Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto!!!! forse virus ???

aiuto!!!! forse virus ??? Opzioni
Topic Precedente · Topic Sucessivo
morganito
Inviato: Friday, September 13, 2013 7:54:51 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
ciao a tutti , premetto che le mie conoscenze in questo campo sono minime comunque andiamo al sodo , come al solito faccio sempre delle scansioni con malwarebytes e sorpresa un giorno mi sono trovata un casino di infezioni tutte pup.optional babylon ,cany ecc... le ho eliminate ma credo di non averle debelleate del tutto ho provato anche con spywarefighter e combofix ma niente tutte le volte che scansiono con malwarebyts mi trova qualche infezione .vi posto il log di combofix , aiutatemi
grazie a tutti i buoni samaritani dl computer

ComboFix 13-09-10.03 - greta 11/09/2013 22.12.06.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.39.1040.18.3980.2479 [GMT 2:00]
Eseguito da: c:\users\greta\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SetStretch.exe
c:\users\greta\AppData\Local\Google\Chrome\User Data\Default\preferences
.
.
((((((((((((((((((((((((( Files Creati Da 2013-08-11 al 2013-09-11 )))))))))))))))))))))))))))))))))))
.
.
2013-09-11 20:21 . 2013-09-11 20:21 -------- d-----w- c:\users\greta\AppData\Local\temp
2013-09-11 20:21 . 2013-09-11 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-11 19:51 . 2013-09-11 19:51 -------- d-----w- c:\users\greta\AppData\Local\Fighters
2013-09-11 19:49 . 2013-09-11 20:19 -------- d-----w- c:\programdata\clp
2013-09-11 19:49 . 2013-09-11 19:50 -------- d-----w- c:\users\greta\AppData\Roaming\Fighters
2013-09-11 19:48 . 2013-09-11 19:54 -------- d-----w- c:\program files (x86)\Fighters
2013-09-11 19:48 . 2013-09-11 19:48 -------- d-----w- c:\programdata\Common Toolkit Suite
2013-09-11 19:48 . 2013-09-11 19:48 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2013-09-11 19:47 . 2013-09-11 19:50 -------- d-----w- c:\programdata\Fighters
2013-09-11 11:26 . 2013-09-11 11:26 -------- d-----w- c:\users\greta\AppData\Roaming\com.adobe.amp
2013-09-11 06:42 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 06:31 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 06:31 . 2013-06-10 19:15 1156096 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-09-11 06:31 . 2013-07-03 00:22 2839552 ----a-w- c:\windows\system32\msftedit.dll
2013-09-11 06:31 . 2013-07-06 00:16 1025024 ----a-w- c:\windows\system32\localspl.dll
2013-09-11 06:31 . 2013-07-03 00:23 778752 ----a-w- c:\windows\system32\oleaut32.dll
2013-09-11 06:31 . 2013-07-03 00:11 551424 ----a-w- c:\windows\SysWow64\oleaut32.dll
2013-09-11 06:31 . 2013-07-03 00:22 1300480 ----a-w- c:\windows\system32\gdi32.dll
2013-09-11 06:31 . 2013-06-10 19:15 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-09-11 06:31 . 2013-07-08 22:46 414208 ----a-w- c:\windows\system32\wwanconn.dll
2013-09-11 06:31 . 2013-06-29 05:43 327512 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2013-09-11 06:31 . 2013-06-18 22:38 125440 ----a-w- c:\windows\SysWow64\winmm.dll
2013-09-11 06:31 . 2013-06-10 19:15 381952 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-09-07 17:00 . 2013-09-07 17:00 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-09-07 16:07 . 2013-09-07 16:08 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-07 14:13 . 2013-09-07 14:13 -------- d-----w- c:\program files (x86)\Check Point Software Technologies LTD
2013-09-07 14:13 . 2013-09-07 14:13 -------- d-----w- c:\users\greta\AppData\Roaming\Check Point Software Technologies LTD
2013-09-07 14:12 . 2013-09-07 14:14 -------- d-----w- c:\program files (x86)\CheckPoint
2013-09-07 14:12 . 2013-09-07 14:12 -------- d-----w- c:\programdata\CheckPoint
2013-09-07 13:45 . 2013-09-07 13:54 -------- d-----w- C:\AdwCleaner
2013-09-05 14:43 . 2013-09-05 14:43 13720 ----a-w- c:\windows\system32\drivers\avfsfilter.sys
2013-09-04 06:51 . 2013-09-04 06:51 270512 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10215.bin
2013-08-31 22:16 . 2013-08-31 22:16 -------- d-----w- c:\windows\SysWow64\ivtMobCache
2013-08-29 10:31 . 2013-08-29 10:31 -------- d-----w- c:\users\Public\CyberLink
2013-08-28 11:11 . 2013-08-28 11:11 -------- d-----w- c:\users\greta\AppData\Roaming\Free PDF to Word Converter
2013-08-28 11:11 . 2013-08-28 11:11 -------- d-----w- c:\programdata\Smart Soft
2013-08-28 11:11 . 2013-08-28 11:11 -------- d-----w- c:\program files\Free PDF to Word Converter
2013-08-21 07:11 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-21 07:11 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-21 07:11 . 2013-07-09 06:07 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-21 07:07 . 2013-07-13 06:16 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-08-21 07:07 . 2013-07-13 06:18 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-08-21 07:07 . 2013-07-13 06:16 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-21 07:07 . 2013-07-13 06:15 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-08-21 07:07 . 2013-07-13 06:15 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-08-21 07:07 . 2013-07-13 04:24 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-21 07:07 . 2013-07-13 04:23 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-21 07:07 . 2013-07-13 04:23 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-08-21 07:07 . 2013-07-13 04:23 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 19:09 . 2013-04-25 00:40 401 ----a-w- c:\users\greta\AppData\Roaming\sp_data.sys
2013-09-05 20:09 . 2013-04-25 09:52 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2013-04-25 09:52 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-25 08:19 . 2013-04-25 07:41 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-31 15:33 . 2013-07-31 15:33 21 ----a-w- c:\users\greta\AppData\Roaming\my_intel.sys
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-18 15:40 . 2013-07-31 17:32 867656 ----a-w- c:\windows\SysWow64\msvcr110.dll
2013-07-18 15:40 . 2013-07-31 17:32 527176 ----a-w- c:\windows\SysWow64\msvcp110.dll
2013-07-13 23:15 . 2013-04-25 17:01 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-09 23:32 . 2013-07-09 23:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-08 23:28 . 2013-07-08 23:28 248632 ----a-w- c:\windows\system32\drivers\avgwfpa.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-06-16 22:41 . 2013-07-19 19:26 997632 ----a-w- c:\windows\system32\drivers\ndis.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2012-05-14 2646504]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-15 364032]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-06-19 73832]
"CommonToolkitTray"="c:\program files (x86)\Fighters\Tray\FightersTray.exe" [2013-09-05 1659424]
"SWPROguard"="c:\program files (x86)\Fighters\SPYWAREfighter\swprotray.exe" [2013-09-05 1260072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys;c:\windows\SYSNATIVE\DRIVERS\avfsfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_cdc_acm.sys [x]
R3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [x]
R3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\System32\drivers\ONDA_MW823UP_cpo.sys;c:\windows\SYSNATIVE\drivers\ONDA_MW823UP_cpo.sys [x]
R3 RTL8168;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AV Engine Scanning Service;AV Engine Scanning Service;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe [x]
S2 AV Watch Service;AV Watch Service;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe;C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McNeelUpdate;McNeel Update Service 5.0;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe;c:\program files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [x]
S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe;c:\program files (x86)\Fighters\FighterSuiteService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Driver Bluetooth a basso consumo;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 ONDA_MW823UP_dc_enum;ONDA_MW823UP_dc_enum;c:\windows\System32\drivers\ONDA_MW823UP_dc_enum.sys;c:\windows\SYSNATIVE\drivers\ONDA_MW823UP_dc_enum.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-30 06:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-16 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-16 398656]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 5299320]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-09-11 107192]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=it&gu=c33546c422a3485a9b95a56dc0d1e045&tu=10GAy009v5B0CO0&sku=&tstsId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{106D34CF-79AD-41AA-9318-2EC5581CF89F}: NameServer = 193.70.152.25 212.52.97.25
FF - ProfilePath - c:\users\greta\AppData\Roaming\Mozilla\Firefox\Profiles\9d6vrxe7.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-09-07 16:16; ffxtlbr@zonealarm.com; c:\users\greta\AppData\Roaming\Mozilla\Firefox\Profiles\9d6vrxe7.default\extensions\ffxtlbr@zonealarm.com
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=goughDev3&Lan={dfltLng}&gu=c33546c422a3485a9b95a56dc0d1e045&tu=10GAy009v5B0CO0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - b23b633b0000000000009c2a7018ad48
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15955
FF - user.js: extensions.zonealarm.vrsn - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsni - 1.8.22.0
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.22.016:13
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1002
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - goughDev3
FF - user.js: extensions.zonealarm.instlRef - ZLN119654672807585-1002
FF - user.js: extensions.zonealarm.dfltLng - it
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=it&gu=c33546c422a3485a9b95a56dc0d1e045&tu=10GAy009v5B0CO0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.hpOld0 - about:home
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=goughDev3&Lan=it&gu=c33546c422a3485a9b95a56dc0d1e045&tu=10GAy009v5B0CO0&sku=&tstsId=&ver=&
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AV Watch Service]
"ImagePath"="C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-817466404-791403235-1991246858-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\“a *]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-817466404-791403235-1991246858-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\“a *\Settings]
@Class="REG_NONE"
"last_activation_day"="141"
.
[HKEY_USERS\S-1-5-21-817466404-791403235-1991246858-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\“aP ì*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-817466404-791403235-1991246858-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\“aP ì*\Settings]
@Class="REG_NONE"
"last_activation_day"="141"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2013-09-11 22:27:51
ComboFix-quarantined-files.txt 2013-09-11 20:27
.
Pre-Run: 44.247.130.112 byte disponibili
Post-Run: 43.947.610.112 byte disponibili
.
- - End Of File - - C1C686FEA0D576DA6D12BFCB59C4063E
Torna in alto
 
Sponsor
Inviato: Friday, September 13, 2013 7:54:51 PM

 
Torna in alto
 
frosco
Inviato: Friday, September 13, 2013 10:32:58 PM
Rank: Newbie

Iscritto dal : 6/29/2012
Posts: 9
Ha rimosso poco o nulla. Adesso il PC va meglio? :D
Torna in alto
 
morganito
Inviato: Saturday, September 14, 2013 9:49:19 AM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
inomma , lo trovo un po lento e a volte fatica ad aprire le finestre . c'è una soluzione per il mio problema che tu sappia frosco?
Torna in alto
 
cbbusto
Inviato: Saturday, September 14, 2013 11:54:23 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In attesa della risposta di frosco facciamo un po' di pulizie.
Fai questa scansione,
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Scan” finita la scansione clicca su Clean , conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log col Blocco Note.
Copialo e postalo qui.

Fai sapere se c'è qualche miglioria. Ciao
Torna in alto
 
morganito
Inviato: Saturday, September 14, 2013 6:33:47 PM

Rank: AiutAmico

Iscritto dal : 7/28/2010
Posts: 52
ciao cbbusto grazie per l'attenzione :)))
avevo gia provato adwcleaner ma non era cambiato niente comunque ora lo sto riprovando e in più ho fatto una pulizia con Privazer che ho visto consigliato sul forum , ma finito con Privazer ho scansionato con malwarbytes e mi sono uscite ancora due infezioni : pup.optional softonic . che mi era già uscita nella scansione precedente e avevo rimosso o almeno così credevo .finito con adwcleane ora posto il log
# AdwCleaner v3.003 - Report created 14/09/2013 at 17:55:23
# Updated 07/09/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : greta
# Running from : C:\Users\greta\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\greta\AppData\Roaming\Mozilla\Firefox\Profiles\9d6vrxe7.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\greta\AppData\Roaming\Mozilla\Firefox\Profiles\9d6vrxe7.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v23.0.1 (it)

[ File : C:\Users\greta\AppData\Roaming\Mozilla\Firefox\Profiles\9d6vrxe7.default\prefs.js ]


*************************

AdwCleaner[S2].txt - [2646 octets] - [14/09/2013 17:55:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2706 octets] ##########
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto!!!! forse virus ???


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.