Condividi:        

sospetto virus, log di combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

sospetto virus, log di combofix

Postdi Martisga » 25/01/15 15:07

Salve a tutti, vi scrivo perché avrei bisogno del vostro aiuto.
Da giorni il mio computer è a dir poco inutilizzabile: è lentissimo; risponde ai comandi dopo svariati minuti; i programmi si bloccano 9 volte su 10; la navigazione su qualsiasi browser è quasi impossibile.
Inoltre ho riscontrato altri due problemi, che non so se possano essere collegati:
- windows update non installa più gli aggiornamenti e mi dà errore cod. 80080005
- la scansione virus AVG si blocca al 74% sull'analisi di un file system

Vorrei quindi gentilmente chiedervi se poteste leggere il log di combofix per capire cosa c'è che non va.

Codice: Seleziona tutto
ComboFix 15-01-22.02 - Martina 24/01/2015  20:11:59.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2047.1209 [GMT 1:00]
Eseguito da: c:\users\Martina\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelev.tmp
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-12-24 al 2015-01-24  )))))))))))))))))))))))))))))))))))
.
.
2015-01-24 20:28 . 2015-01-24 20:30   --------   d-----w-   c:\users\Martina\AppData\Local\temp
2015-01-24 20:28 . 2015-01-24 20:28   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-01-24 16:42 . 2015-01-24 16:42   --------   d-----w-   c:\users\Martina\AppData\Roaming\ParetoLogic
2015-01-24 16:38 . 2015-01-24 16:38   --------   d-----w-   c:\program files\Common Files\ParetoLogic
2015-01-24 16:37 . 2015-01-24 16:38   --------   d-----w-   c:\programdata\ParetoLogic
2015-01-24 16:37 . 2015-01-24 16:37   --------   d-----w-   c:\program files\ParetoLogic
2015-01-22 18:46 . 2015-01-22 18:53   --------   d-----w-   c:\program files\Google
2015-01-22 18:46 . 2015-01-22 19:00   --------   d-----w-   c:\users\Martina\AppData\Local\Google
2015-01-22 18:35 . 2015-01-22 18:35   --------   d-----w-   c:\program files\CCleaner
2015-01-22 15:03 . 2015-01-22 15:04   --------   d-----w-   c:\programdata\Sophos
2015-01-22 15:01 . 2015-01-22 15:01   --------   d-----w-   c:\program files\Sophos
2015-01-05 18:53 . 2015-01-05 18:53   --------   d-----w-   c:\program files\Common Files\Java
2015-01-05 18:53 . 2015-01-05 18:52   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2015-01-05 18:52 . 2015-01-05 18:54   --------   d-----w-   c:\programdata\Oracle
2015-01-05 18:52 . 2015-01-05 18:52   --------   d-----w-   c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-24 19:04 . 2014-07-05 21:33   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2015-01-24 19:04 . 2014-07-05 21:33   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-29 20:34 . 2014-10-29 20:34   213784   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"vProt"="c:\program files\AVG Web TuneUp\vprot.exe" [2014-10-12 2662424]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2014-11-09 3653136]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 616632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCT_SKMScan]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2014-11-09 3488784]
R2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [2014-12-20 485888]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2014-11-26 153384]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-07-05 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-18 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-07-18 230680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-18 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-18 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-10-29 213784]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-18 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-08-28 192792]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-10-10 200984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-30 42784]
S1 SCT_SKMScan;SCT_SKMScan;c:\windows\system32\DRIVERS\sct_skmscan.sys [2012-10-12 33096]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [2014-11-09 298080]
S2 vToolbarUpdater3.2.0;vToolbarUpdater3.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [2014-08-30 1843736]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-22 18:52   1087816   ----a-w-   c:\program files\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-01-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-05 19:04]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-22 18:46]
.
2015-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-22 18:46]
.
2015-01-24 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2014-11-28 01:28]
.
2015-01-24 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\common files\paretologic\uus3\Pareto_Update3.exe [2014-11-28 01:28]
.
2015-01-24 c:\windows\Tasks\ParetoLogic Update Version3_triggeronce.job
- c:\program files\common files\paretologic\uus3\Pareto_Update3.exe [2014-11-28 01:28]
.
2015-01-24 c:\windows\Tasks\RegCure Pro_sch_835A7050-A3E7-11E4-AA85-0016EC7E76B7.job
- c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2014-11-28 01:27]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2015-01-24  21:42:29
ComboFix-quarantined-files.txt  2015-01-24 20:42
.
Pre-Run: 120.696.897.536 byte disponibili
Post-Run: 120.629.460.992 byte disponibili
.
- - End Of File - - 8F177C06AE9764C478A43A0521FB052A
A36C5E4F47E84449FF07ED3517B43A31
Martisga
Newbie
 
