-
dariusx.
User deleted
Ho preso il virus della polizia penitenziaria.
La modalità provvisoria non funziona,ho allegato il log di FRST come da guida.
Spero in una soluzione al problema.
<b>
Ho seguito la tua guida alla rimozione virus Polizia di Stato-Polizia Penitenziaria-Polizia Postale e posto il log della scansioneSPOILER (clicca per visualizzare)Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013 01
Ran by SYSTEM on 04-06-2013 10:09:48
Running from G:\
Windows 7 Home Premium (X64) OS Language: Italian Standard
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1489760 2010-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-08] (TOSHIBA Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$126229a4cd03364c153ae8fea842f0ab\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [112600 2010-11-15] (PC Tools)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] "D:\Applicazioni\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK [x]
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKU\dario\...\Run: [Google Update] "C:\Users\dario\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-28] (Google Inc.)
HKU\dario\...\Winlogon: [Shell] explorer.exe,C:\Users\dario\AppData\Roaming\skype.dat [95744 2009-07-14] ()
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2011-01-28] (PC Tools)
==================== Drivers (Whitelisted) ====================
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-08-24] ()
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
S3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] (Conexant Systems Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-08-24] ()
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-03-12] (Duplex Secure Ltd.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-04 08:49 - 2013-04-22 08:49 - 00000000 ____D C:\FRST
2013-06-04 06:43 - 2013-04-22 08:58 - 00000004 ____A C:\Users\dario\AppData\Roaming\skype.ini
2013-05-15 00:00 - 2013-04-22 08:56 - 00000784 ____A C:\Windows\setupact.log
2013-05-15 00:00 - 2013-04-15 00:00 - 00000000 ____A C:\Windows\setuperr.log
2013-03-30 10:07 - 2013-03-30 10:07 - 00000000 ____D C:\Users\dario\AppData\Roaming\AVG2013
2013-03-30 02:31 - 2013-03-30 02:31 - 00000000 ____D C:\Users\dario\AppData\Roaming\TuneUp Software
2013-03-30 02:27 - 2013-03-30 02:33 - 00000000 ____D C:ProgramData\AVG2013
2013-03-30 02:16 - 2013-03-31 14:26 - 00000000 ____D C:\Users\dario\AppData\Local\Avg2013
2013-03-30 02:16 - 2013-03-30 02:16 - 00000000 ____D C:\Users\dario\AppData\Local\MFAData
==================== One Month Modified Files and Folders =======
2013-06-04 08:58 - 2013-04-22 06:43 - 00000004 ____A C:\Users\dario\AppData\Roaming\skype.ini
2013-05-22 08:56 - 2013-04-15 00:00 - 00000784 ____A C:\Windows\setupact.log
2013-04-22 08:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-04 08:49 - 2013-04-22 08:49 - 00000000 ____D C:\FRST
2013-04-22 07:27 - 2013-02-20 01:42 - 00308324 ____A C:\Windows\WindowsUpdate.log
2013-04-22 07:27 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-22 07:27 - 2009-07-14 05:45 - 00018016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-22 07:03 - 2009-07-14 11:53 - 00738754 ____A C:\Windows\System32\perfh010.dat
2013-04-22 07:03 - 2009-07-14 11:53 - 00145794 ____A C:\Windows\System32\perfc010.dat
2013-04-22 07:03 - 2009-07-14 06:13 - 01652418 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-22 06:32 - 2012-11-20 14:45 - 00000978 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-22 05:47 - 2012-01-28 14:12 - 00001172 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000UA.job
2013-04-22 04:49 - 2011-03-11 23:44 - 00000000 ____D C:\Users\dario\AppData\Roaming\Mozilla
2013-04-22 04:27 - 2011-07-11 11:52 - 00000000 ___AD C:ProgramData\TEMP
2013-04-21 23:46 - 2012-01-28 14:12 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3814798622-1503148130-2465254516-1000Core.job
2013-04-21 23:42 - 2011-04-10 23:41 - 00000000 ____D C:ProgramData\MFAData
2013-04-21 23:37 - 2012-10-31 12:28 - 00000272 ____A C:\Windows\Tasks\RMSchedule.job
2013-04-17 18:34 - 2012-11-22 16:21 - 00000000 ___RD C:\Users\dario\Desktop\Scrivania
2013-04-17 18:09 - 2011-09-28 17:22 - 00000000 ___RD C:\Users\dario\Desktop\Elementi temporanei
2013-04-15 00:00 - 2013-04-15 00:00 - 00000000 ____A C:\Windows\setuperr.log
2013-04-05 07:03 - 2011-09-28 16:15 - 00000000 ___HD C:\$AVG
2013-03-31 14:26 - 2013-03-30 02:16 - 00000000 ____D C:\Users\dario\AppData\Local\Avg2013
2013-03-31 10:34 - 2011-11-28 18:25 - 00000000 ____D C:ProgramData\Ubisoft
2013-03-30 20:31 - 2012-08-09 16:01 - 00000000 ____D C:ProgramData\AVG2012
2013-03-30 20:31 - 2012-08-09 16:00 - 00000000 ____D C:\Program Files (x86)\AVG
2013-03-30 10:07 - 2013-03-30 10:07 - 00000000 ____D C:\Users\dario\AppData\Roaming\AVG2013
2013-03-30 02:33 - 2013-03-30 02:27 - 00000000 ____D C:ProgramData\AVG2013
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3814798622-1503148130-2465254516-1000\$126229a4cd03364c153ae8fea842f0ab
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$126229a4cd03364c153ae8fea842f0ab
Other Malware:
===========
C:\Users\dario\AppData\Roaming\skype.dat
C:\Users\dario\AppData\Roaming\skype.ini
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-28 18:28
==================== End Of Log ============================
Edited by vicky67 - 17/8/2013, 13:07.