Inactive [A] Jpgiframe on two foto and removed with "ad aware free"

[Vistartony]

hello, please somebody help me to read if the combofix.log is clean from virus/malware or not?

I have followede this thread https://www.techspot.com/vb/topic178540.html

there is my combofix log

ComboFix 12-03-15.03 - tony 15/03/2012 18:49:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4077.2100 [GMT 1:00]
Eseguito da: c:\users\tony\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-02-15 al 2012-03-15 )))))))))))))))))))))))))))))))))))
.
.
2012-03-15 15:58 . 2012-02-07 22:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4BFF119-9EBA-4049-9F99-24287681E4CC}\mpengine.dll
2012-03-15 15:49 . 2012-03-15 15:49 -------- d-----w- c:\program files\WOT
2012-03-15 15:49 . 2012-03-15 15:49 -------- d-----w- c:\program files (x86)\WOT
2012-03-15 09:37 . 2012-03-15 08:52 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-15 08:52 . 2012-03-15 08:52 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-15 08:49 . 2012-03-15 08:49 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-15 08:49 . 2011-12-23 06:12 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-15 08:49 . 2012-03-15 08:49 -------- d-----w- c:\programdata\Lavasoft
2012-03-15 08:49 . 2012-03-15 08:49 -------- d-----w- c:\program files (x86)\Lavasoft
2012-03-15 02:04 . 2012-03-15 02:04 -------- d-----w- C:\TeamViewer
2012-03-14 19:02 . 2012-03-14 19:02 -------- d-----w- c:\program files (x86)\RocketDock
2012-03-14 10:07 . 2012-03-14 10:07 -------- d-----w- c:\program files (x86)\DoNotTrackPlus
2012-03-14 08:38 . 2012-03-14 08:38 -------- d--h--w- c:\programdata\CanonIJScan
2012-03-14 08:38 . 2012-03-14 08:38 -------- d-----w- c:\program files\Common Files\CANON
2012-03-14 08:37 . 2012-03-14 08:37 -------- d-----w- c:\program files (x86)\Canon
2012-03-14 08:34 . 2012-03-14 08:34 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2012-03-14 08:34 . 2012-03-14 08:34 -------- d--h--w- c:\program files\CanonBJ
2012-03-14 08:34 . 2009-04-02 17:12 1354240 ----a-w- c:\windows\system32\CNQ2413C.DLL
2012-03-14 08:34 . 2009-04-02 17:12 92672 ----a-w- c:\windows\system32\CNQ2413I.DLL
2012-03-14 08:34 . 2008-05-02 08:14 677888 ----a-w- c:\windows\system32\CNQ2413L.DLL
2012-03-14 08:34 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNQ2413O.DLL
2012-03-14 03:59 . 2012-03-14 03:59 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-14 03:59 . 2012-03-14 03:59 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-14 02:37 . 2012-03-14 02:37 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-03-14 02:37 . 2012-03-14 02:37 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-14 00:23 . 2012-03-14 00:23 -------- d-----w- c:\program files\DivX
2012-03-14 00:23 . 2012-03-14 00:23 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-03-14 00:22 . 2012-03-14 00:23 -------- d-----w- c:\program files (x86)\DivX
2012-03-14 00:21 . 2012-03-14 00:23 -------- d-----w- c:\programdata\DivX
2012-03-13 18:29 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 18:29 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:29 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:27 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:27 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 18:27 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 18:27 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 18:27 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 18:27 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 18:27 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:27 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 18:27 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 18:27 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 00:53 . 2012-03-13 00:53 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 00:53 . 2012-03-13 00:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 00:53 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 23:39 . 2012-03-12 23:39 -------- d-----r- C:\Sandbox
2012-03-11 15:17 . 2012-03-12 05:55 -------- d-----w- c:\program files (x86)\Nexus Radio
2012-03-11 15:17 . 2012-03-11 15:18 -------- d-----w- C:\My Plugins
2012-03-11 15:17 . 2012-03-11 15:18 -------- d-----w- c:\windows\SysWow64\Nexus Radio
2012-03-11 15:17 . 2012-03-11 15:17 -------- d-----w- C:\My Saved Files
2012-03-11 15:17 . 2012-03-11 15:17 -------- d-----w- C:\My Recorded Files
2012-03-11 01:25 . 2012-03-11 01:25 -------- d-----w- c:\program files (x86)\Secunia
2012-03-11 01:11 . 2012-03-11 01:11 -------- d-----w- c:\programdata\Canneverbe Limited
2012-03-11 01:11 . 2012-03-11 01:11 -------- d-----w- c:\program files\CDBurnerXP
2012-03-11 00:47 . 2012-03-11 00:47 -------- d-----w- c:\program files\Sandboxie
2012-03-10 22:27 . 2012-03-11 00:44 -------- d-----w- C:\VritualRoot
2012-03-10 22:19 . 2012-03-10 22:23 -------- d-----w- c:\programdata\Comodo
2012-03-10 21:50 . 2011-09-05 15:12 27968 ----a-w- c:\windows\system32\cpmnat.exe
2012-03-10 06:49 . 2012-03-10 06:50 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
2012-03-10 06:39 . 2012-03-10 06:39 -------- d-----w- c:\program files\Paint.NET
2012-03-10 05:49 . 2012-03-10 05:50 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-03-10 05:49 . 2012-03-10 05:49 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-03-10 05:49 . 2012-03-10 05:49 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-10 05:49 . 2012-03-10 05:49 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-10 05:38 . 2012-03-10 05:38 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-10 05:38 . 2012-03-10 05:38 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-03-10 05:37 . 2012-03-10 05:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-10 05:11 . 2012-03-10 05:11 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-03-10 01:13 . 2012-03-10 12:14 -------- d-----w- C:\AppCrashView
2012-03-10 01:12 . 2012-03-10 01:12 -------- d-----w- C:\ATTO Disc Benchmark
2012-03-10 01:11 . 2012-03-10 01:11 -------- d-----w- C:\FreeSpaceCleaner_FF
2012-03-10 01:09 . 2012-03-10 01:10 -------- d-----w- C:\Aida64 Extreme220
2012-03-10 00:33 . 2012-03-10 00:33 -------- d-----w- C:\BlueScreenView