Post: 5
Iscritto il: 25/01/15 14:39

Sponsor
 

Re: sospetto virus, log di combofix

Postdi COCCOBELLO » 25/01/15 21:13

disinstalla WindowsMangerProtect

dopo segui questa guida..salta solo combofix
http://www.windoctor.it/sicurezza/come- ... i-i-virus/
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: sospetto virus, log di combofix

Postdi Martisga » 26/01/15 13:37

Ti ringrazio per la risposta tempestiva.
Ho seguito la procedura della guida, ed effettivamente ho trovato diversi file infetti (tra cui windows manager protect) che sono stati eliminati dai programmi. Il problema però non si è risolto, una volta riavviato il pc in modalità normale ho riscontrato gli stessi problemi di lentezza. E' come se l'hard disk si incantasse, per poi riprendere a lavorare e poi bloccarsi di nuovo, e così via!
Ho eseguito una seconda volta la procedura, senza però trovare nulla.
Questo è il log di combofix dopo la pulizia

Codice: Seleziona tutto
ComboFix 15-01-22.02 - Martina 26/01/2015  11:13:53.3.2 - x86 NETWORK
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2047.1360 [GMT 1:00]
Eseguito da: c:\users\Martina\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-12-26 al 2015-01-26  )))))))))))))))))))))))))))))))))))
.
.
2015-01-26 10:21 . 2015-01-26 10:21   --------   d-----w-   c:\users\Default\AppData\Local\temp
2015-01-26 09:54 . 2015-01-26 09:54   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D6515C-240B-425D-83F6-7206B31873A2}\offreg.dll
2015-01-25 22:04 . 2014-12-15 03:13   9054624   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D6515C-240B-425D-83F6-7206B31873A2}\mpengine.dll
2015-01-25 21:04 . 2015-01-25 21:20   --------   d-----w-   c:\programdata\HitmanPro
2015-01-25 20:56 . 2015-01-25 22:17   --------   d-----w-   C:\AdwCleaner
2015-01-25 20:48 . 2015-01-25 20:48   --------   d-----w-   c:\programdata\GlarySoft
2015-01-25 20:44 . 2015-01-25 20:44   17344   ----a-w-   c:\windows\system32\drivers\GUBootStartup.sys
2015-01-25 20:44 . 2015-01-25 20:44   --------   d-----w-   c:\users\Martina\AppData\Roaming\DiskDefrag
2015-01-25 20:44 . 2015-01-25 20:44   --------   d-----w-   c:\users\Martina\AppData\Roaming\GlarySoft
2015-01-25 20:43 . 2015-01-25 20:44   --------   d-----w-   c:\program files\Glary Utilities 5
2015-01-25 19:35 . 2015-01-25 19:35   --------   d-----w-   c:\users\Martina\AppData\Roaming\AVAST Software
2015-01-25 19:22 . 2015-01-25 19:17   91496   ----a-w-   c:\windows\system32\drivers\aswStm.sys
2015-01-25 19:22 . 2015-01-25 19:17   206248   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2015-01-25 19:21 . 2015-01-25 19:24   423784   ----a-w-   c:\windows\system32\drivers\aswsp.sys
2015-01-25 19:21 . 2015-01-25 19:17   49944   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2015-01-25 19:20 . 2015-01-25 19:26   73480   ----a-w-   c:\windows\system32\drivers\aswmonflt.sys
2015-01-25 19:20 . 2015-01-25 19:17   24184   ----a-w-   c:\windows\system32\drivers\aswHwid.sys
2015-01-25 19:19 . 2015-01-25 19:17   81768   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2015-01-25 19:19 . 2015-01-25 19:25   787800   ----a-w-   c:\windows\system32\drivers\aswsnx.sys
2015-01-25 19:18 . 2015-01-25 19:15   291352   ----a-w-   c:\windows\system32\aswBoot.exe
2015-01-25 19:15 . 2015-01-25 19:15   43152   ----a-w-   c:\windows\avastSS.scr
2015-01-25 18:51 . 2015-01-25 18:51   --------   d-----w-   c:\program files\AVAST Software
2015-01-25 18:38 . 2015-01-25 18:51   --------   d-----w-   c:\programdata\AVAST Software
2015-01-25 18:25 . 2015-01-25 18:38   --------   d-----w-   c:\users\Martina\AppData\Roaming\Wise Registry Cleaner
2015-01-25 18:24 . 2015-01-25 18:24   --------   d-----w-   c:\program files\Wise
2015-01-25 14:36 . 2015-01-26 10:07   114904   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-25 14:34 . 2015-01-25 14:34   --------   d-----w-   c:\program files\Malwarebytes Anti-Malware
2015-01-25 14:34 . 2015-01-25 14:34   --------   d-----w-   c:\programdata\Malwarebytes
2015-01-25 14:34 . 2014-11-21 05:14   51928   ----a-w-   c:\windows\system32\drivers\mwac.sys
2015-01-25 14:34 . 2014-11-21 05:14   75480   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2015-01-25 14:34 . 2014-11-21 05:14   23256   ----a-w-   c:\windows\system32\drivers\mbam.sys
2015-01-24 20:42 . 2015-01-26 10:21   --------   d-----w-   c:\users\Martina\AppData\Local\temp
2015-01-22 18:46 . 2015-01-22 18:53   --------   d-----w-   c:\program files\Google
2015-01-22 18:46 . 2015-01-22 19:00   --------   d-----w-   c:\users\Martina\AppData\Local\Google
2015-01-22 18:35 . 2015-01-22 18:35   --------   d-----w-   c:\program files\CCleaner
2015-01-22 15:03 . 2015-01-22 15:04   --------   d-----w-   c:\programdata\Sophos
2015-01-22 15:01 . 2015-01-22 15:01   --------   d-----w-   c:\program files\Sophos
2015-01-05 18:53 . 2015-01-05 18:53   --------   d-----w-   c:\program files\Common Files\Java
2015-01-05 18:53 . 2015-01-05 18:52   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2015-01-05 18:52 . 2015-01-05 18:54   --------   d-----w-   c:\programdata\Oracle
2015-01-05 18:52 . 2015-01-05 18:52   --------   d-----w-   c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-25 20:09 . 2014-07-05 21:33   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-25 20:09 . 2014-07-05 21:33   701616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 21:08   131480   ----a-w-   c:\users\Martina\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-25 19:09   723976   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-07 43816]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-01-19 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-25 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R0 aswRvrt;avast! Revert; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-25 787800]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-25 423784]
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2015-01-25 17344]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-01-25 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-01-25 73480]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-25 91496]
R3 aswVmm;avast! VM Monitor;c:\users\Martina\AppData\Local\Temp\aswVmm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-01-22 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-01-22 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-01-22 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-01-22 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-01-22 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-01-22 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-01-22 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2014-07-05 1343400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-30 42784]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 71781126
*NewlyCreated* - AVGTP
*Deregistered* - 71781126
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-25 09:59   1086280   ----a-w-   c:\program files\Google\Chrome\Application\40.0.2214.91\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-05 20:10]
.
2015-01-25 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2015-01-19 07:25]
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-22 18:46]
.
2015-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-01-22 18:46]
.
2015-01-25 c:\windows\Tasks\GU5SkipUAC.job
- c:\program files\Glary Utilities 5\Integrator.exe [2015-01-19 07:25]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_296_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2015-01-26  11:23:57
ComboFix-quarantined-files.txt  2015-01-26 10:23
ComboFix2.txt  2015-01-24 20:42
.
Pre-Run: 130.037.084.160 byte disponibili
Post-Run: 129.993.359.360 byte disponibili
.
- - End Of File - - A6521BFB0143B3F25A7799C65A0FBC04
A36C5E4F47E84449FF07ED3517B43A31
Martisga
Newbie
 
