Virus e report da sottoporvi

**raistilin** · 21-02-2013, 11:42

ora Combofix:

ComboFix 13-02-20.01 - Donato 21/02/2013 9:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3949.2390 [GMT 1:00]
Eseguito da: c:\users\Donato\Desktop\abc.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-21 al 2013-02-21 )))))))))))))))))))))))))))))))))))
.
.
2013-02-21 08:52 . 2013-02-21 08:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-21 08:52 . 2013-02-21 08:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-02-21 08:52 . 2013-02-21 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-21 07:39 . 2013-02-21 07:39 388096 ----a-r- c:\users\Donato\AppData\Roaming\Microsoft\Installe r\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-21 07:39 . 2013-02-21 07:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-02-20 20:35 . 2013-02-20 20:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-20 20:35 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-20 20:34 . 2013-02-20 20:34 -------- d-----w- c:\users\Donato\AppData\Local\Programs
2013-02-20 20:26 . 2013-02-20 23:20 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E49B1AB-C0BC-41E3-BDAF-B7E7E00751BE}\offreg.dll
2013-02-20 20:18 . 2013-02-19 02:57 9162192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4E49B1AB-C0BC-41E3-BDAF-B7E7E00751BE}\mpengine.dll
2013-02-20 20:18 . 2012-01-31 03:59 279656 ------w- c:\windows\system32\MpSigStub.exe
2013-02-20 20:10 . 2013-02-20 20:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-02-20 20:10 . 2013-02-20 20:10 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-20 19:57 . 2013-02-20 19:57 -------- d-----w- c:\windows\system32\MpEngineStore
2013-02-17 19:31 . 2013-02-17 19:36 -------- d-----w- c:\windows\system32\catroot2
2013-02-16 22:09 . 2013-02-16 22:10 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-02-16 22:07 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2013-02-16 22:06 . 2013-02-16 22:06 -------- d-----w- C:\RegBackup
2013-02-16 21:59 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-16 21:59 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-16 21:59 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-02-16 21:59 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-16 21:59 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-16 21:59 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-16 21:58 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-16 21:58 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-02-16 21:58 . 2013-02-16 21:58 -------- d-----w- c:\program files\AVAST Software
2013-02-02 05:53 . 2013-02-16 22:13 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-02-02 05:53 . 2013-02-16 22:13 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-02-02 05:53 . 2013-02-02 05:53 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-01-28 10:39 . 2013-01-28 11:17 -------- d-----w- c:\programdata\Ecrion
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2013-02-12 09:21 . 2012-04-07 09:11 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 09:21 . 2011-11-08 19:51 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-15 15:56 . 2012-05-29 06:21 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2011-07-14 11:09 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-29 10:41 220608 ----a-w- c:\users\Donato\AppData\Local\Microsoft\SkyDrive\1 6.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-29 10:41 220608 ----a-w- c:\users\Donato\AppData\Local\Microsoft\SkyDrive\1 6.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-29 10:41 220608 ----a-w- c:\users\Donato\AppData\Local\Microsoft\SkyDrive\1 6.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-07-02 1597440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-02-22 406992]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Donato\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645 FE6E4A715.exe [2010-12-24 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 gknkcxwu;gknkcxwu;c:\windows\system32\drivers\gknk cxwu.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-10-30 71600]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm .sys [x]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2011-06-25 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-11 203264]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - 1cebdf2d774cb5e4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 05:16 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Insta ller\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 20:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-28 20:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-29 10:41 244672 ----a-w- c:\users\Donato\AppData\Local\Microsoft\SkyDrive\1 6.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-29 10:41 244672 ----a-w- c:\users\Donato\AppData\Local\Microsoft\SkyDrive\1 6.4.6010.0727\amd64\SkyDriveShell64.dll
.

Discussione: Virus e report da sottoporvi

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio