Help! Analisi log file combofix

FloW_Of_CoNsCioUsNeSs · 26-09-2012, 17:07

Ciao a tutti.
Ho utilizzato combofix per risolvere una "disastrosa" situazione sul pc di mia sorella. Potreste dare un'occhiata al log file per confermarmi che il problema è stato risolto? Era davvero un disastro, ma pare che almeno i browsers internet ora funzionino correttamente, e la navigazione sembra ok. grazie mille per l'aiuto

tecnico24 · 05-10-2012, 13:05

Il pc era infetto da ZeroAccess.
Fai questa ulteriore verifica , scarica RogueKiller:
http://www.sur-la-toile.com/RogueKiller/
sul desktop.
Avvia RogueKiller.exe
Aspetta il caricamento
Clicca su Accept
Clicca su Scan in alto a destra
Quando ha finito ti mostra un report , altrimenti se non lo fa clicca sul pulsante Report e allega il suo log.

Bachba1983 · 21-01-2014, 17:51

salve sono nuovo e non troppo esperto di software tanto meno di virus, ma credo di essere infetto. Ho fatto una scansione con Combofix e non riesco a capire dal log se il problema è risolto. Qualcuno può darmi una mano? Credo sia urgente. Grazie mille

ecco il log:

ComboFix 14-01-21.02 - gennaro 21/01/2014 16:16:16.9.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4030.2547 [GMT 1:00]
Eseguito da: c:\users\gennaro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK9XB5Y3\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-12-21 al 2014-01-21 )))))))))))))))))))))))))))))))))))
.
.
2014-01-21 15:25 . 2014-01-21 15:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-21 15:25 . 2014-01-21 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-21 15:25 . 2014-01-21 15:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-01-21 14:25 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F11A8FA0-1925-4BD5-BAA0-2B279FD6DF48}\mpengine.dll
2014-01-15 09:07 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 09:07 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 09:07 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 09:07 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 09:07 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 09:07 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 09:07 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 09:07 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 09:07 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 17:24 . 2011-06-09 12:38 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-20 17:37 . 2013-09-13 23:54 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-20 17:37 . 2013-09-13 23:54 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-20 17:37 . 2013-09-13 23:54 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-12-18 05:13 . 2011-06-17 23:34 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-15 15:26 . 2012-04-15 18:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-15 15:26 . 2011-11-03 09:38 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 17:39 . 2013-09-13 23:54 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-26 11:54 . 2013-12-15 21:51 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 11:33 . 2013-11-26 11:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 11:33 . 2013-11-26 11:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-26 11:33 . 2013-11-26 11:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-26 11:33 . 2013-11-26 11:33 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-26 11:33 . 2013-11-26 11:33 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-26 11:33 . 2013-11-26 11:33 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-26 11:33 . 2013-11-26 11:33 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-26 11:33 . 2013-11-26 11:33 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 11:33 . 2013-11-26 11:33 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-26 11:33 . 2013-11-26 11:33 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 11:33 . 2013-11-26 11:33 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-26 11:33 . 2013-11-26 11:33 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 11:33 . 2013-11-26 11:33 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-26 11:33 . 2013-11-26 11:33 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-26 11:33 . 2013-11-26 11:33 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-26 11:33 . 2013-11-26 11:33 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-26 11:33 . 2013-11-26 11:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-26 11:33 . 2013-11-26 11:33 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-26 11:33 . 2013-11-26 11:33 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-26 11:33 . 2013-11-26 11:33 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 11:33 . 2013-11-26 11:33 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-26 11:33 . 2013-11-26 11:33 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-26 11:33 . 2013-11-26 11:33 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-26 11:33 . 2013-11-26 11:33 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-26 11:33 . 2013-11-26 11:33 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-26 11:33 . 2013-11-26 11:33 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-26 11:33 . 2013-11-26 11:33 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-26 11:33 . 2013-11-26 11:33 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 11:33 . 2013-11-26 11:33 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-26 11:33 . 2013-11-26 11:33 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 11:33 . 2013-11-26 11:33 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-26 11:33 . 2013-11-26 11:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-26 11:33 . 2013-11-26 11:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 11:33 . 2013-11-26 11:33 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-26 11:33 . 2013-11-26 11:33 413696 ----a-w- c:\windows\system32\html.iec
2013-11-26 11:33 . 2013-11-26 11:33 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 11:33 . 2013-11-26 11:33 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-26 11:33 . 2013-11-26 11:33 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-26 11:33 . 2013-11-26 11:33 235520 ----a-w- c:\windows\system32\url.dll
2013-11-26 11:33 . 2013-11-26 11:33 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-26 11:33 . 2013-11-26 11:33 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-26 11:33 . 2013-11-26 11:33 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 11:33 . 2013-11-26 11:33 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 11:33 . 2013-11-26 11:33 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 11:33 . 2013-11-26 11:33 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-26 11:33 . 2013-11-26 11:33 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 11:33 . 2013-11-26 11:33 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-26 11:33 . 2013-11-26 11:33 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-26 11:33 . 2013-11-26 11:33 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-26 11:33 . 2013-11-26 11:33 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 11:33 . 2013-11-26 11:33 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 11:33 . 2013-11-26 11:33 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 11:33 . 2013-11-26 11:33 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-26 11:33 . 2013-11-26 11:33 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 11:33 . 2013-11-26 11:33 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-26 11:33 . 2013-11-26 11:33 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 11:33 . 2013-11-26 11:33 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 11:33 . 2013-11-26 11:33 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:33 . 2013-11-26 11:33 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 10:19 . 2013-12-15 21:51 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-15 21:51 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-15 21:51 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-15 21:51 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-15 21:51 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-15 21:51 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-15 21:51 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-15 21:51 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-15 21:51 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-15 21:51 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-15 21:51 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-15 21:51 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-15 21:51 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-15 21:51 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-15 21:51 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-15 21:51 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-15 21:51 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-15 21:51 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-15 21:51 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-15 21:51 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-15 21:51 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-15 21:51 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-15 21:51 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-15 14:58 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-15 14:58 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-15 14:57 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-15 14:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-15 14:58 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-15 14:58 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-04-16 21:46 . 2013-04-16 21:46 164955 ----a-w- c:\program files (x86)\Uninstall-OM-6.6.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:17 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"PosService"="" [BU]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-20 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-01 152392]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 6498747drv;6498747drv;c:\windows\system32\DRIVERS\6498747drv.sys;c:\windows\SYSNATIVE\DRIVERS\6498747drv.sys [x]
R1 7093729drv;7093729drv;c:\windows\system32\DRIVERS\7093729drv.sys;c:\windows\SYSNATIVE\DRIVERS\7093729drv.sys [x]
R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys;c:\windows\SYSNATIVE\drivers\ctredr15.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 PowerOffer Service;Pos Service;c:\users\gennaro\AppData\Local\PosService\Pos.exe;c:\users\gennaro\AppData\Local\PosService\Pos.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Servizio di aggiornamento Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 11:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 15:26]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 10:11]
.
2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26 10:11]
.
2014-01-18 c:\windows\Tasks\HPCeeScheduleForgennaro.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]

.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-12-20 19:17 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 21720]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{3E881911-19F2-4943-8CE2-6276305CDA5E}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{93124077-C0A9-4E87-8DA1-3D78D900E4DA}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E43B0AA3-FA88-4844-8095-6CB105327F8A}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E43B0AA3-FA88-4844-8095-6CB105327F8A}\77C616E6D21607: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E43B0AA3-FA88-4844-8095-6CB105327F8A}\C61627160223: NameServer = 8.8.8.8,8.8.4.4
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-01-21 17:01:22
ComboFix-quarantined-files.txt 2014-01-21 16:01
ComboFix2.txt 2014-01-18 22:13
ComboFix3.txt 2013-11-10 10:29
ComboFix4.txt 2013-11-10 00:08
ComboFix5.txt 2014-01-21 15:15
.
Pre-Run: 386.173.620.224 byte disponibili
Post-Run: 386.091.524.096 byte disponibili

05-10-2012, 13:05	#2
tecnico24 Bannato Iscritto dal: Oct 2008 Messaggi: 11	Il pc era infetto da ZeroAccess. Fai questa ulteriore verifica , scarica RogueKiller: http://www.sur-la-toile.com/RogueKiller/ sul desktop. Avvia RogueKiller.exe Aspetta il caricamento Clicca su Accept Clicca su Scan in alto a destra Quando ha finito ti mostra un report , altrimenti se non lo fa clicca sul pulsante Report e allega il suo log.

Strumenti
Mostra una versione stampabile Invia questa pagina per email