2012-03-10 00:21 . 2012-03-10 00:21 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-09 23:51 . 2012-03-09 23:51 -------- d-----w- c:\program files\CCleaner
2012-03-09 23:50 . 2011-09-05 15:14 205512 ----a-w- c:\windows\system32\drivers\cumon.sys
2012-03-09 23:50 . 2011-09-05 15:14 19568 ----a-w- c:\windows\system32\drivers\evdd.sys
2012-03-09 23:49 . 2012-03-10 22:19 -------- d-----w- c:\program files\COMODO
2012-03-09 23:49 . 2012-03-09 23:49 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-03-09 23:49 . 2012-03-09 23:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-09 23:49 . 2012-03-09 23:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-03-09 09:27 . 2012-03-09 09:27 -------- d-----w- c:\program files (x86)\Notepad++
2012-03-09 09:14 . 2012-03-09 09:14 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-09 09:14 . 2012-03-09 09:14 -------- d-----r- c:\program files (x86)\Skype
2012-03-09 09:14 . 2012-03-09 09:14 -------- d-----w- c:\programdata\Skype
2012-03-09 02:08 . 2012-02-07 22:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-08 22:14 . 2012-03-08 22:14 -------- d-----w- c:\program files (x86)\VideoLAN
2012-03-08 21:14 . 2012-03-09 09:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-08 20:21 . 2012-03-08 20:20 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2CA12B5-AC51-4DFE-83B7-9103B8D1FFCA}\gapaengine.dll
2012-03-08 20:19 . 2012-03-08 20:19 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-03-08 20:19 . 2012-03-08 20:19 -------- d-----w- c:\program files\Microsoft Security Client
2012-03-08 19:59 . 2012-03-08 19:59 -------- d-----w- c:\windows\system32\SPReview
2012-03-08 19:59 . 2012-03-08 19:59 -------- d-----w- c:\windows\system32\EventProviders
2012-03-08 19:43 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-03-08 19:39 . 2012-03-08 19:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-08 19:38 . 2012-03-08 19:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-08 19:38 . 2012-03-08 19:38 -------- d-----w- c:\windows\SysWow64\Macromed
2012-03-08 19:38 . 2012-03-08 19:38 -------- d-----w- c:\windows\system32\Macromed
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-08 19:37 . 2012-03-08 19:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\program files (x86)\Java
2012-03-08 19:31 . 2012-03-10 05:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-08 19:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-08 18:52 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-03-08 18:51 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-08 18:51 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-08 18:51 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-08 18:51 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-08 18:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-08 18:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-08 18:39 . 2012-03-01 12:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6F2DE85-99B4-4706-B207-F741F62A46CB}\mpengine.dll
2012-03-08 18:39 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-03-08 18:23 . 2012-03-08 18:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-08 18:23 . 2012-03-08 18:23 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-08 18:23 . 2012-03-08 18:23 -------- d-----w- c:\program files\PlayReady
2012-03-08 18:17 . 2012-03-08 18:17 -------- d-----w- c:\program files (x86)\PCTV Systems
2012-03-08 17:46 . 2012-03-08 17:46 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-03-08 17:46 . 2012-03-08 17:46 -------- d-----w- c:\program files\Realtek
2012-03-08 17:38 . 2012-03-08 17:38 -------- d-----w- c:\programdata\ATI
2012-03-08 17:37 . 2012-03-08 17:37 0 ----a-w- c:\windows\ativpsrm.bin
2012-03-08 17:37 . 2012-03-08 17:37 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-03-08 17:37 . 2012-03-08 17:37 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-03-08 17:37 . 2012-03-08 17:37 -------- d-----w- c:\program files (x86)\AMD APP
2012-03-08 17:37 . 2012-03-08 17:37 -------- d-----w- c:\program files (x86)\ATI Technologies
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-12-19 17:59 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2012-01-17 20:00 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-12-19 17:59 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-12-19 17:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-12-19 17:58 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-12-19 17:58 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-08 20:06 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 20:06 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-19 17:59 . 2011-12-19 17:59 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 666384]
"Nexus Radio"="c:\program files (x86)\Nexus Radio\Nexus Radio.exe" [2011-12-21 4704256]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LibreOffice 3.5.lnk - c:\program files (x86)\LibreOffice 3.5\program\quickstart.exe [2012-2-2 44032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-03-15 2152152]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [x]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [2011-09-05 116032]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923915105-2978217376-1081647811-1000Core.job
- c:\users\tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 19:25]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3923915105-2978217376-1081647811-1000UA.job
- c:\users\tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08 19:25]
.
2012-03-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2012-03-14 08:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{31E5D52A-6D99-45B6-B67A-7D74E8FC3D29}: NameServer = 8.26.56.26,8.20.247.20
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{59506042-42A8-4EF6-82C9-35177BFB7F6F} - (no file)
WebBrowser-{D8737483-7BCC-4B90-93CC-F2B978B7B5B7} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
.
**************************************************************************
.
Ora fine scansione: 2012-03-15 18:54:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-03-15 17:54
.
Pre-Run: 24.693.678.080 byte disponibili
Post-Run: 24.542.400.512 byte disponibili
.
- - End Of File - - A4E7D1DC94CCA2EEAEE44695FE565504

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Never follow instructions from another topic.

Never run Combofix on your own.

You're not saying what are your computer problems.

 

[Vistartony]

sorry

ok thanks for the reply and sorry...

sorry too for my poor english.

since I'm a paranoid security and to know that Adaware is very good product I downloaded the free version and I did a full scan (PC presented no problem) but then again, are set for safety, especially after some lamer have hacked the forum e friend of mine, well Adaware have found two shell in a wallpaper that I put in Windows/web directory ad set as my default image desktop, is says (adaware) jpgiframe (shell).

After that I was alarmed and have search on google jpgiframe and found an article on this forum that explaining how to remove malware from your computer, and I followed step by step the istructions... the fun but is when I scanned with Eset online scanner it found my registry booster regulary purchased is/are/have 8 Worms and virus that kaspersky, Microsoft security essential, MalwareBytes, MRT and MART of Microsoft don't found, not even the adaware.

So I decided to try ComboFix, just this.

My sistem is original, Windows 7 Home Edition 64 Bit, 4 GB of RAM, I have run the HP diagnostic tools too from dos mode and all says is Ok about the hardware.

If someone help I reaally apprecciate. Thanks in advance and sorry if I did something wrong.

Take Care

Vistar Tony

 

[Broni]

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[Vistartony]

Hello, thanks for the help, it is possible to do this in a couple of days because I have to go to the funeral of a friend and he's buried.

P.S. I use MSE (Microsoft security essential) and it don't make log, how I do the log with it?

 

[Broni]

Take your time.
I don't need MSE log.

 

[Vistartony]

Hello, I'm back.
Please do not close this topic, after tomorrow I provide all the material that you're asking, thanks x10000

Best Regards
Tony

 

[Broni]

OK..............