shapiro ha scritto:non ci sono state eliminazioni perche' combofix non era sul desktop
Eseguito da: c:\users\Daniela\Downloads\ComboFix.exesposta combofix dalla cartella Downloads e mettilo sul desktop poi riesegui la procedura che ti ho indicato
Commenta:Si tratta di Kingsoft Antivirus 2012, dagli stessi sviluppatori dell'ottimo Kingsoft Pc Doctor, un programma antimalware in grado di rilevare e pulire virus, trojan e malware dal computer.
Quello che rende speciale questo prodotto è che può essere installato e funzionare anche insieme un altro software antivirus.
se e' un antivirus (che io non conosco) ho i miei dubbi che possano convivere felicemente
shapiro scusa il ritardo ma sto cercando di cambiare l' operatore e mi trovo senza connessione adsl.
ho eseguito tutto quello che mi hai detto ma con un piccolo errore, cioè, avevo spostato inviando sul desktop il file di combofix ma non era exe, praticamente ho creato il collegamento. Ho fatto la scansione e non ha dato nulla.
Poi, allora ho copiato proprio combofix.exe e ho trascinato il file e così è partita la scansione, si è ravviato ed ecco il log, spero solo di non aver creato qualche problema con il primo tentativo...
ComboFix 12-08-31.08 - Daniela 10/09/2012 22:10:30.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6126.4309 [GMT 2:00]
Eseguito da: c:\users\Daniela\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Daniela\Desktop\CFScript.txt
AV: Kingsoft Antivirus System Defense *Enabled/Updated* {B6A51389-A795-5AC9-13BA-F569D73F3FE8}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Kingsoft Antivirus System Defense *Enabled/Updated* {0DC4F26D-81AF-5547-290A-CE1BACB87555}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Daniela\AppData\Local\PosService\Pos.exe"
"c:\users\Daniela\AppData\Local\ServUpdater\ServiceUpd.exe"
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\users\Daniela\AppData\Local\PosService\7z.dll
c:\users\Daniela\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Daniela\AppData\Local\PosService\Pos.exe
c:\users\Daniela\AppData\Local\PosService\Pos.InstallLog
c:\users\Daniela\AppData\Local\PosService\Pos.InstallState
c:\users\Daniela\AppData\Local\PosService\settings.ini
c:\users\Daniela\AppData\Local\PosService\settings\settings.ini
c:\users\Daniela\AppData\Local\ServUpdater\7z.dll
c:\users\Daniela\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Daniela\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Daniela\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Daniela\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Daniela\AppData\Local\ServUpdater\settings.ini
c:\users\Daniela\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_kxescore
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_kxescore
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-10 al 2012-09-10 )))))))))))))))))))))))))))))))))))
.
.
2012-09-10 20:19 . 2012-09-10 20:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-10 12:59 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE815C70-79B3-4E51-A663-35B59127DD7D}\mpengine.dll
2012-09-09 17:27 . 2012-09-09 17:27 -------- d-----w- c:\users\Daniela\AppData\Roaming\dvdcss
2012-09-09 07:57 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 20:22 . 2012-09-02 20:22 -------- d-----w- c:\users\Daniela\AppData\Local\Macromedia
2012-09-02 20:10 . 2012-09-02 20:10 -------- d-----w- c:\users\Daniela\AppData\Local\Mozilla
2012-09-02 20:10 . 2012-09-10 12:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-30 22:09 . 2012-08-30 22:09 -------- d-----w- c:\programdata\VirtualizedApplications
2012-08-30 13:25 . 2012-08-30 13:25 -------- d-----w- c:\users\Daniela\Tracing
2012-08-30 13:23 . 2012-08-30 13:23 388096 ----a-r- c:\users\Daniela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-30 13:23 . 2012-08-30 13:23 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-29 22:43 . 2012-08-29 22:43 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-08-29 13:31 . 2012-08-29 16:55 -------- d-----w- c:\users\Daniela\AppData\Roaming\SoftGrid Client
2012-08-29 13:31 . 2012-08-29 13:31 -------- d-----w- c:\users\Daniela\AppData\Local\SoftGrid Client
2012-08-29 13:30 . 2012-08-29 13:30 -------- d-----w- c:\program files\Microsoft Office
2012-08-29 13:30 . 2012-08-29 22:49 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-08-29 13:29 . 2012-08-29 13:31 -------- d-----w- c:\users\Daniela\AppData\Roaming\TP
2012-08-16 12:38 . 2012-08-20 13:17 -------- d-----w- c:\users\Daniela\AppData\Roaming\Media Player Classic
2012-08-15 18:14 . 2012-08-15 18:14 -------- d-----w- c:\program files (x86)\Scand LLC
2012-08-15 11:26 . 2012-06-29 05:02 754784 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-08-15 08:57 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 08:57 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 08:57 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 08:57 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 08:57 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 08:57 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 08:57 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 08:57 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 08:57 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 08:57 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 08:57 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:57 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 20:18 . 2012-05-29 17:13 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-02 20:18 . 2012-05-29 17:13 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-22 14:05 . 2012-08-07 21:07 210296 ----a-w- c:\windows\system32\drivers\kisknl.sys
2012-08-15 11:25 . 2012-06-09 22:23 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-07 21:07 . 2012-08-07 21:07 82264 ----a-w- c:\windows\system32\drivers\ksapi.sys
2012-08-07 21:07 . 2012-08-07 21:07 31848 ----a-w- c:\windows\system32\drivers\kavbootc64.sys
2012-08-07 21:07 . 2012-08-07 21:07 27240 ----a-w- c:\windows\system32\drivers\kavbootc.sys
2012-08-07 21:07 . 2012-08-07 21:07 24472 ----a-w- c:\windows\system32\drivers\bc.sys
2012-08-07 21:07 . 2012-08-07 21:07 208216 ----a-w- c:\windows\system32\drivers\kisknl64.sys
2012-08-07 21:07 . 2012-08-07 21:07 19352 ----a-w- c:\windows\system32\drivers\ksskrpr.sys
2012-08-07 21:07 . 2012-08-07 21:07 164696 ----a-w- c:\windows\system32\drivers\kdhacker64.sys
2012-08-07 21:07 . 2012-08-07 21:07 125784 ----a-w- c:\windows\system32\drivers\kdhacker.sys
2012-07-03 11:46 . 2012-07-02 15:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\KRECYCLE ----
.
2012-08-30 11:21 . 2012-08-30 11:21 13727560 ----a-w- c:\krecycle\00018904.KVQ
2012-08-30 11:21 . 2012-08-30 11:21 7265041 ----a-w- c:\krecycle\00018903.KVQ
2012-08-30 11:21 . 2012-08-30 11:21 5353763 ----a-w- c:\krecycle\00018902.KVQ
.
---- Directory of c:\users\Daniela\AppData\Roaming\TP ----
.
.
.
(((((((((((((((((((((((((((((
SnapShot@2012-09-01_14.13.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-10 20:05 57600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-10 20:05 34630 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-16 11:18 . 2012-09-10 20:05 10954 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-796488358-3358784476-2599317056-1000_UserData.bin
- 2012-05-16 11:05 . 2012-08-31 16:48 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-16 11:05 . 2012-09-08 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-16 11:05 . 2012-09-08 20:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-16 11:05 . 2012-08-31 16:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-31 16:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-08 20:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-08 18:29 . 2012-09-08 18:29 9560 c:\windows\system32\NetworkList\Icons\{2CC93A1E-605B-429A-9ABC-719E60253F16}_48.bin
+ 2012-09-08 18:29 . 2012-09-08 18:29 4280 c:\windows\system32\NetworkList\Icons\{2CC93A1E-605B-429A-9ABC-719E60253F16}_32.bin
+ 2012-09-08 18:29 . 2012-09-08 18:29 2456 c:\windows\system32\NetworkList\Icons\{2CC93A1E-605B-429A-9ABC-719E60253F16}_24.bin
- 2012-09-01 14:12 . 2012-09-01 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-10 20:21 . 2012-09-10 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-01 14:12 . 2012-09-01 14:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-10 20:21 . 2012-09-10 20:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 20:18 . 2012-09-02 20:18 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-05-29 17:13 . 2012-09-02 20:18 250568 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-05-16 12:11 . 2012-09-09 09:27 267348 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-02-11 08:40 . 2012-09-09 15:53 701114 c:\windows\system32\perfh010.dat
- 2011-02-11 08:40 . 2012-08-29 22:49 701114 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-08-29 22:49 618552 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-09 15:53 618552 c:\windows\system32\perfh009.dat
- 2011-02-11 08:40 . 2012-08-29 22:49 128950 c:\windows\system32\perfc010.dat
+ 2011-02-11 08:40 . 2012-09-09 15:53 128950 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-09-09 15:53 107574 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-29 22:49 107574 c:\windows\system32\perfc009.dat
+ 2012-09-02 20:17 . 2012-09-02 20:17 420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
- 2009-07-14 05:01 . 2012-09-01 14:11 230760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-10 20:20 230760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-02 20:18 . 2012-09-02 20:18 9813704 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-09-02 20:18 . 2012-09-02 20:18 1807560 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
+ 2012-05-16 12:27 . 2012-09-09 09:27 1167576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-05-16 12:27 . 2012-08-29 17:43 1167576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-09-02 20:17 . 2012-09-02 20:17 12812488 c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2012-05-16 12:27 . 2012-09-10 20:20 12224416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-796488358-3358784476-2599317056-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-16 880496]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-03 39408]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 3820032]
"chromium"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-08-30 1229848]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"IVONA ControlCenter"="c:\program files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2012-05-23 2114464]
"IVONA Reader"="c:\program files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" [2012-05-29 1384448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"kxesc"="c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" [2012-08-22 1854640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2011-1-13 2749856]
SkyHistory.lnk - c:\program files (x86)\Scand LLC\SkyHistory\SkyHistoryService.exe [2012-8-15 68096]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-3 1492352]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 0048511339799356mcinstcleanup;McAfee Application Installer Cleanup (0048511339799356);c:\users\Daniela\AppData\Local\Temp\004851~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-04-04 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-05-02 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-08 307304]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc64.sys [2012-08-07 31848]
S1 KDHacker;KDHacker;c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [2012-08-07 164696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2012-08-22 210296]
S2 kxescore;Kingsoft Core Service;c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [2012-08-07 123992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-11 378472]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-29 20:18]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 10:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-03 150992]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-05-02 1271552]
"combofix"="c:\combofix\CF13077.3XE" [2010-11-21 345088]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
https://www.google.it/mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE94FFD6-1653-4BF2-9709-55B1872E90CD}: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AE94FFD6-1653-4BF2-9709-55B1872E90CD}\65F6461666F6E656D21303436383535313: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E5FD0D3F-C049-4A48-BA0A-C576C92281C0}: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\0sbdrin7.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba - c:\program files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-09-10 22:29:30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-09-10 20:29
ComboFix2.txt 2012-09-01 14:18
.
Pre-Run: 313.313.738.752 byte disponibili
Post-Run: 313.459.970.048 byte disponibili
.
- - End Of File - - 08FFA7B8DDEB007211E309F40D66EC70
