Aiuto PC


Virus Polizia Penitenziaria,Polizia di Stato,Carabinieri (RISOLTO)

« Older   Newer »
 
  Share  
.
  1. dariusx
    Posted on 5/6/2013, 08:44 by: dariusx
     
    .

    User deleted
    Ho preso il virus della polizia penitenziaria.
    La modalità provvisoria non funziona,ho allegato il log di FRST come da guida.
    Spero in una soluzione al problema.
    <b>
    Ho seguito la tua guida alla rimozione virus Polizia di Stato-Polizia Penitenziaria-Polizia Postale e posto il log della scansione

    SPOILER (clicca per visualizzare)
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013 01
    Ran by SYSTEM on 04-06-2013 10:09:48
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: Italian Standard
    Internet Explorer Version 8
    Boot Mode: Recovery
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ==================


    HKLM\...\Run: [Teco] "%­ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-03-17] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] %­ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
    HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
    HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartFaceVWatcher] %­ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
    HKLM\...\Run: [TPwrMain] %­ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] %­ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] %­ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-23] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] %­ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-08] (TOSHIBA Corporation)
    HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$126229a4cd03364c153ae8fea842f0ab\n. ATTENTION! ====> ZeroAccess
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-26] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] "D:\Applicazioni\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK [x]
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
    HKU\dario\...\Run: [Google Update] "C:\Users\dario\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-28] (Google Inc.)
    HKU\dario\...\Winlogon: [Shell] explorer.exe,C:\Users\dario\AppData\Roaming\skype.dat [95744 2009-07-14] ()

    ==================== Services (Whitelisted) =================

    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)

    ==================== Drivers (Whitelisted) ====================

    S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-24] ()
    S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
    S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
    S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
    S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
    S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-24] ()
    S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-12] (Duplex Secure Ltd.)
    S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-06-04 08:49 - 2013-04-22 08:49 - 00000000 ____D C:\FRST
    2013-06-04 06:43 - 2013-04-22 08:58 - 00000004 ____A C:\Users\dario\AppData\Roaming\skype.ini
    2013-05-15 00:00 - 2013-04-22 08:56 - 00000784 ____A C:\Windows\setupact.log
    2013-05-15 00:00 - 2013-04-15 00:00 - 00000000 ____A C:\Windows\setuperr.log
    2013-03-30 10:07 - 2013-03-30 10:07 - 00000000 ____D C:\Users\dario\AppData\Roaming\AVG2013
    2013-03-30 02:31 - 2013-03-30 02:31 - 00000000 ____D C:\Users\dario\AppData\Roaming\TuneUp Software
    2013-03-30 02:27 - 2013-03-30 02:33 - 00000000 ____D C:ProgramData\AVG2013
    2013-03-30 02:16 - 2013-03-31 14:26 - 00000000 ____D C:\Users\dario\AppData\Local\Avg2013
    2013-03-30 02:16 - 2013-03-30 02:16 - 00000000 ____D C:\Users\dario\AppData\Local\MFAData


    ==================== One Month Modified Files and Folders =======

    2013-06-04 08:58 - 2013-04-22 06:43 - 00000004 ____A C:\Users\dario\AppData\Roaming\skype.ini
    2013-05-22 08:56 - 2013-04-15 00:00 - 00000784 ____A C:\Windows\setupact.log
    2013-04-22 08:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-06-04 08:49 - 2013-04-22 08:49 - 00000000 ____D C:\FRST
    2013-04-22 07:27 - 2013-02-20 01:42 - 00308324 ____A C:\Windows\WindowsUpdate.log
    2013-04-22 07:27 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-22 07:27 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-22 07:03 - 2009-07-14 11:53 - 00738754 ____A C:\Windows\System32\perfh010.dat
    2013-04-22 07:03 - 2009-07-14 11:53 - 00145794 ____A C:\Windows\System32\perfc010.dat
    2013-04-22 07:03 - 2009-07-14 06:13 - 01652418 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-22 06:32 - 2012-11-20 14:45 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-04-22 05:47 - 2012-01-28 14:12 - 00001172 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000UA.job
    2013-04-22 04:49 - 2011-03-11 23:44 - 00000000 ____D C:\Users\dario\AppData\Roaming\Mozilla
    2013-04-22 04:27 - 2011-07-11 11:52 - 00000000 ___AD C:ProgramData\TEMP
    2013-04-21 23:46 - 2012-01-28 14:12 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000Core.job
    2013-04-21 23:42 - 2011-04-10 23:41 - 00000000 ____D C:ProgramData\MFAData
    2013-04-21 23:37 - 2012-10-31 12:28 - 00000272 ____A C:\Windows\Tasks\RMSchedule.job
    2013-04-17 18:34 - 2012-11-22 16:21 - 00000000 ___RD C:\Users\dario\Desktop\Scrivania
    2013-04-17 18:09 - 2011-09-28 17:22 - 00000000 ___RD C:\Users\dario\Desktop\Elementi temporanei
    2013-04-15 00:00 - 2013-04-15 00:00 - 00000000 ____A C:\Windows\setuperr.log
    2013-04-05 07:03 - 2011-09-28 16:15 - 00000000 ___HD C:\$AVG
    2013-03-31 14:26 - 2013-03-30 02:16 - 00000000 ____D C:\Users\dario\AppData\Local\Avg2013
    2013-03-31 10:34 - 2011-11-28 18:25 - 00000000 ____D C:ProgramData\Ubisoft
    2013-03-30 20:31 - 2012-08-09 16:01 - 00000000 ____D C:ProgramData\AVG2012
    2013-03-30 20:31 - 2012-08-09 16:00 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-03-30 10:07 - 2013-03-30 10:07 - 00000000 ____D C:\Users\dario\AppData\Roaming\AVG2013
    2013-03-30 02:33 - 2013-03-30 02:27 - 00000000 ____D C:ProgramData\AVG2013

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-3814798622-1503148130-2465254516-1000\$126229a4cd03364c153ae8fea842f0ab

    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-18\$126229a4cd03364c153ae8fea842f0ab

    Other Malware:
    ===========
    C:\Users\dario\AppData\Roaming\skype.dat
    C:\Users\dario\AppData\Roaming\skype.ini

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit




    Last Boot: 2013-05-28 18:28

    ==================== End Of Log ============================


    Edited by vicky67 - 17/8/2013, 13:07
     
    .
698 replies since 5/6/2013, 08:44   22450 views
  Share  
.

Rimozione malware
Create your forum and your blog! · Top Forum · Categories · Help · Status · Contacts · Powered by ForumFree