|
|
|
|
Strumenti |
13-01-2014, 08:25 | #1 |
Junior Member
Iscritto dal: Jan 2014
Messaggi: 2
|
USB : Cartelle in Collegamenti
Salve, premetto che è la prima volta che scrivo su un forum quindi non so se ho sbagliato sezione, ho un grosso problema da esporvi.
Tutti i file nella mia penna usb sono diventati collegamenti, ho provato a risolvere la situazione con combo fix, con i comandi su promt, con malwarebytes e tante altre soluzioni ma niente, ogni volta che apro la penna non ci sono cartelle ma solo collegamenti. nella cartella ora mi compare la mia cartella come nascosta, una cartella con lo stesso nome ma è un link e un file (che presumo essere il virus) che si chiama photo 2013 45151545124.jpg______________ attendo vostre indicazioni |
13-01-2014, 08:50 | #2 |
Junior Member
Iscritto dal: Jan 2014
Messaggi: 2
|
vi allego il risultato di combo fix:
ComboFix 14-01-12.01 - Giacomo 13/01/2014 10.38.34.2.4 - x64 Microsoft Windows 8 6.2.9200.0.1252.39.1040.18.8084.6367 [GMT 2:00] Eseguito da: c:\users\Giacomo\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Giacomo\AppData\Local\assembly\tmp c:\users\Giacomo\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs . . ((((((((((((((((((((((((( Files Creati Da 2013-12-13 al 2014-01-13 ))))))))))))))))))))))))))))))))))) . . 2014-01-13 08:45 . 2014-01-13 08:45 -------- d-----w- c:\users\Giacomo\AppData\Local\temp 2014-01-13 08:45 . 2014-01-13 08:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Malwarebytes 2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\programdata\Malwarebytes 2014-01-13 07:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-01-13 07:01 . 2014-01-13 07:01 -------- d-----w- c:\users\Giacomo\AppData\Roaming\LockHunter 2014-01-13 06:59 . 2014-01-13 06:59 -------- d-----w- c:\program files\LockHunter 2014-01-13 01:17 . 2014-01-13 01:17 -------- d-----w- c:\users\Giacomo\AppData\Local\VNT 2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\program files (x86)\VNT 2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\programdata\AskPartnerNetwork 2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\program files (x86)\AskPartnerNetwork 2014-01-13 01:15 . 2014-01-13 01:15 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Avira 2014-01-13 01:15 . 2014-01-13 01:15 -------- d-----w- c:\programdata\APN 2014-01-13 01:14 . 2014-01-13 01:14 -------- d-----w- c:\users\Giacomo\AppData\Local\CyberLink 2014-01-13 01:06 . 2013-12-13 13:04 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2014-01-13 01:06 . 2013-12-13 13:04 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2014-01-13 01:06 . 2013-12-13 13:04 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys 2014-01-13 01:06 . 2013-12-13 13:04 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2014-01-13 01:06 . 2014-01-13 01:06 -------- d-----w- c:\programdata\Avira 2014-01-13 01:06 . 2014-01-13 01:06 -------- d-----w- c:\program files (x86)\Avira 2014-01-13 01:04 . 2013-12-04 03:28 10315576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F44075A2-A12A-4D33-A16A-7BE0B40B3593}\mpengine.dll 2014-01-12 23:33 . 2014-01-12 23:33 -------- d-----w- c:\program files (x86)\Ripara USB 2014-01-12 11:12 . 2014-01-12 15:31 -------- d-----w- c:\programdata\McNeel 2014-01-12 10:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01C0DBD9-F223-4ED3-9638-40256EC6E0D3}\mpengine.dll 2014-01-11 19:46 . 2013-11-24 10:22 296093 --sha-w- c:\users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\photo 2013 45151545124.jpg______________.vbs 2014-01-10 07:54 . 2014-01-10 07:55 -------- d-----w- c:\users\Giacomo\AppData\Local\Google 2014-01-03 21:01 . 2014-01-03 21:01 -------- d-----w- c:\users\Giacomo\AppData\Local\Diagnostics 2014-01-03 14:07 . 2014-01-03 14:10 -------- d-----w- C:\Fifa98 2014-01-03 13:43 . 2014-01-03 13:45 -------- d-----w- c:\program files (x86)\Hogs of War 2014-01-03 12:29 . 2014-01-13 01:14 -------- d-----w- c:\users\Giacomo\AppData\Roaming\CyberLink 2014-01-03 12:29 . 2014-01-03 12:29 -------- d-----w- c:\users\Public\CyberLink 2014-01-02 14:46 . 2012-06-25 08:24 92536 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys 2014-01-02 14:46 . 2014-01-02 14:46 -------- d-----w- c:\program files (x86)\Common Files\CyberLink 2014-01-01 13:20 . 2014-01-03 12:30 -------- d-----w- c:\users\Giacomo\AppData\Local\Spotify 2014-01-01 13:20 . 2014-01-12 16:07 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Spotify 2013-12-31 16:37 . 2013-12-31 16:40 -------- d-----w- C:\Games 2013-12-30 17:34 . 2013-12-30 17:34 -------- d-----w- c:\windows\LastGood.Tmp 2013-12-30 17:34 . 2013-12-30 17:33 495856 ----a-w- c:\windows\system32\drivers\SynTP.sys 2013-12-30 17:34 . 2013-12-30 17:33 264432 ----a-w- c:\windows\system32\SynTPAPI.dll 2013-12-30 17:34 . 2013-12-30 17:33 192240 ----a-w- c:\windows\system32\SynTPCo18.dll 2013-12-30 17:34 . 2013-12-30 17:33 151280 ----a-w- c:\windows\SysWow64\SynTPCom.dll 2013-12-30 17:33 . 2013-12-30 17:33 544496 ----a-w- c:\windows\SysWow64\SynCom.dll 2013-12-30 17:33 . 2013-12-30 17:33 1060080 ----a-w- c:\windows\system32\SynCOM.dll 2013-12-30 17:33 . 2013-12-30 17:33 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-12-30 15:34 . 2013-12-30 15:34 -------- d-----w- c:\programdata\Electronic Arts 2013-12-30 15:03 . 2013-12-30 15:03 -------- d-----w- c:\programdata\Origin 2013-12-29 18:27 . 2014-01-10 07:58 -------- d-----w- c:\users\Giacomo\AppData\Roaming\uTorrent 2013-12-27 11:15 . 2013-12-27 11:15 236208 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin 2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\programdata\Oracle 2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-12-26 20:05 . 2013-12-26 20:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\program files (x86)\Java 2013-12-21 12:20 . 2013-12-21 12:20 -------- d-----r- c:\windows\BrowserChoice 2013-12-15 08:38 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-12-15 08:38 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-02 16:19 . 2012-12-28 13:50 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2014-01-02 16:19 . 2012-12-28 13:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2014-01-02 16:19 . 2012-12-28 13:50 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll 2013-12-21 12:17 . 2013-11-28 10:59 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-04 00:53 . 2012-07-26 08:14 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-04 00:53 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-11-28 15:00 . 2013-11-28 15:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin 2013-11-28 15:00 . 2013-11-28 15:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-11-27 23:48 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-11-23 06:43 . 2013-12-11 15:52 420864 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-23 05:05 . 2013-12-11 15:52 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-19 10:21 . 2013-12-01 11:17 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-11-06 23:18 . 2013-12-11 15:52 4036608 ----a-w- c:\windows\system32\win32k.sys 2013-11-01 05:38 . 2013-12-11 15:52 312320 ----a-w- c:\windows\system32\msieftp.dll 2013-11-01 03:49 . 2013-12-11 15:52 273408 ----a-w- c:\windows\SysWow64\msieftp.dll 2013-10-27 21:41 . 2013-12-11 15:54 965000 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7342987-9403-409A-8590-085D585CD8A7}\gapaengine.dll 2013-10-25 06:19 . 2013-12-11 15:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-10-25 06:19 . 2013-12-11 15:53 2241536 ----a-w- c:\windows\system32\wininet.dll 2013-10-25 06:19 . 2013-12-11 15:53 915968 ----a-w- c:\windows\system32\uxtheme.dll 2013-10-25 06:19 . 2013-12-11 15:53 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-10-25 06:18 . 2013-12-11 15:54 19271168 ----a-w- c:\windows\system32\mshtml.dll 2013-10-25 06:18 . 2013-12-11 15:53 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-10-25 06:17 . 2013-12-11 15:53 3959808 ----a-w- c:\windows\system32\jscript9.dll 2013-10-25 06:17 . 2013-12-11 15:53 855552 ----a-w- c:\windows\system32\jscript.dll 2013-10-25 06:17 . 2013-12-11 15:53 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-10-25 06:17 . 2013-12-11 15:53 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-10-25 04:45 . 2013-12-11 15:53 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-10-25 04:43 . 2013-12-11 15:53 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-10-19 05:45 . 2013-12-11 15:52 62976 ----a-w- c:\windows\system32\imagehlp.dll 2013-10-19 04:04 . 2013-12-11 15:52 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] 2013-12-20 21:02 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240] . [HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360] "Spotify Web Helper"="c:\users\Giacomo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-01 1168896] "Spotify"="c:\users\Giacomo\AppData\Roaming\Spotify\spotify.exe" [2014-01-01 5951488] "Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-01-27 1711680] "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160] "photo 2013 45151545124"="wscript.exe" [2012-07-26 131584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-04 642216] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-13 684600] "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640] "VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-12-20 202192] . c:\users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ photo 2013 45151545124.jpg______________.vbs [2013-11-24 296093] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x] S2 APNMCP;Servizio di aggiornamento Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x] S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Tecnologia Intel(R) Rapid Storage;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x] S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] apphost REG_MULTI_SZ apphostsvc iissvcs REG_MULTI_SZ w3svc was . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-01-10 07:55 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Contenuto della cartella 'Scheduled Tasks' . 2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 07:54] . 2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 07:54] . 2014-01-12 c:\windows\Tasks\HPCeeScheduleForGiacomo.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}] 2013-12-20 21:02 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2013-12-20 13776] . [HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-04 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-04 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-04 441888] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-12 21720] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Giacomo\AppData\Roaming\Mozilla\Firefox\Profiles\djp216hm.default\ FF - prefs.js: browser.startup.homepage - www.google.it FF - ExtSQL: 2013-11-28 02:18; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt . - - - - CHIAVI ORFANE RIMOSSE - - - - . AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Ora fine scansione: 2014-01-13 10:46:58 ComboFix-quarantined-files.txt 2014-01-13 08:46 ComboFix2.txt 2014-01-13 00:28 . Pre-Run: 368.865.476.608 byte disponibili Post-Run: 368.589.176.832 byte disponibili . - - End Of File - - F6847DA4DEBD3FE431EBE7D8E176CE4B |
13-01-2014, 09:42 | #3 |
Senior Member
Iscritto dal: Nov 2008
Città: SPOLETO. Asus M5A88 V Evo-Phenom II x4 955 BE-8GB DDR3 1333-SSD Samsung 850 Evo 120GB+840 Pro 128GB-ATI Radeon HD4670-Win 10Pro-AU x64+Win 8.1.1Pro x64
Messaggi: 6967
|
Ciao, benvenuto nel forum.
Usa il tasto "Segnala" e chiedi ai moderatori che ti spostino la discussione nella sezione "Antivirus e sicurezza". Qui non sei nella sezione giusta PS: Non ne aprire una nuova che è considerato crossposting.
__________________
L'uomo è l'essere più strano dell'universo: si rovina la salute per fare i soldi, poi spende i soldi per recuperare la salute.Dalai Lama S.M.A.R.T. Nella vita ci sono cose più importanti dei soldi, il guaio è che servono i soldi per comprarle! A Colaciooooooneee! Concluso con: jonny1, al17, stek23, nicola001, s.cidone ; Flash_80_ |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:37.