Condividi:        

scansione combofix

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

scansione combofix

Postdi paolis » 05/08/14 10:46

Ciao a tutti,
un mio amico tecnico di pc mi ha consigliato di utilizzare combofix sul mio pc perchè aveva questi problemi:
- improvvisamente si spegneva senza nessun motivo

alcuni pomeriggi era impossibile utilizzare il pc perchè si spegneva in continuazione.
ho effettuato una scansione con eset smart securety e ho eliminato le infezioni che ha rivelato.
ho utilizzato anche adwcleaner ma il problema sembra che persista.
ho un windows 7 sp1 x64

questo è il report di combo fix che mi ha detto che posso allegare qui:

ComboFix 14-08-05.01 - redazione02 05/08/2014 11:31:22.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8183.6117 [GMT 2:00]
Eseguito da: c:\users\redazione02\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: Firewall ESET *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\program files (x86)\WinRAR\Leggimi.Txt
c:\program files (x86)\WinRAR\Leggimi_1a.Txt
c:\program files (x86)\WinRAR\Licenza.Txt
c:\program files (x86)\WinRAR\NoteTecniche.Txt
c:\program files (x86)\WinRAR\Ordin.htm
c:\program files (x86)\WinRAR\Ordina.htm
c:\program files (x86)\WinRAR\SorgUnRAR.Txt
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\redazione02\AppData\Local\assembly\tmp
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0FA730E4-F6C3-476F-BD46-8CD54B075652}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3294F415-5583-422E-8473-9C1DE35D0EE3}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{359E0795-8EB3-48A6-80A6-E1E75CE2DB02}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F244FA7-9212-43C2-8B50-BA64B3CF61C0}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{522BFC0A-A1F0-41C1-9694-AF820C90DC8D}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{59502C45-4A6C-4724-A458-A05F4D9F045E}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6BDAE4AF-2B52-48C5-9904-78AFBB26DA5F}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{95D385BF-6B85-4238-BE79-E8FD516158A1}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A7C535A5-C480-4003-8C7D-A77A28580602}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D897664A-4031-47AC-9E7A-E1F0AEBC6254}.xps
c:\users\redazione02\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2471F0D-A9BD-4379-9412-7F564B1581DA}.xps
c:\users\redazione02\AppData\Roaming\Azyl
c:\users\redazione02\AppData\Roaming\Azyl\ixxoi.lao
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2014-07-05 al 2014-08-05 )))))))))))))))))))))))))))))))))))
.
.
2014-08-05 09:42 . 2014-08-05 09:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-08-05 07:16 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{63B3A771-E9F4-4924-B241-E8AA9C218E4D}\mpengine.dll
2014-08-01 07:05 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-01 07:05 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-01 07:05 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-01 07:05 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-01 07:04 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-01 07:04 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-01 07:04 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-01 07:04 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-01 07:04 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-01 07:04 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-01 07:04 . 2014-05-14 07:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-01 07:04 . 2014-05-14 07:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-01 07:04 . 2014-05-14 07:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-01 07:04 . 2014-05-14 07:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-07-09 10:30 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 10:26 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 10:26 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 10:26 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 13:41 . 2012-07-11 14:28 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 13:41 . 2012-07-11 14:28 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 10:55 . 2012-07-12 11:01 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-05-08 09:32 . 2014-06-12 10:52 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-08 09:32 . 2014-06-12 10:52 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaCie Ethernet Agent Startup"="c:\program files\LaCie\Network Assistant\LaCie Network Assistant.exe" [2013-05-03 9891328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
.
c:\users\redazione02\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\redazione02\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TipCtrl;TipCtrl;c:\program files (x86)\uTIPu\TipCtrl.exe;c:\program files (x86)\uTIPu\TipCtrl.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 MSSQL$SIDIOPEN;SQL Server (SIDIOPEN);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys;c:\windows\SYSNATIVE\DRIVERS\dfmirage.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 13:41]
.
2014-08-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-07-12 12:10]
.
2014-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3487145668-3351463120-1474455082-1000Core.job
- c:\users\redazione02\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 10:17]
.
2014-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3487145668-3351463120-1474455082-1000UA.job
- c:\users\redazione02\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-04 10:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\redazione02\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-14 2918656]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 8.8.8.8 8.8.8.4
TCP: Interfaces\{A3297C79-6687-4A0E-98B2-35C1C0EC2256}\960586F6E6560246960257375627: DhcpNameServer = 212.52.97.25 193.70.152.25
FF - ProfilePath - c:\users\redazione02\AppData\Roaming\Mozilla\Firefox\Profiles\kyf5drf8.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-iTunesHelper - k:\itunes\iTunesHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe
AddRemove-Switch - c:\program files (x86)\NCH Software\Switch\uninst.exe
AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000001
"ProductCode"="{726D657A-A051-4109-AA0F-37F91702B5E6}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="4.2.71.3"
"UniqueId"="000D54B450CC4055"
"ScannerBuild"=dword:000031b6
"ScannerVersionId"=dword:00001e7b
"ScannerVersion"="Locked/open ESET for status."
"ei2"=hex(b):3a,72,4d,49,51,d0,ca,6d
"ei1"=hex(b):00,01,6c,70,1a,05,00,00
"ei3"=hex(b):7b,41,cc,50,00,00,00,00
"ei4"=dword:00000000
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\01\06\0b\11\0cW"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-08-05 11:45:13
ComboFix-quarantined-files.txt 2014-08-05 09:45
.
Pre-Run: 137.944.285.184 byte disponibili
Post-Run: 138.979.741.696 byte disponibili
.
- - End Of File - - 11652C1E6CF3310B8A7543F8A4D4C6D0
A36C5E4F47E84449FF07ED3517B43A31
paolis
Utente Junior
 
Post: 36
Iscritto il: 09/10/12 14:13

Sponsor
 

Re: scansione combofix

Postdi davide72 » 05/08/14 11:41

posta la lista dei programmi installati
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: scansione combofix

Postdi paolis » 05/08/14 17:20

Ecco di seguito la lista dei programmi installati sul pc
grazie anticipatamente per l'aiuto che mi state dando

http://oi58.tinypic.com/1553q6s.jpg
paolis
Utente Junior
 
Post: 36
Iscritto il: 09/10/12 14:13

Re: scansione combofix

Postdi davide72 » 05/08/14 17:41

fai una scansione con malwarebyte http://downloads.malwarebytes.org/file/mbam/

a fine installazione togli la spunta da attiva la versione gratuita PRO , quindi avvia il programma ed esegui una scansione completa rimuovendo eventuali infezioni trovate, e riavvia il pc

installa ccleaner http://www.piriform.com/ccleaner/download/standard e fai un po di pulizia dei temporanei e disattiva i programmi all' avvio di windows tranne l' antivirus

salva otl sul desktop http://www.bleepingcomputer.com/download/otl/dl/93/ eseguilo e clicca su cleanup
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: scansione combofix

Postdi paolis » 07/08/14 14:18

mentre effettuavo la scansione con malwarebyte , il pc si è spento di nuovo.

alla fine sono riuscito a terminare la scansione con malwarebyte - non ha trovato infezioni.
ho installato ed eseguito cclenear e poi otl

la situazione sembra leggermente migliorata, ma il pc continua a spegnersi improvvisamente, soprattutto appena comincio ad usare il pc : per esempio apro un documento word, apro google chrome...

attendo altri suggerimenti

grazie ancora, siete i migliori
paolis
Utente Junior
 
Post: 36
Iscritto il: 09/10/12 14:13

Re: scansione combofix

Postdi davide72 » 07/08/14 16:21

il pc da quanto tempo ce l' hai? l' hai mai aperto e ripulito da polvere? i driver sono quelli del produttore pc ?, o li hai aggiornati usando software di aggiornamento automatico driver
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: scansione combofix

Postdi paolis » 08/08/14 10:39

il pc ce l'ho da 3 anni, e i driver sono stati aggiornati tramite software automatico aggiornamento driver.

no, non l'ho mai aperto per ripulirlo da polvere.
paolis
Utente Junior
 
Post: 36
Iscritto il: 09/10/12 14:13

Re: scansione combofix

Postdi davide72 » 08/08/14 20:12

prendi nota del tuo modello esatto di pc e recati sul sito ufficiale del costruttore pc per reinstallarti tutti driver

meglio se apri il pc e lo pulisci dalla polvere (col compressore del benzinaio) poi dovresti cambiare la pasta termica sulla cpu ( rivogiti in un laboratorio di assistenza pc) il cambio della pasta ti costa circa 10 o 15 euro
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01


Torna a Sistemi Operativi Windows


Topic correlati a "scansione combofix":


Chi c’è in linea

Visitano il forum: Nessuno e 69 ospiti