Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

pc infettato ho fatto scanzione con combofix allego report

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

pc infettato ho fatto scanzione con combofix allego report

Postdi demodemo » 08/03/16 18:17

ix 16-03-07.01 - alessio 08/03/2016 17:22:04.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3798.1827 [GMT 1:00]
Eseguito da: C:\Users\alessio\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\END
C:\Users\alessio\AppData\Local\siliconin.exe
C:\Users\alessio\AppData\Roaming\Lottech.bin
C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
C:\Users\alessio\AppData\Roaming\Movefresh.bin
C:\Users\alessio\AppData\Roaming\OzerPhase.exe
C:\Users\alessio\AppData\Roaming\RoundTouch.exe
C:\Windows\SysWow64\logs
C:\Windows\SysWow64\logs\myeasylog.log


((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_greshdnanldoweloadie


((((((((((((((((((((((((( Files Creati Da 2016-02-08 al 2016-03-08 )))))))))))))))))))))))))))))))))))


2016-03-08 16:37:48 . 2016-03-08 16:37:48 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54527424-7CF3-4C82-B285-69BD9485D2E5}\offreg.860.dll
2016-03-08 16:34:59 . 2016-03-08 16:34:59 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\temp
2016-03-08 16:34:59 . 2016-03-08 16:34:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2016-03-08 16:10:42 . 2016-03-08 02:38:12 48744 ----a-w- C:\Windows\system32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys
2016-03-08 16:10:09 . 2016-03-08 04:26:56 48776 ----a-w- C:\Windows\system32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys
2016-03-08 16:09:05 . 2016-03-08 16:09:15 -------- d-----w- C:\Program Files (x86)\OLBPre
2016-03-08 16:08:41 . 2016-03-08 16:13:30 -------- d-----w- C:\Program Files (x86)\Giant Galaxy
2016-03-08 16:08:37 . 2016-03-08 16:13:08 -------- d-----w- C:\Program Files (x86)\Simple for You
2016-03-08 16:06:58 . 2016-03-08 16:07:18 -------- d-----w- C:\Program Files\WajaNetEn
2016-03-08 16:05:02 . 2016-03-08 16:05:03 -------- d-----w- C:\ProgramData\c776fbe3-3e91-0
2016-03-08 16:05:00 . 2016-03-08 16:05:01 -------- d-----w- C:\ProgramData\c776fbe3-1a93-1
2016-03-08 16:04:57 . 2016-03-08 16:05:58 -------- d-----w- C:\Program Files (x86)\DNS Unlocker
2016-03-08 16:04:05 . 2016-03-08 16:04:10 -------- d-----w- C:\Program Files\BitTorrent
2016-03-08 16:02:49 . 2016-03-08 16:02:58 -------- d-----w- C:\ProgramData\Ronzaps
2016-03-08 16:02:03 . 2016-03-08 16:02:03 -------- d-----w- C:\ProgramData\CloudPrinter
2016-03-08 15:59:42 . 2016-03-08 15:59:42 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54527424-7CF3-4C82-B285-69BD9485D2E5}\offreg.880.dll
2016-03-08 15:45:43 . 2016-03-08 15:45:43 -------- d-----w- C:\Users\alessio\AppData\Roaming\Battle.net
2016-03-08 15:30:11 . 2016-03-08 15:30:11 -------- d-----w- C:\Users\alessio\AppData\Local\Bluestacks
2016-03-08 15:15:00 . 2016-03-08 15:15:00 -------- d-----w- C:\Users\alessio\AppData\Local\rec_it_219
2016-03-08 15:14:56 . 2016-03-08 15:15:01 -------- d-----w- C:\Program Files (x86)\MobilePCStarterKit
2016-03-08 15:14:56 . 2016-03-08 15:14:58 -------- d-----w- C:\Program Files (x86)\rec_it_219
2016-03-08 15:14:53 . 2016-03-08 15:14:53 -------- d-----w- C:\Users\alessio\AppData\Roaming\PriceFountain
2016-03-08 15:14:01 . 2016-03-08 15:14:01 -------- d-----w- C:\ProgramData\a32080f5-31f5-0
2016-03-08 15:14:00 . 2016-03-08 15:14:00 -------- d-----w- C:\ProgramData\a32080f5-4e83-1
2016-03-08 15:13:07 . 2016-03-08 15:13:08 -------- d-----w- C:\Program Files (x86)\6EA192DE-1457449987-1A40-99BB-37D734B9D43F
2016-03-08 15:11:26 . 2016-03-08 16:03:50 -------- d-----w- C:\Users\alessio\AppData\Local\mpck_it_017010261
2016-03-08 15:11:26 . 2016-03-08 15:11:27 -------- d-----w- C:\Program Files (x86)\mpck_it_017010261
2016-03-08 15:08:37 . 2016-03-08 15:08:37 -------- d-----w- C:\Program Files (x86)\Amazon
2016-03-08 15:05:44 . 2016-03-08 15:05:44 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2016-03-08 14:44:38 . 2016-02-19 01:53:08 11249080 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{54527424-7CF3-4C82-B285-69BD9485D2E5}\mpengine.dll
2016-03-08 14:41:32 . 2016-03-08 14:59:45 -------- d-----w- C:\Windows\system32\appmgmt
2016-03-07 17:51:58 . 2016-03-07 17:51:58 -------- d-----w- C:\Windows\system32\gil
2016-03-07 17:45:11 . 2016-03-07 17:45:13 -------- d-----w- C:\Users\alessio\AppData\Roaming\Sosrhkajel
2016-03-07 17:44:49 . 2016-03-07 17:46:07 -------- d-----w- C:\ProgramData\UltraZipTemp
2016-03-07 17:43:36 . 2016-03-07 17:42:20 264143 ----a-w- C:\Windows\SysWow64\zdengine.dll
2016-03-07 17:42:32 . 2016-03-07 17:42:20 310047 ----a-w- C:\Windows\system32\zdengine64.dll
2016-03-07 17:42:03 . 2016-03-08 16:37:45 -------- d-----w- C:\Program Files (x86)\QuickSearch
2016-02-16 11:30:48 . 2015-12-16 09:15:36 11154520 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-16 11:29:09 . 2015-06-24 13:00:14 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CA360B5-B9C6-4726-A579-A0DBECA0ED93}\gapaengine.dll
2016-02-16 11:26:29 . 2016-03-08 15:59:11 -------- d-----w- C:\Program Files (x86)\epson
2016-02-16 11:24:20 . 2016-02-16 11:24:20 -------- d-----w- C:\ProgramData\EPSON
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2016-03-08 15:04:45 . 2015-09-06 12:15:17 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2016-03-08 14:36:53 . 2014-12-30 13:25:19 357888 ----a-w- C:\Windows\system32\DNSAPI.dll
2016-02-16 11:22:48 . 2014-12-30 13:02:45 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-02-16 11:22:48 . 2014-12-30 13:02:45 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-01-31 07:08:39 . 2016-01-31 06:38:52 61336 ----a-w- C:\Windows\system32\drivers\cherimoya.sys
2016-01-04 14:15:34 . 2016-01-04 14:15:34 44544 ----a-w- C:\Users\alessio\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2015-08-31 12:13:29 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll

[-] 2015-08-31 12:13:29 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll
[7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41209766-818e-448e-adcf-38dffea85e13}]
2016-02-27 13:43:56 269552 ----a-w- C:\Program Files (x86)\Simple for You\SimpleforYoubho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4ec1c8fc-9475-4f2d-801f-5990cf65b06d}]
2016-03-08 14:45:13 269000 ----a-w- C:\Program Files (x86)\Giant Galaxy\GiantGalaxybho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{AA5B0C7D-1929-4BC2-8B56-6D957B859FA1}"= "C:\Program Files (x86)\TNT2\2.0.0.2029\IEToolbar.dll" [2016-01-24 06:08:59 157952]

[HKEY_CLASSES_ROOT\clsid\{aa5b0c7d-1929-4bc2-8b56-6d957b859fa1}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-01 20:57:27 223432 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-01 20:57:27 223432 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-01 20:57:27 223432 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-14 11:03:46 1729752 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-14 11:03:46 1729752 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-14 11:03:46 1729752 ----a-w- C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\alessio\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 18:05:30 4691384]
"Selection Tools"="C:\Users\alessio\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" [2016-01-04 14:16:28 3260144]
"Bubble Dock"="C:\Users\alessio\AppData\Roaming\Nosibay\Bubble Dock\LBubble Dock.exe" [2015-05-13 13:39:56 666384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 16:51:12 421160]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-01-29 17:57:08 594992]
"mpck_it_017010261"="C:\Program Files (x86)\mpck_it_017010261\mpck_it_017010261.exe" [2016-03-08 12:26:04 4052144]
"rec_it_219"="C:\Program Files (x86)\rec_it_219\rec_it_219.exe" [2016-03-06 12:39:50 3972784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMS-R@1n;KMS-R@1n;C:\Windows\KMS-QAD.exe;C:\Windows\KMS-QAD.exe [x]
R2 uzsvc;UltraZip Service;C:\Program Files (x86)\UltraZip\uzsvc.exe;C:\Program Files (x86)\UltraZip\uzsvc.exe [x]
R2 uzupd;UltraZip Updater;C:\Program Files (x86)\UltraZip\uzupd.exe;C:\Program Files (x86)\UltraZip\uzupd.exe [x]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\system32\drivers\Synth3dVsc.sys;C:\Windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys;C:\Windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 {79f178d3-bd22-44af-a661-b1d55a734142}Gw64;{79f178d3-bd22-44af-a661-b1d55a734142}Gw64;C:\Windows\system32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys;C:\Windows\SYSNATIVE\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys [x]
S1 {e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64;{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64;C:\Windows\system32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys;C:\Windows\SYSNATIVE\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys [x]
S1 cherimoya;cherimoya;C:\Windows\system32\drivers\cherimoya.sys;C:\Windows\SYSNATIVE\drivers\cherimoya.sys [x]
S2 {C5F942FD-1110-4664-86CE-0C6BDA305235};Power Control [2014/12/30 13:56:01];C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl;C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [x]
S2 Amazon 1Button App Service;Amazon 1Button App Service;C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe;C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [x]
S2 BitTorrent;BitTorrent;C:\Program Files\BitTorrent\BitTorrent.exe;C:\Program Files\BitTorrent\BitTorrent.exe [x]
S2 CloudPrinter;CloudPrinter;C:\ProgramData\\CloudPrinter\\CloudPrinter.exe;C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe;C:\Windows\SYSNATIVE\svchost.exe [x]
S2 Hewchgaudi;Hewchgaudi;C:\Users\alessio\AppData\Roaming\Sosrhkajel\Sosrhkajel.exe;C:\Users\alessio\AppData\Roaming\Sosrhkajel\Sosrhkajel.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\system32\igfxCUIService.exe;C:\Windows\SYSNATIVE\igfxCUIService.exe [x]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 Update Giant Galaxy;Update Giant Galaxy;C:\Program Files (x86)\Giant Galaxy\updateGiantGalaxy.exe;C:\Program Files (x86)\Giant Galaxy\updateGiantGalaxy.exe [x]
S2 Update Simple for You;Update Simple for You;C:\Program Files (x86)\Simple for You\updateSimpleforYou.exe;C:\Program Files (x86)\Simple for You\updateSimpleforYou.exe [x]
S2 Util Giant Galaxy;Util Giant Galaxy;C:\Program Files (x86)\Giant Galaxy\bin\utilGiantGalaxy.exe;C:\Program Files (x86)\Giant Galaxy\bin\utilGiantGalaxy.exe [x]
S2 Util Simple for You;Util Simple for You;C:\Program Files (x86)\Simple for You\bin\utilSimpleforYou.exe;C:\Program Files (x86)\Simple for You\bin\utilSimpleforYou.exe [x]
S2 WajaNetEn Monitor;WajaNetEn Monitor;C:\Program Files\WajaNetEn\9dcd237cd82673b8ac079a2a3f804e3d.exe;C:\Program Files\WajaNetEn\9dcd237cd82673b8ac079a2a3f804e3d.exe [x]
S2 WdMan;WdMan Service;C:\ProgramData\tWdMt\WdMan.exe;C:\ProgramData\tWdMt\WdMan.exe [x]
S2 zdengine;zdengine;C:\Program Files (x86)\QuickSearch\zdengine.exe;C:\Program Files (x86)\QuickSearch\zdengine.exe [x]
S3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-03-07 17:48:16 1106072 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\Installer\chrmstp.exe

Contenuto della cartella 'Scheduled Tasks'

2016-03-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-30 13:02:45 . 2016-02-16 11:22:53]

2016-03-08 C:\Windows\Tasks\EKVSSBCDSKIIMJLT.job
- C:\ProgramData\Service7609\Service7609.exe [2016-01-24 06:11:04 . 2016-01-24 06:11:07]

2016-03-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 20:46:35 . 2015-09-01 20:46:34]

2016-03-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 20:46:35 . 2015-09-01 20:46:34]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AA5B0C7D-1929-4BC2-8B56-6D957B859FA1}"= "C:\Program Files (x86)\TNT2\2.0.0.2029\IEToolbar64.dll" [2016-01-24 06:08:59 217856]

[HKEY_CLASSES_ROOT\CLSID\{AA5B0C7D-1929-4BC2-8B56-6D957B859FA1}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-09-01 20:57:28 262344 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-09-01 20:57:28 262344 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-09-01 20:57:28 262344 ----a-w- C:\Users\alessio\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-14 10:59:44 2335960 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-14 10:59:44 2335960 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-14 10:59:44 2335960 ----a-w- C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" [2015-04-29 23:47:16 1337000]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F. ... aFf6FRnwIk
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
Trusted Zone: amazon.it
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10264893-7787-4E12-AAB0-80A51B262F41}: NameServer = 82.163.143.177,82.163.142.179
TCP: Interfaces\{926C0124-06E9-4A64-8EAF-64D12F3484BC}: NameServer = 82.163.143.177,82.163.142.179
TCP: Interfaces\{BD61D34F-24A5-4C8D-BB73-337C5FD03EF9}: NameServer = 104.197.191.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL

- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{b608cc98-54de-4775-96c9-097de398500c} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{981b174d-7733-4e7f-b89d-6545a7c21838} - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{C5F942FD-1110-4664-86CE-0C6BDA305235}]
"ImagePath"="\??\C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl"

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_306.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

------------------------ Altri processi in esecuzione ------------------------

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\ProgramData\CloudPrinter\CloudPrinter.exe
C:\Users\alessio\AppData\Roaming\Sosrhkajel\Zeiovruk.exe
c:\program files\wajaneten\5c228b1b19a76ef58d2b7383029eb6a0.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

**************************************************************************

Ora fine scansione: 2016-03-08 17:57:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2016-03-08 16:57:18
ComboFix2.txt 2016-03-07 17:23:05
ComboFix3.txt 2015-08-30 08:30:39
ComboFix4.txt 2015-08-29 09:58:51

Pre-Run: 348.733.837.312 byte disponibili
Post-Run: 349.164.134.400 byte disponibili

- - End Of File - - 79A93C19ACC33410A85E81A17F718899
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Sponsor
 

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 08/03/16 18:41

Ciao, vai qui :
http://www.bleepingcomputer.com/downloa ... er/dl/125/
scaricalo sul desktop; click tasto dx del mouse e scegli Esegui come amministratore
clicca su Analisi; al termine di essa, click su Pulizia; conferma con ok il successivo avviso.
Al termine il computer si riavvierà; copia e incolla il log prodotto con le varie eliminazioni.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 08/03/16 18:59

ok mo lo faccio grazie
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 08/03/16 19:25

fatto ecco: # AdwCleaner v5.101 - Creato file registro eventi 08/03/2016 in 19:12:16
# Aggiornato 07/03/2016 da Xplode
# Database : 2016-03-06.3 [Locale]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : alessio - ALESSIO-PC
# In esecuzione da : C:\Users\alessio\Desktop\AdwCleaner.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****

[-] Servizio Eliminato : cherimoya
[-] Servizio Eliminato : MPCProtectService
[-] Servizio Eliminato : WdMan
[-] Servizio Eliminato : MPCKpt
[-] Servizio Eliminato : ggbugreport
[-] Servizio Eliminato : Winsere
[-] Servizio Eliminato : zdengine
[-] Servizio Eliminato : CloudPrinter
[-] Servizio Eliminato : dojygici
[-] Servizio Eliminato : nehuqisozbt
[-] Servizio Eliminato : wucotusy

***** [ Cartelle ] *****

[-] Cartella Eliminato : C:\abc
[-] Cartella Eliminato : C:\Program Files (x86)\MOBILEPCSTARTERKIT
[#] Cartella Eliminato : C:\Program Files (x86)\MPC Cleaner
[-] Cartella Eliminato : C:\Program Files (x86)\QuickSearch
[-] Cartella Eliminato : C:\Program Files (x86)\Simple for You
[-] Cartella Eliminato : C:\Program Files (x86)\SearchesToYesbnd
[-] Cartella Eliminato : C:\Program Files (x86)\CleanBrowser
[-] Cartella Eliminato : C:\Program Files (x86)\Winsere
[-] Cartella Eliminato : C:\Program Files (x86)\WinTaske
[-] Cartella Eliminato : C:\Program Files (x86)\6EA192DE-1457449987-1A40-99BB-37D734B9D43F
[-] Cartella Eliminato : C:\Program Files (x86)\6EA192DE-1457456884-1A40-99BB-37D734B9D43F
[-] Cartella Eliminato : C:\Program Files (x86)\Checked List
[-] Cartella Eliminato : C:\Program Files (x86)\mpck_it_017010261
[-] Cartella Eliminato : C:\Program Files (x86)\rec_it_219
[J] Cartella Non Eliminato : C:\Program Files (x86)\mpck_it_017010261
[J] Cartella Non Eliminato : C:\Program Files (x86)\rec_it_219
[-] Cartella Eliminato : C:\ProgramData\CloudPrinter
[-] Cartella Eliminato : C:\ProgramData\a32080f5-31f5-0
[-] Cartella Eliminato : C:\ProgramData\a32080f5-4e83-1
[-] Cartella Eliminato : C:\ProgramData\c776fbe3-1a93-1
[-] Cartella Eliminato : C:\ProgramData\c776fbe3-3e91-0
[-] Cartella Eliminato : C:\ProgramData\Service7609
[-] Cartella Eliminato : C:\ProgramData\tWdMt
[-] Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MOBILEPCSTARTERKIT
[-] Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\YSearchUtil
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\mpck_it_017010261
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\rec_it_219
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\6EA192DE-1457460695-1A40-99BB-37D734B9D43F
[J] Cartella Non Eliminato : C:\Users\alessio\AppData\Local\mpck_it_017010261
[J] Cartella Non Eliminato : C:\Users\alessio\AppData\Local\rec_it_219
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\Temp\MPC
[-] Cartella Eliminato : C:\Users\alessio\AppData\Local\Temp\Checked List
[-] Cartella Eliminato : C:\Users\alessio\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\cpuminer
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\Easeware
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\Nosibay
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\PriceFountain
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\Store
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\WTools
[-] Cartella Eliminato : C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[#] Cartella Eliminato : C:\Windows\SysNative\Tasks\WindApp Update
[#] Cartella Eliminato : C:\Windows\SysNative\Tasks\WinTaske
[-] Cartella Eliminato : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Cartella Eliminato : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\zdengine

***** [ File ] *****

[-] File Eliminato : C:\END
[-] File Eliminato : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Eliminato : C:\Users\alessio\AppData\Local\Temp\zdengine.log
[-] File Eliminato : C:\Users\alessio\AppData\Local\Temp\ziengine.ini.log
[-] File Eliminato : C:\Users\alessio\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Eliminato : C:\Users\alessio\AppData\Roaming\Bubble Dock.installation.log
[-] File Eliminato : C:\Users\alessio\AppData\Roaming\Selection Tools.installation.log
[-] File Eliminato : C:\Users\alessio\AppData\Roaming\WindApp.boostrap.log
[-] File Eliminato : C:\Users\alessio\AppData\Roaming\WindApp.installation.log
[-] File Eliminato : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] File Eliminato : C:\Windows\SysNative\zdengineOff.ini
[-] File Eliminato : C:\Windows\SysNative\zdengine64.dll
[-] File Eliminato : C:\Windows\SysNative\drivers\cherimoya.sys
[#] File Eliminato : C:\Windows\SysNative\drivers\MPCKpt.sys
[-] File Eliminato : C:\Windows\SysWOW64\findit.xml
[-] File Eliminato : C:\Windows\SysWOW64\zdengineOff.ini
[-] File Eliminato : C:\Windows\SysWOW64\zdengine.dll

***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****

[-] Attività Eliminata : WindApp Update
[-] Attività Eliminata : LaunchPreSignup
[-] Attività Eliminata : updateTask
[-] Attività Eliminata : PFExe
[-] Attività Eliminata : WinTaske
[-] Attività Eliminata : WindApp Update
[-] Attività Eliminata : EKVSSBCDSKIIMJLT
[-] Attività Eliminata : EKVSSBCDSKIIMJLT
[-] Attività Eliminata : jnn3021

***** [ Registry ] *****

[-] Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [Selection Tools.exe]
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\A7BD54B233B5B2F70AF86F5BD1A0C0A772A59FC6
[-] Chiave Eliminata : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\D830B6B8939ACB4928401060203BB648456BB4F8
[-] Chiave Eliminata : HKLM\SOFTWARE\MICROSOFT\SystemCertificates\Root\Certificates\F53E693DDABF57A88A9B12B608B09B26C0608B74
[-] Chiave Eliminata : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Chiave Eliminata : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine
[-] Chiave Eliminata : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\4832D1BACA6156C53A74A472BE8678EAAABC8CBE
[-] Chiave Eliminata : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Chiave Eliminata : HKLM\SOFTWARE\CLASSES\APPID\zdengine.EXE
[-] Valore Eliminata : HKCU\Environment [SNF]
[-] Valore Eliminata : HKCU\Environment [SNP]
[-] Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{63492C58-6CD7-4FF7-8495-06A6869643EE}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B608CC98-54DE-4775-96C9-097DE398500C}
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B608CC98-54DE-4775-96C9-097DE398500C}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}
[-] Chiave Eliminata : HKCU\Software\distromatic
[-] Chiave Eliminata : HKCU\Software\Microsoft\Tinstalls
[-] Chiave Eliminata : HKCU\Software\Nosibay
[-] Chiave Eliminata : HKCU\Software\PriceFountain
[-] Chiave Eliminata : HKCU\Software\Store
[-] Chiave Eliminata : HKCU\Software\TNT2
[-] Chiave Eliminata : HKCU\Software\Tutorials
[-] Chiave Eliminata : HKCU\Software\TutoTag
[-] Chiave Eliminata : HKCU\Software\WTools
[-] Chiave Eliminata : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Chiave Eliminata : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Chiave Eliminata : HKLM\SOFTWARE\LolliScan
[-] Chiave Eliminata : HKLM\SOFTWARE\MOBILEPCSTARTERKIT
[-] Chiave Eliminata : HKLM\SOFTWARE\MPC
[-] Chiave Eliminata : HKLM\SOFTWARE\mysites123Software
[-] Chiave Eliminata : HKLM\SOFTWARE\QuickSearch
[-] Chiave Eliminata : HKLM\SOFTWARE\Tutorials
[-] Chiave Eliminata : HKLM\SOFTWARE\WdsManPro
[-] Chiave Eliminata : HKLM\SOFTWARE\yessearchesSoftware
[-] Chiave Eliminata : HKLM\SOFTWARE\zdengine
[-] Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickSearch
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CleanBrowser
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpck_it_017010261_is1
[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_it_219_is1
[#] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mpck_it_017010261_is1
[#] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rec_it_219_is1
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\LolliScan
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Chiave Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cpuminer
[-] Valore Eliminata : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{4FCC6859-359E-42EC-8C48-43B1E5C8C82E}]
[-] Dati Ripristinato : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{10264893-7787-4E12-AAB0-80A51B262F41} [NameServer]
[-] Dati Ripristinato : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{926C0124-06E9-4A64-8EAF-64D12F3484BC} [NameServer]
[-] Dati Ripristinato : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{BD61D34F-24A5-4C8D-BB73-337C5FD03EF9} [NameServer]
[-] Valore Eliminata : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [cpuminer]
[-] Valore Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
[-] Valore Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]

***** [ Browser web ] *****

[-] [C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : fcgnigmofekcllgbiejhmigggmgehkip
[-] [C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : npdicihegicnhaangkdmcgbjceoemeoo

*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [18993 byte] - [08/03/2016 19:12:16]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [17982 byte] - [08/03/2016 18:54:56]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [19179 byte] ##########
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 08/03/16 19:27

va ancora male si aprono pagine pubblicitarie ecc
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 08/03/16 20:06

Adwcleaner non è bastato, vai qui:
http://www.bleepingcomputer.com/downloa ... scan-tool/
scarica frst (64 bit) sul desktop
seleziona il programma, tasto destro del mouse e selezioni l'opzione "esegui come amministratore", seleziona tutte le opzioni(metti le spunte nelle caselle)
Clicca su "Scan" , al termine troverai 2 files FRST.txt e Addition.txt
inseriscili qui, fornendo il link per poterli vedere:
http://wikisend.com/
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 09/03/16 15:13

Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 09/03/16 21:53

Ciao, un file (addition.txt) non lo posso scaricare, reinseriscilo.
Nel frattempo, copia e incolla lo script seguente in un file di testo:
Codice: Seleziona tutto
() () C:\Users\alessio\AppData\Roaming\Sosrhkajel\Tigni.exe
() C:\Users\alessio\AppData\Roaming\Sosrhkajel\Zeiovruk.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\ProgramData\afoir\afoir.exe
() C:\ProgramData\afoir\afoir.exe
HKLM-x32\...\Run: [mpck_it_017010261] => "C:\Program Files (x86)\mpck_it_017010261\mpck_it_017010261.exe"
HKLM-x32\...\Run: [rec_it_219] => "C:\Program Files (x86)\rec_it_219\rec_it_219.exe"
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
HKU\S-1-5-21-638713059-622732911-1332367520-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\alessio\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs: C:\ProgramData\afoir\ToughSanis.dll => C:\ProgramData\afoir\ToughSanis.dll [363520 2016-03-09] ()
AppInit_DLLs-x32: C:\ProgramData\afoir\Quaddax.dll => C:\ProgramData\afoir\Quaddax.dll [257536 2016-03-09] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNYyk9vAhKn3pvj4m38Sa2ehOxzvaAklrqPpe7VBYo0sMKgCZsw6jG1T3JI5eYpTwZu9B4llGBgbXfwgFwFf7uOQww2INPkro02cLsZ7Fn-yWUJi1O_QztvMrLgpeZX5zdlt37oR0leJG07tO6CPToAPICZshScYA255xVOMO8hT4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNYyk9vAhKn3pvj4m38Sa2ehOxzvaAklrqPpe7VBYo0sMKgCZsw6jG1T3JI5eYpTwZu9B4llGBgbXfwgFwFf7uOQww2INPkro02cLsZ7Fn-yWUJi1O_QztvMrLgpeZX5zdlt37oR0leJG07tO6CPToAPICZshScYA255xVOMO8hT4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> OldSearch URL = hxxp://search.findwide.com/serp?guid={B3AD4D93-1781-48D2-ABB7-23E7397D7EE6}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {5A80962B-EB70-4F31-A83E-DFCBE8EB4796} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {CB612F7D-8B7E-47E0-83DB-86FECA44BA32} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10855
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {E0E57611-8E60-483B-81D0-F44C93A1B20B} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNYyk9vAhKn3pvj4m38Sa2ehOxzvaAklrqPpe7VBYo0sMKgCZsw6jG1T3JI5eYpTwZu9B4llGBgbXfwgFwFf7uOQww2INPkro02cLsZ7Fn-yWUJi1O_QztvMrLgpeZX5zdlt37oR0leJG07tO6CPToAPICZshScYA255xVOMO8hT4,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: No Name -> {41209766-818e-448e-adcf-38dffea85e13} -> No File
BHO-x32: No Name -> {4ec1c8fc-9475-4f2d-801f-5990cf65b06d} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{0C10DB17-C642-45B6-9E7C-374ACA6FA8D0}] - C:\Program Files\shopperz310120160835\Firefox\{0C10DB17-C642-45B6-9E7C-374ACA6FA8D0}.xpi => not found
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Giant Galaxy) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakbopfhopikoldkooaedfgaffmdpcin [2016-03-08] [UpdateUrl: hxxp://wwwgiantgalaxyne-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Adobe Acrobat) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-03-08]
CHR Extension: (Google Documenti offline) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-08]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-08]
CHR Extension: (Gmail) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
R2 afoir; C:\ProgramData\\afoir\\afoir.exe [529408 2016-03-09] () [File not signed]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-08] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-03-08] (DotC United Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 uzsvc; C:\Program Files (x86)\UltraZip\uzsvc.exe [45248 2016-03-07] ()
S2 uzupd; C:\Program Files (x86)\UltraZip\uzupd.exe [81088 2016-03-07] ()
S2 Update Simple for You; "C:\Program Files (x86)\Simple for You\updateSimpleforYou.exe" [X]
R1 {79f178d3-bd22-44af-a661-b1d55a734142}Gw64; C:\Windows\System32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys [48744 2016-03-08] (StdLib)
R1 {e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64; C:\Windows\System32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys [48776 2016-03-08] (StdLib)
C:\Windows\System32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys 1DEEBFAD57DCD4E8B6F645A645751CC0
C:\Windows\System32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys 31DE7B7EB44A18A367BC8ACBAF886589
2016-03-09 14:22 - 2016-03-09 14:22 - 00000000 ____D C:\ProgramData\afoirs
2016-03-09 14:21 - 2016-03-09 14:23 - 00000000 ____D C:\ProgramData\afoir
2016-03-08 18:46 - 2016-03-08 18:48 - 00000000 ____D C:\Users\alessio\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-08 18:33 - 2016-03-08 18:33 - 00000000 ____D C:\extensions
2016-03-08 18:32 - 2016-03-08 18:33 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-08 18:27 - 2016-03-08 19:12 - 00000000 ____D C:\Users\alessio\AppData\Local\app
2016-03-08 18:26 - 2016-03-08 18:47 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-08 18:24 - 2016-03-08 18:24 - 00000000 ____D C:\Users\alessio\AppData\Roaming\gplyra
2016-03-08 17:10 - 2016-03-08 05:26 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys
2016-03-08 17:10 - 2016-03-08 03:38 - 00048744 _____ (StdLib) C:\Windows\system32\Drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys
2016-03-08 17:04 - 2016-03-08 17:04 - 00041472 _____ C:\Users\alessio\AppData\Local\siliconin.dat
2016-03-08 17:04 - 2016-03-08 17:04 - 00001227 _____ C:\Users\alessio\Desktop\Random Viral.lnk
2016-03-08 17:04 - 2016-03-08 17:04 - 00000187 _____ C:\Users\alessio\AppData\Local\siliconin.exe.config
2016-03-08 17:02 - 2016-03-08 17:02 - 07600640 _____ C:\Users\alessio\AppData\Roaming\agent.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 01788503 _____ C:\Users\alessio\AppData\Roaming\RoundTouch.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 00126464 _____ C:\Users\alessio\AppData\Roaming\noah.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00126464 _____ C:\Users\alessio\AppData\Roaming\lobby.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00072708 _____ C:\Users\alessio\AppData\Roaming\OzerPhase.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 00065040 _____ C:\Users\alessio\AppData\Roaming\Config.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 00054272 _____ C:\Users\alessio\AppData\Roaming\ApplicationHosting.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00018432 _____ C:\Users\alessio\AppData\Roaming\Main.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00005568 _____ C:\Users\alessio\AppData\Roaming\md.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-08 17:00 - 2016-03-08 17:00 - 00127488 _____ C:\Users\alessio\AppData\Roaming\Installer.dat
2016-03-08 17:00 - 2016-03-08 17:00 - 00016992 _____ C:\Users\alessio\AppData\Roaming\InstallationConfiguration.xml
2016-03-08 16:45 - 2016-03-08 16:45 - 00000000 ____D C:\Users\alessio\AppData\Roaming\Battle.net
2016-03-08 16:30 - 2016-03-08 16:30 - 00000000 ____D C:\Users\alessio\AppData\Local\Bluestacks
2016-03-08 16:10 - 2016-03-08 18:42 - 00002730 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-07 18:51 - 2016-03-07 18:51 - 00000000 ____D C:\Windows\system32\gil
2016-03-07 18:45 - 2016-03-07 18:45 - 00003346 _____ C:\Windows\System32\Tasks\Poafhot
2016-03-07 18:45 - 2016-03-07 18:45 - 00000000 ____D C:\Users\alessio\AppData\Roaming\Sosrhkajel
2016-03-07 18:44 - 2016-03-07 18:46 - 00000000 ____D C:\ProgramData\UltraZipTemp
2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\Windows\run.vbs
2016-01-31 09:16 - 2016-01-31 09:16 - 00000000 ____D C:\Users\alessio\AppData\Local\TechSmith
2016-01-31 08:11 - 2016-03-07 18:45 - 00000000 ____D C:\Users\alessio\AppData\Local\Tempfolder
2016-01-31 08:11 - 2016-01-31 08:11 - 00000000 ____D C:\Windows\system32\pab
2016-01-31 08:11 - 2016-01-31 08:11 - 00000000 ____D C:\Users\alessio\AppData\Roaming\RuafmoWiwa
2016-01-31 08:08 - 2016-01-31 08:08 - 00003344 _____ C:\Windows\System32\Tasks\Pepkie
2016-01-31 08:08 - 2016-01-31 08:08 - 00000000 ____D C:\Users\alessio\AppData\LocalLow\Company
2016-01-24 07:21 - 2016-01-24 07:21 - 00000017 _____ C:\Users\alessio\AppData\Local\si
2016-01-24 07:11 - 2016-01-24 07:11 - 00000979 _____ C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-01-24 07:11 - 2016-01-24 07:11 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2016-01-24 07:10 - 2016-03-09 14:20 - 00000000 ____D C:\ProgramData\UltraZip
2016-03-08 17:00 - 2016-03-08 17:00 - 0127488 _____ () C:\Users\alessio\AppData\Roaming\Installer.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0126464 _____ () C:\Users\alessio\AppData\Roaming\lobby.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0018432 _____ () C:\Users\alessio\AppData\Roaming\Main.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0005568 _____ () C:\Users\alessio\AppData\Roaming\md.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 0126464 _____ () C:\Users\alessio\AppData\Roaming\noah.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0072708 _____ () C:\Users\alessio\AppData\Roaming\OzerPhase.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 1788503 _____ () C:\Users\alessio\AppData\Roaming\RoundTouch.tst
2016-03-08 17:04 - 2016-03-08 17:04 - 0001150 _____ () C:\Users\alessio\AppData\Roaming\uninstall_temp.ico
2016-03-08 17:14 - 2016-03-08 17:14 - 0000043 _____ () C:\Users\alessio\AppData\Roaming\WB.CFG
2016-01-24 07:21 - 2016-01-24 07:21 - 0000017 _____ () C:\Users\alessio\AppData\Local\si
2016-03-08 17:04 - 2016-03-08 17:04 - 0041472 _____ () C:\Users\alessio\AppData\Local\siliconin.dat
2016-03-08 17:04 - 2016-03-08 17:04 - 0000187 _____ () C:\Users\alessio\AppData\Local\siliconin.exe.config
C:\Users\alessio\AppData\Local\Temp\AC84.tmp.exe
C:\Users\alessio\AppData\Local\Temp\BackupSetup.exe
C:\Users\alessio\AppData\Local\Temp\fsd2B53.exe
C:\Users\alessio\AppData\Local\Temp\sqlite3.dll
C:\Users\alessio\AppData\Local\Temp\UGZAJ88856.exe
EmptyTemp:


Dal blocknotes clicca su file>salva con nome e salvalo nella stessa posizione del programma che hai scaricato in precedenza(FRST64), mi pare nel desktop, il file di testo devi "chiamarlo" fixlist.txt
Esegui il programma frst64.exe come amministratore e clicca sull'opzione "Fix", finito riavvia il pc.
All'interno della cartella dovresti avere il file Fixlog.txt, copia e incolla il contenuto in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 14:55

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by alessio (2016-03-10 14:44:12) Run:1
Running from C:\Users\alessio\Desktop
Loaded Profiles: alessio (Available Profiles: alessio)
Boot Mode: Normal
==============================================

fixlist content:
*****************
() () C:\Users\alessio\AppData\Roaming\Sosrhkajel\Tigni.exe
() C:\Users\alessio\AppData\Roaming\Sosrhkajel\Zeiovruk.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\ProgramData\afoir\afoir.exe
() C:\ProgramData\afoir\afoir.exe
HKLM-x32\...\Run: [mpck_it_017010261] => "C:\Program Files (x86)\mpck_it_017010261\mpck_it_017010261.exe"
HKLM-x32\...\Run: [rec_it_219] => "C:\Program Files (x86)\rec_it_219\rec_it_219.exe"
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
HKU\S-1-5-21-638713059-622732911-1332367520-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\alessio\AppData\Local\Akamai\netsession_win.exe"
AppInit_DLLs: C:\ProgramData\afoir\ToughSanis.dll => C:\ProgramData\afoir\ToughSanis.dll [363520 2016-03-09] ()
AppInit_DLLs-x32: C:\ProgramData\afoir\Quaddax.dll => C:\ProgramData\afoir\Quaddax.dll [257536 2016-03-09] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... MO8hT4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... MO8hT4,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> OldSearch URL = hxxp://search.findwide.com/serp?guid={B3AD4D93-1781-48D2-ABB7-23E7397D7EE6}&action=default_search&serpv=22&k={searchTerms}
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {5A80962B-EB70-4F31-A83E-DFCBE8EB4796} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {CB612F7D-8B7E-47E0-83DB-86FECA44BA32} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10855
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {E0E57611-8E60-483B-81D0-F44C93A1B20B} URL = hxxps://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-638713059-622732911-1332367520-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73 ... MO8hT4,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-08-12] (Microsoft Corporation)
BHO-x32: No Name -> {41209766-818e-448e-adcf-38dffea85e13} -> No File
BHO-x32: No Name -> {4ec1c8fc-9475-4f2d-801f-5990cf65b06d} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{0C10DB17-C642-45B6-9E7C-374ACA6FA8D0}] - C:\Program Files\shopperz310120160835\Firefox\{0C10DB17-C642-45B6-9E7C-374ACA6FA8D0}.xpi => not found
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?ou ... s&command={searchTerms}
CHR Profile: C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Giant Galaxy) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakbopfhopikoldkooaedfgaffmdpcin [2016-03-08] [UpdateUrl: hxxp://wwwgiantgalaxyne-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Adobe Acrobat) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-03-08]
CHR Extension: (Google Documenti offline) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-08]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-08]
CHR Extension: (Gmail) - C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR HKLM\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
R2 afoir; C:\ProgramData\\afoir\\afoir.exe [529408 2016-03-09] () [File not signed]
R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-03-08] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-03-08] (DotC United Inc)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 uzsvc; C:\Program Files (x86)\UltraZip\uzsvc.exe [45248 2016-03-07] ()
S2 uzupd; C:\Program Files (x86)\UltraZip\uzupd.exe [81088 2016-03-07] ()
S2 Update Simple for You; "C:\Program Files (x86)\Simple for You\updateSimpleforYou.exe" [X]
R1 {79f178d3-bd22-44af-a661-b1d55a734142}Gw64; C:\Windows\System32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys [48744 2016-03-08] (StdLib)
R1 {e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64; C:\Windows\System32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys [48776 2016-03-08] (StdLib)
C:\Windows\System32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys 1DEEBFAD57DCD4E8B6F645A645751CC0
C:\Windows\System32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys 31DE7B7EB44A18A367BC8ACBAF886589
2016-03-09 14:22 - 2016-03-09 14:22 - 00000000 ____D C:\ProgramData\afoirs
2016-03-09 14:21 - 2016-03-09 14:23 - 00000000 ____D C:\ProgramData\afoir
2016-03-08 18:46 - 2016-03-08 18:48 - 00000000 ____D C:\Users\alessio\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
2016-03-08 18:33 - 2016-03-08 18:33 - 00000000 ____D C:\extensions
2016-03-08 18:32 - 2016-03-08 18:33 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-08 18:27 - 2016-03-08 19:12 - 00000000 ____D C:\Users\alessio\AppData\Local\app
2016-03-08 18:26 - 2016-03-08 18:47 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-03-08 18:24 - 2016-03-08 18:24 - 00000000 ____D C:\Users\alessio\AppData\Roaming\gplyra
2016-03-08 17:10 - 2016-03-08 05:26 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys
2016-03-08 17:10 - 2016-03-08 03:38 - 00048744 _____ (StdLib) C:\Windows\system32\Drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys
2016-03-08 17:04 - 2016-03-08 17:04 - 00041472 _____ C:\Users\alessio\AppData\Local\siliconin.dat
2016-03-08 17:04 - 2016-03-08 17:04 - 00001227 _____ C:\Users\alessio\Desktop\Random Viral.lnk
2016-03-08 17:04 - 2016-03-08 17:04 - 00000187 _____ C:\Users\alessio\AppData\Local\siliconin.exe.config
2016-03-08 17:02 - 2016-03-08 17:02 - 07600640 _____ C:\Users\alessio\AppData\Roaming\agent.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 01788503 _____ C:\Users\alessio\AppData\Roaming\RoundTouch.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 00126464 _____ C:\Users\alessio\AppData\Roaming\noah.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00126464 _____ C:\Users\alessio\AppData\Roaming\lobby.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00072708 _____ C:\Users\alessio\AppData\Roaming\OzerPhase.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 00065040 _____ C:\Users\alessio\AppData\Roaming\Config.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 00054272 _____ C:\Users\alessio\AppData\Roaming\ApplicationHosting.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00018432 _____ C:\Users\alessio\AppData\Roaming\Main.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 00005568 _____ C:\Users\alessio\AppData\Roaming\md.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 00000000 ____D C:\ProgramData\Ronzaps
2016-03-08 17:00 - 2016-03-08 17:00 - 00127488 _____ C:\Users\alessio\AppData\Roaming\Installer.dat
2016-03-08 17:00 - 2016-03-08 17:00 - 00016992 _____ C:\Users\alessio\AppData\Roaming\InstallationConfiguration.xml
2016-03-08 16:45 - 2016-03-08 16:45 - 00000000 ____D C:\Users\alessio\AppData\Roaming\Battle.net
2016-03-08 16:30 - 2016-03-08 16:30 - 00000000 ____D C:\Users\alessio\AppData\Local\Bluestacks
2016-03-08 16:10 - 2016-03-08 18:42 - 00002730 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-03-07 18:51 - 2016-03-07 18:51 - 00000000 ____D C:\Windows\system32\gil
2016-03-07 18:45 - 2016-03-07 18:45 - 00003346 _____ C:\Windows\System32\Tasks\Poafhot
2016-03-07 18:45 - 2016-03-07 18:45 - 00000000 ____D C:\Users\alessio\AppData\Roaming\Sosrhkajel
2016-03-07 18:44 - 2016-03-07 18:46 - 00000000 ____D C:\ProgramData\UltraZipTemp
2016-03-01 10:50 - 2016-03-01 10:50 - 00001058 _____ C:\Windows\run.vbs
2016-01-31 09:16 - 2016-01-31 09:16 - 00000000 ____D C:\Users\alessio\AppData\Local\TechSmith
2016-01-31 08:11 - 2016-03-07 18:45 - 00000000 ____D C:\Users\alessio\AppData\Local\Tempfolder
2016-01-31 08:11 - 2016-01-31 08:11 - 00000000 ____D C:\Windows\system32\pab
2016-01-31 08:11 - 2016-01-31 08:11 - 00000000 ____D C:\Users\alessio\AppData\Roaming\RuafmoWiwa
2016-01-31 08:08 - 2016-01-31 08:08 - 00003344 _____ C:\Windows\System32\Tasks\Pepkie
2016-01-31 08:08 - 2016-01-31 08:08 - 00000000 ____D C:\Users\alessio\AppData\LocalLow\Company
2016-01-24 07:21 - 2016-01-24 07:21 - 00000017 _____ C:\Users\alessio\AppData\Local\si
2016-01-24 07:11 - 2016-01-24 07:11 - 00000979 _____ C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-01-24 07:11 - 2016-01-24 07:11 - 00000000 ____D C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066
2016-01-24 07:10 - 2016-03-09 14:20 - 00000000 ____D C:\ProgramData\UltraZip
2016-03-08 17:00 - 2016-03-08 17:00 - 0127488 _____ () C:\Users\alessio\AppData\Roaming\Installer.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0126464 _____ () C:\Users\alessio\AppData\Roaming\lobby.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0018432 _____ () C:\Users\alessio\AppData\Roaming\Main.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0005568 _____ () C:\Users\alessio\AppData\Roaming\md.xml
2016-03-08 17:02 - 2016-03-08 17:02 - 0126464 _____ () C:\Users\alessio\AppData\Roaming\noah.dat
2016-03-08 17:02 - 2016-03-08 17:02 - 0072708 _____ () C:\Users\alessio\AppData\Roaming\OzerPhase.tst
2016-03-08 17:02 - 2016-03-08 17:02 - 1788503 _____ () C:\Users\alessio\AppData\Roaming\RoundTouch.tst
2016-03-08 17:04 - 2016-03-08 17:04 - 0001150 _____ () C:\Users\alessio\AppData\Roaming\uninstall_temp.ico
2016-03-08 17:14 - 2016-03-08 17:14 - 0000043 _____ () C:\Users\alessio\AppData\Roaming\WB.CFG
2016-01-24 07:21 - 2016-01-24 07:21 - 0000017 _____ () C:\Users\alessio\AppData\Local\si
2016-03-08 17:04 - 2016-03-08 17:04 - 0041472 _____ () C:\Users\alessio\AppData\Local\siliconin.dat
2016-03-08 17:04 - 2016-03-08 17:04 - 0000187 _____ () C:\Users\alessio\AppData\Local\siliconin.exe.config
C:\Users\alessio\AppData\Local\Temp\AC84.tmp.exe
C:\Users\alessio\AppData\Local\Temp\BackupSetup.exe
C:\Users\alessio\AppData\Local\Temp\fsd2B53.exe
C:\Users\alessio\AppData\Local\Temp\sqlite3.dll
C:\Users\alessio\AppData\Local\Temp\UGZAJ88856.exe
EmptyTemp:

*****************

() C:\Users\alessio\AppData\Roaming\Sosrhkajel\Tigni.exe => No running process found
[1360] C:\Users\alessio\AppData\Roaming\Sosrhkajel\Zeiovruk.exe => process closed successfully.
C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe => Could not close process
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe => Could not close process
[1608] C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe => process closed successfully.
[1788] C:\ProgramData\afoir\afoir.exe => process closed successfully.
[5568] C:\ProgramData\afoir\afoir.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mpck_it_017010261 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\rec_it_219 => value removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully
HKU\S-1-5-21-638713059-622732911-1332367520-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => value removed successfully
"C:\ProgramData\afoir\ToughSanis.dll" => Value data removed successfully.
"C:\ProgramData\afoir\Quaddax.dll" => Value data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
"HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5A80962B-EB70-4F31-A83E-DFCBE8EB4796}" => key removed successfully
HKCR\CLSID\{5A80962B-EB70-4F31-A83E-DFCBE8EB4796} => key not found.
"HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CB612F7D-8B7E-47E0-83DB-86FECA44BA32}" => key removed successfully
HKCR\CLSID\{CB612F7D-8B7E-47E0-83DB-86FECA44BA32} => key not found.
"HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E0E57611-8E60-483B-81D0-F44C93A1B20B}" => key removed successfully
HKCR\CLSID\{E0E57611-8E60-483B-81D0-F44C93A1B20B} => key not found.
"HKU\S-1-5-21-638713059-622732911-1332367520-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41209766-818e-448e-adcf-38dffea85e13}" => key removed successfully
HKCR\Wow6432Node\CLSID\{41209766-818e-448e-adcf-38dffea85e13} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4ec1c8fc-9475-4f2d-801f-5990cf65b06d}" => key removed successfully
HKCR\Wow6432Node\CLSID\{4ec1c8fc-9475-4f2d-801f-5990cf65b06d} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{0C10DB17-C642-45B6-9E7C-374ACA6FA8D0} => value removed successfully
Chrome DefaultSuggestURL => removed successfully
CHR Profile: C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\dakbopfhopikoldkooaedfgaffmdpcin <==== ATTENTION => not found
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\alessio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\fcgnigmofekcllgbiejhmigggmgehkip" => key removed successfully
afoir => service removed successfully
BitTorrent => Unable to stop service.
BitTorrent => service removed successfully
MPCProtectService => Unable to stop service.
MPCProtectService => service could not remove
MsMpSvc => Unable to stop service.
MsMpSvc => service could not remove
NisSrv => Unable to stop service.
NisSrv => service could not remove
uzsvc => service removed successfully
uzupd => service removed successfully
Update Simple for You => service removed successfully
{79f178d3-bd22-44af-a661-b1d55a734142}Gw64 => Service stopped successfully.
{79f178d3-bd22-44af-a661-b1d55a734142}Gw64 => service removed successfully
{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64 => Service stopped successfully.
{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64 => service removed successfully
"C:\Windows\System32\drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys 1DEEBFAD57DCD4E8B6F645A645751CC0" => not found.
"C:\Windows\System32\drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys 31DE7B7EB44A18A367BC8ACBAF886589" => not found.
C:\ProgramData\afoirs => moved successfully
C:\ProgramData\afoir => moved successfully
C:\Users\alessio\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108 => moved successfully
C:\extensions => moved successfully
C:\Users\Public\Documents\dmp => moved successfully
C:\Users\alessio\AppData\Local\app => moved successfully

"C:\Program Files (x86)\MPC Cleaner" folder move:

Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.

C:\Users\alessio\AppData\Roaming\gplyra => moved successfully
C:\Windows\system32\Drivers\{e41c6372-fd9c-46e2-9c02-4b1ff1962e66}Gw64.sys => moved successfully
C:\Windows\system32\Drivers\{79f178d3-bd22-44af-a661-b1d55a734142}Gw64.sys => moved successfully
C:\Users\alessio\AppData\Local\siliconin.dat => moved successfully
C:\Users\alessio\Desktop\Random Viral.lnk => moved successfully
C:\Users\alessio\AppData\Local\siliconin.exe.config => moved successfully
C:\Users\alessio\AppData\Roaming\agent.dat => moved successfully
C:\Users\alessio\AppData\Roaming\RoundTouch.tst => moved successfully
C:\Users\alessio\AppData\Roaming\noah.dat => moved successfully
C:\Users\alessio\AppData\Roaming\lobby.dat => moved successfully
C:\Users\alessio\AppData\Roaming\OzerPhase.tst => moved successfully
C:\Users\alessio\AppData\Roaming\Config.xml => moved successfully
C:\Users\alessio\AppData\Roaming\ApplicationHosting.dat => moved successfully
C:\Users\alessio\AppData\Roaming\Main.dat => moved successfully
C:\Users\alessio\AppData\Roaming\md.xml => moved successfully
C:\ProgramData\Ronzaps => moved successfully
C:\Users\alessio\AppData\Roaming\Installer.dat => moved successfully
C:\Users\alessio\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Users\alessio\AppData\Roaming\Battle.net => moved successfully
C:\Users\alessio\AppData\Local\Bluestacks => moved successfully
C:\Windows\SysWOW64\${LOGFILE} => moved successfully
C:\Windows\system32\gil => moved successfully
C:\Windows\System32\Tasks\Poafhot => moved successfully

"C:\Users\alessio\AppData\Roaming\Sosrhkajel" folder move:

Could not move "C:\Users\alessio\AppData\Roaming\Sosrhkajel" => Scheduled to move on reboot.

C:\ProgramData\UltraZipTemp => moved successfully
C:\Windows\run.vbs => moved successfully
C:\Users\alessio\AppData\Local\TechSmith => moved successfully
C:\Users\alessio\AppData\Local\Tempfolder => moved successfully
C:\Windows\system32\pab => moved successfully
C:\Users\alessio\AppData\Roaming\RuafmoWiwa => moved successfully
C:\Windows\System32\Tasks\Pepkie => moved successfully
C:\Users\alessio\AppData\LocalLow\Company => moved successfully
C:\Users\alessio\AppData\Local\si => moved successfully
C:\Users\alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk => moved successfully
C:\ProgramData\7c0535b143fc4671b6ebd202fbffe066 => moved successfully
C:\ProgramData\UltraZip => moved successfully
"C:\Users\alessio\AppData\Roaming\Installer.dat" => not found.
"C:\Users\alessio\AppData\Roaming\lobby.dat" => not found.
"C:\Users\alessio\AppData\Roaming\Main.dat" => not found.
"C:\Users\alessio\AppData\Roaming\md.xml" => not found.
"C:\Users\alessio\AppData\Roaming\noah.dat" => not found.
"C:\Users\alessio\AppData\Roaming\OzerPhase.tst" => not found.
"C:\Users\alessio\AppData\Roaming\RoundTouch.tst" => not found.
C:\Users\alessio\AppData\Roaming\uninstall_temp.ico => moved successfully
C:\Users\alessio\AppData\Roaming\WB.CFG => moved successfully
"C:\Users\alessio\AppData\Local\si" => not found.
"C:\Users\alessio\AppData\Local\siliconin.dat" => not found.
"C:\Users\alessio\AppData\Local\siliconin.exe.config" => not found.
C:\Users\alessio\AppData\Local\Temp\AC84.tmp.exe => moved successfully
C:\Users\alessio\AppData\Local\Temp\BackupSetup.exe => moved successfully
C:\Users\alessio\AppData\Local\Temp\fsd2B53.exe => moved successfully
C:\Users\alessio\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\alessio\AppData\Local\Temp\UGZAJ88856.exe => moved successfully
EmptyTemp: => 148.7 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-10 14:46:58)

"C:\Program Files (x86)\MPC Cleaner" => Could not move
C:\Users\alessio\AppData\Roaming\Sosrhkajel => Is moved successfully

==== End of Fixlog 14:47:07 ====
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:01

Luke57 il pc va bene adesso, unica pecca se mi puoi aiutare a disinstallare x sempre MPCCLEANER non esiste se vado da pannello di controllo programmi e neanche con ccleaner, poi la home di crome non me la fa cambiare la cambio e ritorna sempre la seguente:
http://search.sidecubes.com/?st=sc&q=
grazie
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 10/03/16 16:10

Ciao, puoi inserire su wikisend il file addition.txt derivato dalla prima scansione con FRST? Il link che mi hai fornito non mi ha consentito di scaricare il file...
Inoltre, fai un'altra scansione con adwcleaner e posta il report delle eliminazioni.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:27

Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 10/03/16 16:34

A me serve il report (additon.txt)di FRST che inizia così (esempio da un latro report) :
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Nome utente(2016-03-06 14:37:56)
Running from C:\Users\Nomeutente \Desktop
Windows 10 Home Version 1511 (X64) (2015-11-14 09:21:46)
Boot Mode: Normal
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:34

fatto ecco:
# AdwCleaner v5.101 - Creato file registro eventi 10/03/2016 in 16:25:23
# Aggiornato 07/03/2016 da Xplode
# Database : 2016-03-08.1 [Server]
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (x64)
# Nome utente : alessio - ALESSIO-PC
# In esecuzione da : C:\Users\alessio\Desktop\AdwCleaner.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****

[-] Servizio Eliminato : MPCProtectService
[-] Servizio Eliminato : MPCKpt

***** [ Cartelle ] *****

[#] Cartella Eliminato : C:\Program Files (x86)\MPC Cleaner
[-] Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC

***** [ File ] *****

[-] File Eliminato : C:\Users\Public\Desktop\MPC Cleaner.lnk
[#] File Eliminato : C:\Windows\SysNative\drivers\MPCKpt.sys
[-] File Eliminato : C:\Windows\SysWOW64\findit.xml

***** [ DLLs ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registry ] *****

[-] Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Valore Eliminata : HKCU\Environment [SNF]
[-] Valore Eliminata : HKCU\Environment [SNP]
[-] Chiave Eliminata : HKLM\SOFTWARE\MPC

***** [ Browser web ] *****


*************************

:: Chiavi "Tracing" eliminatas
:: Impostazioni Winsock azzerate

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [19446 byte] - [08/03/2016 19:12:16]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1466 byte] - [10/03/2016 16:25:23]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [17982 byte] - [08/03/2016 18:54:56]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[S2].txt - [1585 byte] - [10/03/2016 16:23:25]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C2].txt - [1743 byte] ##########
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:37

lo ha eliminato e come per magia è ritornata la home che avevo messo. sembra che va tutto ok
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:40

Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 10/03/16 16:41

se c' è qualcosa dimmelo grazie
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi Luke57 » 10/03/16 17:19

Ciao, a questo punto tutto a posto, ci ha pensato adwcleaner ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: pc infettato ho fatto scanzione con combofix allego repo

Postdi demodemo » 11/03/16 06:57

grazie ancora e mo dirò a mio nipote di non scaricare più giochi, alla prossima
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari


Torna a Sicurezza e Privacy


Topic correlati a "pc infettato ho fatto scanzione con combofix allego report":

Pc infettato?
Autore: franco11
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti