RISOLTO Virus Win64/Patched.A AIUTO!

Pubblicità
N

Niki Lombardo

Nuovo Utente
Messaggi
18
Reazioni
0
Punteggio
25
Ciao,
Ieri stavo effetuando una scansione con AVG quando mi ha segnalato uno strano virus impossibile da rimuovere automaticamente, anche provando a eliminarlo manualmente non riesco , in piu da quando ho riscontrato questo problema ricevo segnalaioni ogni pochi minuti di AVG di altri virus che pero riesco a eliminare facilmente AIUTATEMI! sotto l'immagine
MediaFire - Online Space for your documents, photos, videos, and music.
 
Ciao.
Segui questa guida per utilizzare Combofix e TDSS Killer.
Log da allegare: Combofix.txt - TDSSKiller.[Version]_[Date]_[Time]_log.txt
 
Ciao,
Una volta completato il processo di combofix dopo il riavvio mi sono accorto che non riuscivo piu a collegqrmi ad internet infatti è sorto un altro problmena in allegato vi lascio il log rilasciato da combofix e lo snapshot del nuovo problema con la connessione alla rete wifi

snapshot al problema: MediaFire - Online Space for your documents, photos, videos, and music.

log di comvofix:
ComboFix 13-06-22.01 - Utente 23/06/2013 21:38:32.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.16337.13687 [GMT 2:00]
Eseguito da: c:\users\Utente\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
La copia infetta di c:\windows\system32\Services.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-05-23 al 2013-06-23 )))))))))))))))))))))))))))))))))))
.
.
2013-06-23 19:45 . 2013-06-23 19:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-23 19:45 . 2013-06-23 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-23 19:45 . 2013-06-23 19:45 -------- d-----w- c:\users\amministratore\AppData\Local\temp
2013-06-22 07:18 . 2013-06-22 07:18 -------- d-----w- c:\program files (x86)\Enigma Software Group
2013-06-22 07:17 . 2013-06-23 19:32 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-22 07:11 . 2013-06-22 07:11 -------- d-----w- c:\programdata\StarApp
2013-06-21 14:51 . 2013-06-21 14:51 -------- d-----w- C:\GOG Games
2013-06-21 14:17 . 2013-06-21 14:18 -------- d-----w- c:\program files (x86)\Ask.com
2013-06-21 14:17 . 2013-06-21 14:17 -------- d-----w- c:\users\Utente\AppData\Local\APN
2013-06-21 14:17 . 2013-06-23 19:34 -------- d-----w- c:\programdata\Avira
2013-06-21 14:16 . 2013-06-21 14:16 -------- d-----w- c:\users\Utente\AppData\Roaming\HTML Executable
2013-06-21 12:02 . 2013-06-21 12:02 -------- d-----w- c:\program files (x86)\7-Zip
2013-06-20 20:39 . 2013-06-22 07:18 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-06-20 16:37 . 2013-06-20 19:09 -------- d-----w- c:\program files (x86)\Junkies Client
2013-06-20 11:32 . 2013-06-20 11:33 -------- d-----w- c:\program files (x86)\Counter-Strike Global Offensive
2013-06-20 11:32 . 2013-06-20 11:32 -------- d--h--w- c:\windows\BitLockerDiscoveryVolumeContents
2013-06-20 11:32 . 2013-06-20 11:32 -------- d-----w- c:\windows\SysWow64\1033
2013-06-20 11:32 . 2013-06-20 11:32 -------- d-----w- c:\windows\SysWow64\0409
2013-06-19 13:43 . 2013-06-19 13:43 -------- d-----w- c:\programdata\Orbit
2013-06-17 20:17 . 2013-06-17 20:17 -------- d-----w- C:\UDK
2013-06-13 18:59 . 2013-06-13 18:59 -------- d-----w- c:\program files\Microsoft Games
2013-06-13 18:42 . 2013-06-13 18:42 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-06-13 18:42 . 2013-06-13 18:42 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2013-06-13 18:29 . 2013-06-15 16:54 -------- d-----w- c:\program files (x86)\Microsoft Games
2013-06-10 08:10 . 2013-06-10 08:19 -------- d-----w- c:\program files (x86)\ZDSimulator
2013-06-10 07:30 . 2013-06-18 14:29 -------- d-----w- C:\program
2013-06-03 20:10 . 2013-06-19 07:00 -------- d-----w- c:\users\Utente\AppData\Local\Spotify
2013-06-03 20:10 . 2013-06-23 19:25 -------- d-----w- c:\users\Utente\AppData\Roaming\Spotify
2013-06-01 14:09 . 2013-06-01 14:09 -------- d-----w- c:\users\amministratore\AppData\Local\LogMeIn Hamachi
2013-05-28 11:49 . 2013-05-28 11:49 -------- d-----w- c:\windows\Symbols
2013-05-26 18:56 . 2013-05-26 18:56 -------- d-----w- c:\program files (x86)\FilesFrog Update Checker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-23 19:22 . 2010-11-21 03:24 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
2013-06-23 19:22 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2013-06-18 16:09 . 2013-01-17 21:13 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-06-16 15:27 . 2013-01-17 21:46 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-06-16 15:27 . 2013-01-17 21:13 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-06-11 21:05 . 2013-01-17 10:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 21:05 . 2013-01-17 10:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-10 21:10 . 2013-01-17 21:13 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-12 21:42 . 2013-05-23 16:17 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-05-12 21:42 . 2013-05-23 16:17 9233688 ----a-w- c:\windows\system32\nvcuda.dll
2013-05-12 21:42 . 2013-05-23 16:17 7682960 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-05-12 21:42 . 2013-05-23 16:17 7641832 ----a-w- c:\windows\system32\nvopencl.dll
2013-05-12 21:42 . 2013-05-23 16:17 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-05-12 21:42 . 2013-05-23 16:17 550176 ----a-w- c:\windows\system32\NvFBC64.dll
2013-05-12 21:42 . 2013-05-23 16:17 518944 ----a-w- c:\windows\system32\NvIFR64.dll
2013-05-12 21:42 . 2013-05-23 16:17 443168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2013-05-12 21:42 . 2013-05-23 16:17 432416 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-05-12 21:42 . 2013-05-23 16:17 421152 ----a-w- c:\windows\SysWow64\NvIFR.dll
2013-05-12 21:42 . 2013-05-23 16:17 370976 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-05-12 21:42 . 2013-05-23 16:17 2942240 ----a-w- c:\windows\system32\nvcuvid.dll
2013-05-12 21:42 . 2013-05-23 16:17 27775776 ----a-w- c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2013-05-23 16:17 2754336 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-05-12 21:42 . 2013-05-23 16:17 266448 ----a-w- c:\windows\system32\nvinitx.dll
2013-05-12 21:42 . 2013-05-23 16:17 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-05-12 21:42 . 2013-05-23 16:17 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-23 16:17 218592 ----a-w- c:\windows\system32\nvoglshim64.dll
2013-05-12 21:42 . 2013-05-23 16:17 214448 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-05-12 21:42 . 2013-05-23 16:17 21096736 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-05-12 21:42 . 2013-05-23 16:17 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-23 16:17 1832224 ----a-w- c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-23 16:17 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2013-05-12 21:42 . 2013-05-23 16:17 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-05-12 21:42 . 2013-05-23 16:17 15143904 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-05-12 21:42 . 2013-05-23 16:17 1511712 ----a-w- c:\windows\system32\nvdispgenco6432018.dll
2013-05-12 21:42 . 2013-05-23 16:17 13403168 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-05-12 21:42 . 2013-05-23 16:17 11216160 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-05-12 21:42 . 2013-01-17 09:36 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2013-01-17 09:36 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2013-01-17 09:35 12426216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-05-12 21:42 . 2013-01-17 09:35 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2013-01-17 09:35 2597344 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-05-12 20:34 . 2013-01-17 09:36 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2013-01-17 09:36 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2013-01-17 09:36 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2013-01-17 09:36 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2013-01-17 09:36 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2013-01-17 09:36 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-08 14:13 . 2013-01-17 09:36 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-04-24 21:53 . 2013-04-24 21:53 69632 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{84178AE8-C22D-48CB-A6BA-D116FD3FE469}\ARPPRODUCTICON.exe
2013-04-24 21:53 . 2013-04-24 21:53 49152 ----a-r- c:\users\Utente\AppData\Roaming\Microsoft\Installer\{84178AE8-C22D-48CB-A6BA-D116FD3FE469}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-04-04 03:35 . 2013-04-20 21:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-01 802136]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-27 3093624]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Spotify Web Helper"="c:\users\Utente\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-17 1104384]
"Spotify"="c:\users\Utente\AppData\Roaming\Spotify\spotify.exe" [2013-06-17 4643328]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 {A913D9BD-84F9-4008-9D31-BE95EA50709A};{A913D9BD-84F9-4008-9D31-BE95EA50709A};c:\users\Public\{A913D9BD-84F9-4008-9D31-BE95EA50709A}.sys;c:\users\Public\{A913D9BD-84F9-4008-9D31-BE95EA50709A}.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187B.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 10:05 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-17 21:05]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-05 03:46]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-05 03:46]
.
2013-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2045785519-4204638564-1038971102-1000Core.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 03:46]
.
2013-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2045785519-4204638564-1038971102-1000UA.job
- c:\users\Utente\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-24 03:46]
.
2013-03-24 c:\windows\Tasks\pc-dis-upd.job
- c:\program files (x86)\PC Cleaners\PCCleaners.exe [2013-03-06 11:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://search.easylifeapp.com/?pid=625&src=ie1&r=2013/03/10&hid=779083291&lg=EN&cc=IT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eoo31zo8.default-1364152048343\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=it_IT
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10267&gct=hp&dc=EU&locale=it_IT
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-SweetIM - c:\users\Utente\AppData\Roaming\468644\468644.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Explorer_Run-34372 - c:\progra~3\LOCALS~1\Temp\msnchi.com
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9e,ae,b1,8c,75,70,c8,4b,30,73,0b,df,e8,2b,47,6a,8e,fa,b7,0a,12,
5d,f3,03,b5,d1,cf,7c,94,cc,63,3f,46,d5,b6,22,e1,0f,56,95,74,9e,b2,02,08,8b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @DenieD: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9e,ae,b1,8c,75,70,c8,4b,30,73,0b,df,e8,2b,47,6a,8e,fa,b7,0a,12,
5d,f3,03,b5,d1,cf,7c,94,cc,63,3f,46,d5,b6,22,e1,0f,56,95,74,9e,b2,02,08,8b,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2013-06-23 21:49:50 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-06-23 19:49
.
Pre-Run: 212.644.663.296 byte disponibili
Post-Run: 212.524.634.112 byte disponibili
.
- - End Of File - - 476C482A58C24FB0355AC563CA521EAE
A36C5E4F47E84449FF07ED3517B43A31
 
Ciao Niki Lombardo

il problema è causato dal rootkit.
Esegui tdsskiller come ti ho indicato e posta il report.

Esegui anche questa scansione
scarica Farbar Service Scanner Download
sul desktop.Avvialo con un doppio click , spunta tutte le opzioni seguito da SCAN.
Allega il log.
 
Ho individuato il problema.
La prima regola fondamentale è quella di seguirmi passo per passo e di chiedermi qualsiasi cosa nel caso hai dubbi.
Ora scarica CFScript.txt in allegato qui in basso sul desktop.
Trascinalo nell'icona rossa di combofix e aspetta tutto il processo senza interferire minimamente.
Dopo il riavvio automatico , posta il log (Combofix.txt che trovi anche in C:\).

Poi
scarica SystemLook sul desktop.
Tasto destro - esegui come amministratore
copia questo codice nel box vuoto

:filefind
afd.sys
Clicca per espandere...

clicca su LOOK , posta il report fuoriuscito in allegato.

P.S:cortesemente , i log allegali su WikiFortio - Wikifortio (scegli file-upload-copia il forum link qui).
 

Allegati

Hai eseguito lo script senza che nessun programma interferisse?anche con la connessione disattivata?
prova ad eseguirlo con il file che ti ho allegato.
Se si blocca , riavvia in modalità provvisoria ed esegui sempre quest'ultimo.
 

Allegati

OK.
Adesso cancella CFScript.txt che hai sul desktop.
Riscarica questo qui sul desktop e trascinalo.
Attendi nuovamente e posta il report fuoriuscito.
Rifai la scansione con FSS e posta il report , verificando la connessione.
 

Allegati

Ciao Niki , ho sbagliato io con un carattere nello script che non ha permesso a Combofix di eseguire l'operazione.
Rifai con il file in allegato.
 

Allegati

Pubblicità
Pubblicità
Indietro
Top