USB : Cartelle in Collegamenti

archgiacomo89 · 13-01-2014, 08:25

Salve, premetto che è la prima volta che scrivo su un forum quindi non so se ho sbagliato sezione, ho un grosso problema da esporvi.
Tutti i file nella mia penna usb sono diventati collegamenti, ho provato a risolvere la situazione con combo fix, con i comandi su promt, con malwarebytes e tante altre soluzioni ma niente, ogni volta che apro la penna non ci sono cartelle ma solo collegamenti. nella cartella ora mi compare la mia cartella come nascosta, una cartella con lo stesso nome ma è un link e un file (che presumo essere il virus) che si chiama photo 2013 45151545124.jpg______________
attendo vostre indicazioni

archgiacomo89 · 13-01-2014, 08:50

vi allego il risultato di combo fix:
ComboFix 14-01-12.01 - Giacomo 13/01/2014 10.38.34.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.39.1040.18.8084.6367 [GMT 2:00]
Eseguito da: c:\users\Giacomo\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Giacomo\AppData\Local\assembly\tmp
c:\users\Giacomo\AppData\Roaming\photo 2013 45151545124.jpg______________.vbs
.
.
((((((((((((((((((((((((( Files Creati Da 2013-12-13 al 2014-01-13 )))))))))))))))))))))))))))))))))))
.
.
2014-01-13 08:45 . 2014-01-13 08:45 -------- d-----w- c:\users\Giacomo\AppData\Local\temp
2014-01-13 08:45 . 2014-01-13 08:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Malwarebytes
2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-13 07:26 . 2014-01-13 07:26 -------- d-----w- c:\programdata\Malwarebytes
2014-01-13 07:26 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-13 07:01 . 2014-01-13 07:01 -------- d-----w- c:\users\Giacomo\AppData\Roaming\LockHunter
2014-01-13 06:59 . 2014-01-13 06:59 -------- d-----w- c:\program files\LockHunter
2014-01-13 01:17 . 2014-01-13 01:17 -------- d-----w- c:\users\Giacomo\AppData\Local\VNT
2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\program files (x86)\VNT
2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\programdata\AskPartnerNetwork
2014-01-13 01:16 . 2014-01-13 01:16 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2014-01-13 01:15 . 2014-01-13 01:15 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Avira
2014-01-13 01:15 . 2014-01-13 01:15 -------- d-----w- c:\programdata\APN
2014-01-13 01:14 . 2014-01-13 01:14 -------- d-----w- c:\users\Giacomo\AppData\Local\CyberLink
2014-01-13 01:06 . 2013-12-13 13:04 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-01-13 01:06 . 2013-12-13 13:04 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-13 01:06 . 2013-12-13 13:04 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-13 01:06 . 2013-12-13 13:04 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-13 01:06 . 2014-01-13 01:06 -------- d-----w- c:\programdata\Avira
2014-01-13 01:06 . 2014-01-13 01:06 -------- d-----w- c:\program files (x86)\Avira
2014-01-13 01:04 . 2013-12-04 03:28 10315576 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F44075A2-A12A-4D33-A16A-7BE0B40B3593}\mpengine.dll
2014-01-12 23:33 . 2014-01-12 23:33 -------- d-----w- c:\program files (x86)\Ripara USB
2014-01-12 11:12 . 2014-01-12 15:31 -------- d-----w- c:\programdata\McNeel
2014-01-12 10:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01C0DBD9-F223-4ED3-9638-40256EC6E0D3}\mpengine.dll
2014-01-11 19:46 . 2013-11-24 10:22 296093 --sha-w- c:\users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\photo 2013 45151545124.jpg______________.vbs
2014-01-10 07:54 . 2014-01-10 07:55 -------- d-----w- c:\users\Giacomo\AppData\Local\Google
2014-01-03 21:01 . 2014-01-03 21:01 -------- d-----w- c:\users\Giacomo\AppData\Local\Diagnostics
2014-01-03 14:07 . 2014-01-03 14:10 -------- d-----w- C:\Fifa98
2014-01-03 13:43 . 2014-01-03 13:45 -------- d-----w- c:\program files (x86)\Hogs of War
2014-01-03 12:29 . 2014-01-13 01:14 -------- d-----w- c:\users\Giacomo\AppData\Roaming\CyberLink
2014-01-03 12:29 . 2014-01-03 12:29 -------- d-----w- c:\users\Public\CyberLink
2014-01-02 14:46 . 2012-06-25 08:24 92536 ----a-w- c:\windows\system32\drivers\CLVirtualDrive.sys
2014-01-02 14:46 . 2014-01-02 14:46 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2014-01-01 13:20 . 2014-01-03 12:30 -------- d-----w- c:\users\Giacomo\AppData\Local\Spotify
2014-01-01 13:20 . 2014-01-12 16:07 -------- d-----w- c:\users\Giacomo\AppData\Roaming\Spotify
2013-12-31 16:37 . 2013-12-31 16:40 -------- d-----w- C:\Games
2013-12-30 17:34 . 2013-12-30 17:34 -------- d-----w- c:\windows\LastGood.Tmp
2013-12-30 17:34 . 2013-12-30 17:33 495856 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-12-30 17:34 . 2013-12-30 17:33 264432 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-12-30 17:34 . 2013-12-30 17:33 192240 ----a-w- c:\windows\system32\SynTPCo18.dll
2013-12-30 17:34 . 2013-12-30 17:33 151280 ----a-w- c:\windows\SysWow64\SynTPCom.dll
2013-12-30 17:33 . 2013-12-30 17:33 544496 ----a-w- c:\windows\SysWow64\SynCom.dll
2013-12-30 17:33 . 2013-12-30 17:33 1060080 ----a-w- c:\windows\system32\SynCOM.dll
2013-12-30 17:33 . 2013-12-30 17:33 33008 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2013-12-30 15:34 . 2013-12-30 15:34 -------- d-----w- c:\programdata\Electronic Arts
2013-12-30 15:03 . 2013-12-30 15:03 -------- d-----w- c:\programdata\Origin
2013-12-29 18:27 . 2014-01-10 07:58 -------- d-----w- c:\users\Giacomo\AppData\Roaming\uTorrent
2013-12-27 11:15 . 2013-12-27 11:15 236208 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10229.bin
2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\programdata\Oracle
2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-12-26 20:05 . 2013-12-26 20:05 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-26 20:05 . 2013-12-26 20:05 -------- d-----w- c:\program files (x86)\Java
2013-12-21 12:20 . 2013-12-21 12:20 -------- d-----r- c:\windows\BrowserChoice
2013-12-15 08:38 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 08:38 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-02 16:19 . 2012-12-28 13:50 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-01-02 16:19 . 2012-12-28 13:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-01-02 16:19 . 2012-12-28 13:50 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-12-21 12:17 . 2013-11-28 10:59 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 00:53 . 2012-07-26 08:14 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-28 15:00 . 2013-11-28 15:00 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-28 15:00 . 2013-11-28 15:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-27 23:48 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-11-23 06:43 . 2013-12-11 15:52 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 15:52 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-19 10:21 . 2013-12-01 11:17 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-06 23:18 . 2013-12-11 15:52 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-11-01 05:38 . 2013-12-11 15:52 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-11-01 03:49 . 2013-12-11 15:52 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-27 21:41 . 2013-12-11 15:54 965000 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7342987-9403-409A-8590-085D585CD8A7}\gapaengine.dll
2013-10-25 06:19 . 2013-12-11 15:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-11 15:53 2241536 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-11 15:53 915968 ----a-w- c:\windows\system32\uxtheme.dll
2013-10-25 06:19 . 2013-12-11 15:53 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-11 15:54 19271168 ----a-w- c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-11 15:53 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-11 15:53 3959808 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-11 15:53 855552 ----a-w- c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-11 15:53 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-11 15:53 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-11 15:53 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-11 15:53 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-10-19 05:45 . 2013-12-11 15:52 62976 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 04:04 . 2013-12-11 15:52 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" [2013-12-20 12240]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-4300-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-10 19:47 222832 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-01-08 55360]
"Spotify Web Helper"="c:\users\Giacomo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-01 1168896]
"Spotify"="c:\users\Giacomo\AppData\Roaming\Spotify\spotify.exe" [2014-01-01 5951488]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-01-27 1711680]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]
"photo 2013 45151545124"="wscript.exe" [2012-07-26 131584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-04 642216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-13 684600]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-12-20 1778640]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-12-20 202192]
.
c:\users\Giacomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
photo 2013 45151545124.jpg______________.vbs [2013-11-24 296093]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Servizio di aggiornamento Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Tecnologia Intel(R) Rapid Storage;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-10 07:55 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 07:54]
.
2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-10 07:54]
.
2014-01-12 c:\windows\Tasks\HPCeeScheduleForGiacomo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7}]
2013-12-20 21:02 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-4300-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll" [2013-12-20 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-12-10 19:47 261744 ----a-w- c:\users\Giacomo\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-04 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-04 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-04 441888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-12-12 21720]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Giacomo\AppData\Roaming\Mozilla\Firefox\Profiles\djp216hm.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - ExtSQL: 2013-11-28 02:18; FFPDFArchitectConverter@pdfarchitect.com; c:\program files (x86)\PDF Architect\FFPDFArchitectExt
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2014-01-13 10:46:58
ComboFix-quarantined-files.txt 2014-01-13 08:46
ComboFix2.txt 2014-01-13 00:28
.
Pre-Run: 368.865.476.608 byte disponibili
Post-Run: 368.589.176.832 byte disponibili
.
- - End Of File - - F6847DA4DEBD3FE431EBE7D8E176CE4B

Danilo Cecconi · 13-01-2014, 09:42

Ciao, benvenuto nel forum.
Usa il tasto "Segnala" e chiedi ai moderatori che ti spostino la discussione nella sezione "Antivirus e sicurezza". Qui non sei nella sezione giusta

PS: Non ne aprire una nuova che è considerato crossposting.

13-01-2014, 08:25	#1
archgiacomo89 Junior Member Iscritto dal: Jan 2014 Messaggi: 2	USB : Cartelle in Collegamenti Salve, premetto che è la prima volta che scrivo su un forum quindi non so se ho sbagliato sezione, ho un grosso problema da esporvi. Tutti i file nella mia penna usb sono diventati collegamenti, ho provato a risolvere la situazione con combo fix, con i comandi su promt, con malwarebytes e tante altre soluzioni ma niente, ogni volta che apro la penna non ci sono cartelle ma solo collegamenti. nella cartella ora mi compare la mia cartella come nascosta, una cartella con lo stesso nome ma è un link e un file (che presumo essere il virus) che si chiama photo 2013 45151545124.jpg______________ attendo vostre indicazioni

13-01-2014, 09:42	#3
Danilo Cecconi Senior Member Iscritto dal: Nov 2008 Città: SPOLETO. Asus M5A88 V Evo-Phenom II x4 955 BE-8GB DDR3 1333-SSD Samsung 850 Evo 120GB+840 Pro 128GB-ATI Radeon HD4670-Win 10Pro-AU x64+Win 8.1.1Pro x64 Messaggi: 6967	Ciao, benvenuto nel forum. Usa il tasto "Segnala" e chiedi ai moderatori che ti spostino la discussione nella sezione "Antivirus e sicurezza". Qui non sei nella sezione giusta PS: Non ne aprire una nuova che è considerato crossposting. __________________ L'uomo è l'essere più strano dell'universo: si rovina la salute per fare i soldi, poi spende i soldi per recuperare la salute.Dalai Lama S.M.A.R.T. Nella vita ci sono cose più importanti dei soldi, il guaio è che servono i soldi per comprarle! A Colaciooooooneee! Concluso con: jonny1, al17, stek23, nicola001, s.cidone ; Flash_80_

Strumenti
Mostra una versione stampabile Invia questa pagina per email