Salve a tutti
Il pc è lentissimo e non fa gli aggiornamenti dell'antivirus
Ho scaricato combofix e lo volevo far partire ma si è bloccato
e mi è apparsa una finestra che diceva che era infetto da Virut
e lo ha cancellato.
Scaricato di nuovo ed ha fatto tutta la scansione.
ma non va.
Wikisend non va allego il log
ComboFix 12-11-22.03 - Black Rose 23/11/2012 9:56.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1015.400 [GMT 1:00]
Eseguito da: c:\users\Black Rose\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-23 al 2012-11-23 )))))))))))))))))))))))))))))))))))
.
.
2012-11-23 09:04 . 2012-11-23 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 22:23 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-20 22:23 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-20 22:23 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-20 22:23 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-20 22:23 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-20 22:23 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-20 22:22 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-20 22:22 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-20 22:22 . 2012-11-20 22:22 -------- d-----w- c:\programdata\AVAST Software
2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\users\Black Rose\AppData\Roaming\Malwarebytes
2012-11-20 21:05 . 2012-11-20 21:05 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 20:53 . 2012-11-23 09:04 -------- d-----w- c:\users\Black Rose\AppData\Local\temp
2012-11-20 20:09 . 2012-11-20 22:22 -------- d-----w- c:\program files\AVAST Software
2012-11-20 19:56 . 2012-11-20 19:56 -------- d-----w- c:\program files\CCleaner
2012-11-15 02:44 . 2012-11-15 02:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143085B5-E7D7-4715-A9D4-51363D2F9E5A}\offreg.dll
2012-10-25 00:04 . 2012-11-14 09:39 -------- d-----w- c:\program files\Google
2012-10-25 00:03 . 2012-11-14 10:09 -------- d-----w- c:\users\Black Rose\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 02:18 . 2012-05-24 10:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-19 02:18 . 2012-05-24 10:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 01:18 . 2012-05-24 18:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Black Rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^pabnizu.lnk]
path=c:\users\Black Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pabnizu.lnk
backup=c:\windows\pss\pabnizu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-14 10:09 116648 ----atw- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 02:18]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917955747-4212784436-1548561171-1002Core.job
- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 10:09]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917955747-4212784436-1548561171-1002UA.job
- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 10:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{019CFB4A-1242-4A09-B821-040A71411412}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{12B8FBD9-DC32-4E4D-886C-E8757839C067}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{91FF87B7-F428-480C-9A9C-5A51903EAC29}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A09C100E-5919-433D-89C4-A07F86AEDA18}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C164C9F6-48FD-4B10-AF30-0F3895572AE1}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{F9930F6E-35E3-4A09-A056-5318E7A1969E}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Black Rose\AppData\Roaming\Mozilla\Firefox\Profiles\6cvf1gjf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-20 21:09; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-11-23 10:07:49
ComboFix-quarantined-files.txt 2012-11-23 09:07
.
Pre-Run: 8.738.488.320 byte disponibili
Post-Run: 8.720.039.936 byte disponibili
.
- - End Of File - - 727DCFD7795BF0E2454D32EE0AF36574
Se cortesemente qualcuno lo controlla
Eventuali altre scansioni chedete pure.
Grazie infinite.
Il pc è lentissimo e non fa gli aggiornamenti dell'antivirus
Ho scaricato combofix e lo volevo far partire ma si è bloccato
e mi è apparsa una finestra che diceva che era infetto da Virut
e lo ha cancellato.
Scaricato di nuovo ed ha fatto tutta la scansione.
ma non va.
Wikisend non va allego il log
ComboFix 12-11-22.03 - Black Rose 23/11/2012 9:56.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1015.400 [GMT 1:00]
Eseguito da: c:\users\Black Rose\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-23 al 2012-11-23 )))))))))))))))))))))))))))))))))))
.
.
2012-11-23 09:04 . 2012-11-23 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-20 22:23 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-20 22:23 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-20 22:23 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-11-20 22:23 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-20 22:23 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-20 22:23 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-11-20 22:22 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-20 22:22 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-20 22:22 . 2012-11-20 22:22 -------- d-----w- c:\programdata\AVAST Software
2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\users\Black Rose\AppData\Roaming\Malwarebytes
2012-11-20 21:05 . 2012-11-20 21:05 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 20:53 . 2012-11-23 09:04 -------- d-----w- c:\users\Black Rose\AppData\Local\temp
2012-11-20 20:09 . 2012-11-20 22:22 -------- d-----w- c:\program files\AVAST Software
2012-11-20 19:56 . 2012-11-20 19:56 -------- d-----w- c:\program files\CCleaner
2012-11-15 02:44 . 2012-11-15 02:44 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143085B5-E7D7-4715-A9D4-51363D2F9E5A}\offreg.dll
2012-10-25 00:04 . 2012-11-14 09:39 -------- d-----w- c:\program files\Google
2012-10-25 00:03 . 2012-11-14 10:09 -------- d-----w- c:\users\Black Rose\AppData\Local\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-19 02:18 . 2012-05-24 10:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-19 02:18 . 2012-05-24 10:30 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 01:18 . 2012-05-24 18:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Black Rose^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^pabnizu.lnk]
path=c:\users\Black Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pabnizu.lnk
backup=c:\windows\pss\pabnizu.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-11-14 10:09 116648 ----atw- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [x]
R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [x]
R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [x]
R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [x]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 02:18]
.
2012-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917955747-4212784436-1548561171-1002Core.job
- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 10:09]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-917955747-4212784436-1548561171-1002UA.job
- c:\users\Black Rose\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 10:09]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{019CFB4A-1242-4A09-B821-040A71411412}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{12B8FBD9-DC32-4E4D-886C-E8757839C067}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{91FF87B7-F428-480C-9A9C-5A51903EAC29}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A09C100E-5919-433D-89C4-A07F86AEDA18}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C164C9F6-48FD-4B10-AF30-0F3895572AE1}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{F9930F6E-35E3-4A09-A056-5318E7A1969E}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Black Rose\AppData\Roaming\Mozilla\Firefox\Profiles\6cvf1gjf.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-20 21:09; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-11-23 10:07:49
ComboFix-quarantined-files.txt 2012-11-23 09:07
.
Pre-Run: 8.738.488.320 byte disponibili
Post-Run: 8.720.039.936 byte disponibili
.
- - End Of File - - 727DCFD7795BF0E2454D32EE0AF36574
Se cortesemente qualcuno lo controlla
Eventuali altre scansioni chedete pure.
Grazie infinite.