Post: 5
Iscritto il: 25/01/15 14:39

Re: sospetto virus, log di combofix

Postdi COCCOBELLO » 26/01/15 14:03

CIAO
POSTA I REPORTS DI TUTTE LE SCANSIONI FATTE GENTILMENTE
AdwCleaner:
Malwarebytes Anti-Malware:
Kaspersky TDSSKiller:
HitmanPro:
aswMBR


e disinstalla AVG AntiVirus,non puoi avere 2 antivirus su un pc,rallenta il pc e vanno in conflitto
segui qui come disinstallarlo
http://www.windoctor.it/sicurezza/disin ... -avg-2014/
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: sospetto virus, log di combofix

Postdi Martisga » 26/01/15 16:30

ADW CLEANER:
Codice: Seleziona tutto
# AdwCleaner v4.109 - Rapporto creato 26/01/2015 in 16:02:15
# Aggiornato 24/01/2015 di Xplode
# Database : 2015-01-24.3 [Local]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nome utente : Martina - MARTINA-PC
# In esecuzione da : C:\Users\Martina\Downloads\AdwCleaner.exe
# Opzione : Scansiona

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Compiti ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.91


*************************

AdwCleaner[R0].txt - [3369 octets] - [25/01/2015 21:56:14]
AdwCleaner[R1].txt - [3429 octets] - [25/01/2015 22:10:31]
AdwCleaner[R2].txt - [966 octets] - [25/01/2015 23:15:05]
AdwCleaner[R3].txt - [828 octets] - [26/01/2015 16:02:15]
AdwCleaner[S0].txt - [3555 octets] - [25/01/2015 22:20:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [947 octets] ##########



MALWAREBYTES:
Codice: Seleziona tutto
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/01/26 15:56:12 +0100</date>

<logfile>mbam-log-2015-01-26 (15-55-45).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.00.4.1028</version>

<malware-database>v2015.01.26.06</malware-database>

<rootkit-database>v2015.01.14.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x86</arch>

<username>Martina</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>315630</objects>

<time>1016</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>



HITMAN PRO:
Codice: Seleziona tutto
HitmanPro 3.7.9.234
www.hitmanpro.com

   Computer name . . . . : MARTINA-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   Safe Mode Boot  . . . : NETWORK
   User name . . . . . . : Martina-PC\Martina
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2015-01-26 16:07:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 14

   Objects scanned . . . : 861.878
   Files scanned . . . . : 26.604
   Remnants scanned  . . : 285.995 files / 549.279 keys

Cookies _____________________________________________________________________

   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.williamhill.it
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Martina\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\8XSI3E3A.txt
   C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\WL2RZ4S0.txt
   C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\WR8D66ZC.txt



ASW MBR:
Codice: Seleziona tutto
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-26 16:12:40
-----------------------------
16:12:40.106    OS Version: Windows 6.1.7601 Service Pack 1
16:12:40.106    Number of processors: 2 586 0x409
16:12:40.108    ComputerName: MARTINA-PC  UserName: Martina
16:12:43.399    Initialize success
16:12:51.428    AVAST engine defs: 15012600
16:12:53.962    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:12:53.978    Disk 0 Vendor: SAMSUNG_SP2004C VM100-38 Size: 190782MB BusType: 3
16:12:54.150    Disk 0 MBR read successfully
16:12:54.157    Disk 0 MBR scan
16:12:55.697    Disk 0 Windows 7 default MBR code
16:12:55.707    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:12:55.746    Disk 0 Boot: NTFS     code=2
16:12:56.151    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       190680 MB offset 206848
16:12:56.260    Disk 0 scanning sectors +390719488
16:12:56.568    Disk 0 scanning C:\Windows\system32\drivers
16:13:17.776    Service scanning
16:14:00.613    Modules scanning
16:14:00.614    Disk 0 trace - called modules:
16:14:00.634    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
16:14:00.634    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a42030]
16:14:00.635    3 CLASSPNP.SYS[881b059e] -> nt!IofCallDriver -> [0x83ce2918]
16:14:00.635    5 ACPI.sys[87cb33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x83cbe610]
16:14:01.657    AVAST engine scan C:\Windows
16:14:15.222    AVAST engine scan C:\Windows\system32
16:18:23.417    AVAST engine scan C:\Windows\system32\drivers
16:18:40.105    AVAST engine scan C:\Users\Martina
16:29:32.359    AVAST engine scan C:\ProgramData
16:30:37.306    Disk 0 statistics 2646622/0/0 @ 1,59 MB/s
16:30:37.329    Scan finished successfully
16:30:47.922    Disk 0 MBR has been saved successfully to "C:\Users\Martina\Desktop\MBR.dat"
16:30:47.942    The log file has been saved successfully to "C:\Users\Martina\Desktop\aswMBR.txt"






KASPERSKY: TDSSKiller.3.0.0.44_26.01.2015_16.08.33_log.txt
Martisga
Newbie
 
Post: 5
Iscritto il: 25/01/15 14:39

Re: sospetto virus, log di combofix

Postdi COCCOBELLO » 26/01/15 18:28

a livello di virus sembra tutto ok,quello che è stato trovato è stato rimosso
hai disinstallato AVG?

Poi
salva sul Desktop questo file
CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
il sistema verrà riavviato automaticamente:
Posta il log aggiornato di combofix
Immagine

NOTA sposta combofix dalla cartella downloads sul desktop altrimenti lo script non funziona
oppure lasci combofix nella cartella download e salvi lo cfscript nella cartella downloads

POI POSTA UN REPORT DI HIJACKTHIS
http://www.windoctor.it/download/hijackthis/

Lanciare Hijackthis tasto destro del mouse su Hijackthis e scegliere
Esegui come amministratore per aprirlo
Immagine

Nota
Se la voce Esegui come Amministratore non viene visualizzata procedere in questo modo
Tasto destro sull'icona di HijackThis cliccare poi su Propietà
andare sul tab Compatibilità
e mettere la spunta su Esegui questo programma come amministratore
Applica e ok
Immagine

cliccare sul pulsante Do a system scan and save a logfile

alla fine della scansione apparirà un log in formato documento di testo sul desktop,e chiudete Hijackthis.
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: sospetto virus, log di combofix

Postdi Martisga » 26/01/15 20:06

sì ho disinstallato AVG...
questi sono i log:
-COMBOFIX ComboFix.txt

-HIJACKTHIS hijackthis.log
Martisga
Newbie
 
Post: 5
Iscritto il: 25/01/15 14:39

Re: sospetto virus, log di combofix

Postdi COCCOBELLO » 27/01/15 08:58

i report sono puliti,tutto ok

la lentezza a questo punto è da cercare altrove

controlla l'hard disk seguendo questa guida usando anche CristalDiskinfo oppure
HDTune
http://www.windoctor.it/hardware/come-r ... nneggiati/

dopo segui questa per ottimizzare al massimo windows,salta solo dove parla di cercare virus che abbiamo già fatto
http://www.windoctor.it/sistemi/ottimiz ... windows-7/

poi se hai ancora errore di windows update,segui qui e prova le soluzioni proposte
http://www.windoctor.it/sistemi/vista/r ... ws-update/
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53

Re: sospetto virus, log di combofix

Postdi Martisga » 28/01/15 21:40

Ho seguito la guida sull'hard disk, ed ora il problema si è risolto!! Grazie mille, sei stato davvero gentilissimo
Martisga
Newbie
 
Post: 5
Iscritto il: 25/01/15 14:39

Re: sospetto virus, log di combofix

Postdi COCCOBELLO » 29/01/15 09:06

perfetto :)
evidentemente c'era qualche Cluster corrotto e rallentava il pc
prego
ciao ;)
Avatar utente
COCCOBELLO
Utente Senior
 
Post: 2026
Iscritto il: 06/08/11 13:53


Torna a Sicurezza e Privacy


Topic correlati a "sospetto virus, log di combofix":


Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti