono nuovo del forum, avendo avuto dei problemi al PC dopo varie scansioni con antivirus e antimalware come ultima istanza ho usato combofix ma non riesco a comprendere il 100% del report che quindi vi metto qui di seguito
ComboFix 15-03-23.01 - Utente 24/03/2015 8.31.09.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.2047.1225 [GMT 1:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2015-02-24 al 2015-03-24 )))))))))))))))))))))))))))))))))))
.
.
2015-03-24 07:43 . 2015-03-24 07:49 -------- d-----w- c:\users\Utente\AppData\Local\temp
2015-03-24 07:43 . 2015-03-24 07:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-24 07:43 . 2015-03-24 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 17:35 . 2015-03-23 17:35 -------- d-----w- c:\program files\Common Files\Java
2015-03-20 09:26 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018507E3-8B2C-41EC-9EED-55BBF961765D}\mpengine.dll
2015-03-11 07:56 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 07:56 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 07:55 . 2015-02-26 00:18 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 07:45 . 2015-02-20 02:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 07:45 . 2015-02-20 00:28 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 07:45 . 2015-02-26 02:01 3604408 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-11 07:45 . 2015-02-26 02:01 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 07:45 . 2015-01-09 02:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-11 07:45 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-03-11 07:44 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 07:44 . 2015-03-06 04:01 279040 ----a-w- c:\windows\system32\schannel.dll
2015-03-09 11:47 . 2015-03-09 13:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-06 00:50 . 2015-03-06 00:50 -------- d-----w- c:\users\Utente\AppData\Roaming\FRISK Software
2015-02-27 17:40 . 2015-02-27 17:40 -------- d-----w- c:\users\Utente\AppData\Local\Microsoft Corporation
2015-02-27 17:38 . 2015-02-27 17:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin5.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin4.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin3.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin2.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin.dll
2015-02-25 22:24 . 2015-02-25 22:24 -------- d-----w- c:\program files\QuickTime
2015-02-25 22:24 . 2015-02-25 22:24 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 17:32 . 2014-08-12 13:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-17 13:04 . 2012-03-30 19:37 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-17 13:04 . 2011-08-10 19:31 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-11 09:04 . 2014-05-22 08:06 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-10 13:27 . 2012-10-17 14:46 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-10 13:27 . 2012-10-17 14:46 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-24 02:23 . 2009-10-03 00:18 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-01-15 04:13 . 2015-02-11 18:29 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-23 726320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2015-02-12 13:00 127792 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
2010-01-11 15:00 226784 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 21:55 13580832 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 21:55 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 13:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-05-24 21:45 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-03-07 13:53 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-22 12:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-409937280-1073654812-1155546326-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-17 07:34 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 10:04]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:12]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:12]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.216.112.112 212.216.172.62
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\m1dazeqk.default-1346859834644\
FF - prefs.js: browser.startup.homepage - www.google.it
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-CnxDslTaskBar - c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-24 08:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2015-03-24 08:55:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-03-24 07:55
ComboFix2.txt 2013-01-14 22:30
.
Pre-Run: 131.840.856.064 byte disponibili
Post-Run: 131.873.026.048 byte disponibili
.
- - End Of File - - 5FD42AEAC07C96BC3B34BDE592005DEB
5C616939100B85E558DA92B899A0FC36


Grazie a chi vorrà aiutarmi.

leredop
Messaggi: 4
Iscritto il: 02 mar 2017 18:48

Re: aiuto lettura log Combofix

Messaggioda leredop » 02 mar 2017 18:59

stefanog23 ha scritto:Ciao sono nuovo del forum, avendo avuto dei problemi al PC dopo varie scansioni con antivirus e antimalware come ultima istanza ho usato combofix ma non riesco a comprendere il 100% del report che quindi vi metto qui di seguito
ComboFix 15-03-23.01 - Utente 24/03/2015 8.31.09.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.2047.1225 [GMT 1:00]
Eseguito da: c:\users\Utente\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Local\temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2015-02-24 al 2015-03-24 )))))))))))))))))))))))))))))))))))
.
.
2015-03-24 07:43 . 2015-03-24 07:49 -------- d-----w- c:\users\Utente\AppData\Local\temp
2015-03-24 07:43 . 2015-03-24 07:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-03-24 07:43 . 2015-03-24 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-23 17:35 . 2015-03-23 17:35 -------- d-----w- c:\program files\Common Files\Java
2015-03-20 09:26 . 2015-01-29 09:49 9041640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{018507E3-8B2C-41EC-9EED-55BBF961765D}\mpengine.dll
2015-03-11 07:56 . 2015-01-29 01:35 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-11 07:56 . 2015-01-29 01:35 975360 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-03-11 07:55 . 2015-02-26 00:18 2064384 ----a-w- c:\windows\system32\win32k.sys
2015-03-11 07:45 . 2015-02-20 02:03 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-03-11 07:45 . 2015-02-20 00:28 296960 ----a-w- c:\windows\system32\atmfd.dll
2015-03-11 07:45 . 2015-02-26 02:01 3604408 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-11 07:45 . 2015-02-26 02:01 3552184 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-11 07:45 . 2015-01-09 02:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-11 07:45 . 2015-01-09 00:18 64000 ----a-w- c:\windows\system32\smss.exe
2015-03-11 07:44 . 2015-01-21 02:02 807936 ----a-w- c:\windows\system32\msctf.dll
2015-03-11 07:44 . 2015-03-06 04:01 279040 ----a-w- c:\windows\system32\schannel.dll
2015-03-09 11:47 . 2015-03-09 13:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2015-03-06 00:50 . 2015-03-06 00:50 -------- d-----w- c:\users\Utente\AppData\Roaming\FRISK Software
2015-02-27 17:40 . 2015-02-27 17:40 -------- d-----w- c:\users\Utente\AppData\Local\Microsoft Corporation
2015-02-27 17:38 . 2015-02-27 17:38 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin5.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin4.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin3.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin2.dll
2015-02-25 22:24 . 2015-02-25 22:24 159744 ----a-w- c:\program files\Internet Explorer\Plugin\npqtplugin.dll
2015-02-25 22:24 . 2015-02-25 22:24 -------- d-----w- c:\program files\QuickTime
2015-02-25 22:24 . 2015-02-25 22:24 -------- d-----w- c:\programdata\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-23 17:32 . 2014-08-12 13:36 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2015-03-17 13:04 . 2012-03-30 19:37 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-17 13:04 . 2011-08-10 19:31 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-11 09:04 . 2014-05-22 08:06 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-10 13:27 . 2012-10-17 14:46 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-10 13:27 . 2012-10-17 14:46 105864 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-24 02:23 . 2009-10-03 00:18 246920 ------w- c:\windows\system32\MpSigStub.exe
2015-01-15 04:13 . 2015-02-11 18:29 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-03-23 726320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Avira Systray]
2015-02-12 13:00 127792 ----a-w- c:\program files\Avira\My Avira\Avira.OE.Systray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CNAP2 Launcher]
2010-01-11 15:00 226784 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-09-17 21:55 13580832 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-09-17 21:55 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 13:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-05-24 21:45 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2015-03-07 13:53 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-22 12:33 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-409937280-1073654812-1155546326-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-03-17 07:34 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 10:04]
.
2015-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:12]
.
2015-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 18:12]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com" onclick="window.open(this.href);return false;
mStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.216.112.112 212.216.172.62
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\m1dazeqk.default-1346859834644\
FF - prefs.js: browser.startup.homepage - http://www.google.it" onclick="window.open(this.href);return false;
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-CnxDslTaskBar - c:\program files\Conexant\AccessRunner ADSL\CnxDslTb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Rootkit scan 2015-03-24 08:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate spurgo nascosto ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2015-03-24 08:55:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-03-24 07:55
ComboFix2.txt 2013-01-14 22:30
.
Pre-Run: 131.840.856.064 byte disponibili
Post-Run: 131.873.026.048 byte disponibili
.
- - End Of File - - 5FD42AEAC07C96BC3B34BDE592005DEB
5C616939100B85E558DA92B899A0FC36


Grazie a chi vorrà aiutarmi.


Ciao stefanog23,

Io sono di Voghera provincia di Pavia, molto piacere.
ho un problema simile al tuo spero che troveremo qualcuno che ci aiuta! :adoro: :adoro: