Avast blocca virus

[Mallo]

é qualche giorno che avast mi blocca url maligni provenienti dal disco E, Provengono tutti più o meno dalla stessa destinazione e si presentano con il nome di Cybertool, cybermyapp ecc.. Io non saprei come risalire ed eliminare questo virus mi sapreste aiutare?

- - - Updated - - -

Dimenticavo ho già fatto una scansione approfondita del pc e non è risultato niente di malevolo

 

[Davide72]

scarica questo Downloading AdwCleaner salvalo sul desktop e avvialo
tenendo chiusi i browser clicca su scan e al termine clicca su clean, quindi conferma ok a tutti i messaggi e riavvia il pc
posta il log adwcleaner.txt che trovi sul desktop

 

[Mallo]

Ecco qua :)


# AdwCleaner v3.014 - Report created 09/12/2013 at 23:37:29
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Professional N Service Pack 1 (64 bits)
# Username : Mallo - PC-MALLO
# Running from : C:\Users\Mallo\Desktop\AdwCleaner.exe
# Option : Clean


***** [ Services ] *****




***** [ Files / Folders ] *****


Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Mallo\AppData\Local\lollipop
Folder Deleted : C:\Users\Mallo\AppData\Roaming\Common\LuaRT
Folder Deleted : C:\Users\Mallo\AppData\Roaming\Intermediate
Folder Deleted : C:\Users\Mallo\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Mallo\AppData\Roaming\SCheck
Folder Deleted : C:\Users\Mallo\AppData\Roaming\SSync
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Mallo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Mallo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage
File Deleted : C:\Users\Mallo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.qvo6.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\NCH Software


***** [ Shortcuts ] *****




***** [ Registry ] *****


Key Deleted : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Snoozer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxhxxpProxy_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxhxxpProxy_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxUpdateService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxUpdateService_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_84f2fb35
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_baea92b4
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_acronis-true-image_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_acronis-true-image_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_driver-sweeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_driver-sweeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_easeus-partition-master_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_easeus-partition-master_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\httogroup
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\OfferMosquito
Key Deleted : HKCU\Software\piccshare
Key Deleted : HKCU\Software\Protector
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\HappyLyrics
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - e:\progra~4\savesh~1\sprote~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - e:\progra~4\websea~1\sprote~1.dll
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.offerbox.com;<local>;*.local


***** [ Browsers ] *****


-\\ Internet Explorer v9.0.8112.16483


Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]


-\\ Google Chrome v31.0.1650.63


[ File : C:\Users\Mallo\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [6996 octets] - [09/12/2013 23:36:13]
AdwCleaner[S0].txt - [6507 octets] - [09/12/2013 23:37:29]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6567 octets] ##########

 

[Davide72]

comunque prima di postare dovreste leggervi questa http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html , nonchè leggere le varie discussioni circa l'apertura di pagine pubblicitarie

 

[Mallo]

comunque prima di postare dovreste leggervi questa http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html , nonchè leggere le varie discussioni circa l'apertura di pagine pubblicitarie

Grazie per l'aiuto, mi son dimenticato di guardare nelle discussioni in primo piano ed ho solamente usato la funzione cerca con scarsi risultati, starò più attento in futuro.

 

[Davide72]

ok....ciao

- - - Updated - - -

Ps non scaricare niente da softonic e simili...quei downloader sono veicoli d' infezioni, utilizza sempre i siti ufficiali per scaricare i file