Come verificare di non essere spiati sul PC da un trojan?

F

furbo1984

Digital-Forum Junior
Registrato
8 Novembre 2011
Messaggi
53
Ciao a tutti ragazzi, avrei bisogno di un consiglio:

Come posso verificare che nessuno stia spiando il mio PC attraverso un trojan?
Spiare nel senso che mi frughi e mi rubi i dati salvati nel mio HDD, la webcam non ce l'ho però che magari potrebbe accenderla e guardarmi etc...
Un qualcosa che io ho cliccato a mia insaputa, magari nascosto in un rar inviatomi per posta che conteneva altri documenti.

Come antivirus ho kaspersky internet security e come SO win 7 ultimate a 64bit.

Ovviamente le scansioni con kaspersky e anche con atimalwarebytes sono negative però vorrei togliermi ogni dubbio..

il problema è che il pc sembra lento su internet anche se non sto scaricando niente, e poi le statistiche sull'utilizzo della rete che mi fornisce kaspersky sono anomale, almeno per me..
ho dei valori di upload alti, sia con utorrent (dove ho l'up settato a 15kb/s) sia per firefox quando non ho caricato nulla di rilevante..

E poi un altra cosa, da quando ho messo kaspersky, con utorrent aperto, non mi va facebook se ci vado con opera.

Grazie a tutti in anticipo per l'aiuto che vorrete darmi.
 
Non è vero, ci sono solo alcune voci che segnala come mancanti, ma non è un problema

Funziona regolarmente ;)
 
dopo aver fatto la scansione con hijackthis, ho ricevuto di nuovo una mail sospetta..
ho scaricato il rar, ma non l'ho estratto.. ho aperto solo lo zip per le anteprime.. ho visto che invece di un file con l'estensione che doveva avere c'era un exe ed ho fatto quindi la scansione con l'antivirus.
mi ha trovato questo: (Backdoor.Agent.WDW)

messo in quarantena ed eliminato.

Ora io non ho estratto il rar, ne cliccato sopra l'exe.. avevo solo aperto il rar per vedere cosa c'era al suo interno, non credo di essere stato infettato.
comunque per non saper ne leggere ne scrivere, ho fatto una scansione con kaspersky, con antimalwarebytes, ed infine con combofix.

Posto i log combofix e hijackthis, mi potete tranquillizzare?
Codice: 
ComboFix 14-02-20.01 - Admin 22/02/2014  21:32:04.3.4 - x64
  Windows Seven Ice Extreme v1   6.1.7601.1.1252.39.1040.18.8146.5665 [GMT 1:00]
Eseguito da: c:\users\Admin\Desktop\Bimbobux.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1392202812.bdinstall.bin
c:\programdata\1392203397.bdinstall.bin
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-01-22 al 2014-02-22  )))))))))))))))))))))))))))))))))))
.
.
2014-02-22 20:35 . 2014-02-22 20:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-02-22 20:35 . 2014-02-22 20:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-02-22 02:30 . 2014-02-22 02:30	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36A301A9-781A-4313-A03E-D2383DB525AB}\offreg.dll
2014-02-22 02:29 . 2014-02-06 09:01	10536864	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{36A301A9-781A-4313-A03E-D2383DB525AB}\mpengine.dll
2014-02-19 15:57 . 2014-02-20 00:10	--------	d-----w-	c:\users\Admin\AppData\Local\WindowsApplication1
2014-02-13 13:50 . 2014-02-13 13:50	--------	d-----w-	c:\program files\Common Files\Apple
2014-02-13 13:50 . 2014-02-13 13:50	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2014-02-12 21:26 . 2014-02-06 22:55	806104	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2014-02-12 15:55 . 2013-12-06 02:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2014-02-12 13:40 . 2014-02-12 13:40	0	----a-w-	c:\windows\SysWow64\FAPBF4.tmp
2014-02-12 13:40 . 2014-02-12 13:40	0	----a-w-	c:\windows\SysWow64\FAP3F.tmp
2014-02-12 13:39 . 2014-02-12 13:39	0	----a-w-	c:\windows\SysWow64\FAP8FDF.tmp
2014-02-12 13:39 . 2014-02-12 13:39	0	----a-w-	c:\windows\SysWow64\FAP8504.tmp
2014-02-12 13:35 . 2014-02-12 13:35	0	----a-w-	c:\windows\SysWow64\FAP7069.tmp
2014-02-12 13:35 . 2014-02-12 13:35	0	----a-w-	c:\windows\SysWow64\FAP663A.tmp
2014-02-12 11:13 . 2012-07-11 16:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2014-02-12 11:13 . 2014-02-12 11:13	--------	d-----w-	c:\windows\ELAMBKUP
2014-02-12 11:13 . 2014-02-21 19:22	--------	d-----w-	c:\programdata\Kaspersky Lab
2014-02-12 11:13 . 2014-02-12 11:13	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2014-02-12 11:13 . 2014-02-12 11:33	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-02-12 11:13 . 2014-02-12 11:33	626272	----a-w-	c:\windows\system32\drivers\klif.sys
2014-02-12 11:00 . 2014-02-12 11:00	--------	d-----w-	c:\programdata\BDLogging
2014-02-12 11:00 . 2007-04-11 10:11	511328	----a-w-	c:\windows\capicom.dll
2014-02-12 11:00 . 2014-02-12 11:00	--------	d-----w-	c:\users\Admin\AppData\Roaming\QuickScan
2014-02-12 10:59 . 2014-02-12 11:10	--------	d-----w-	c:\program files\Common Files\Bitdefender
2014-02-10 15:51 . 2014-02-10 15:51	--------	d-----w-	c:\users\Admin\Photos
2014-02-06 22:36 . 2014-02-06 22:37	--------	d-----w-	c:\program files\VG-Ripper 64Bit
2014-02-06 22:34 . 2014-02-08 13:22	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 21:20 . 2012-09-17 00:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 21:20 . 2012-09-17 00:50	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-17 00:36 . 2012-09-30 16:04	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-02-12 11:33 . 2012-10-25 12:47	29280	----a-w-	c:\windows\system32\drivers\klmouflt.sys
2014-02-12 11:33 . 2012-10-25 12:47	29280	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2014-02-12 11:33 . 2012-08-13 15:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2014-02-12 11:33 . 2012-08-02 14:09	29792	----a-w-	c:\windows\system32\drivers\klim6.sys
2014-02-12 11:33 . 2012-06-08 10:38	54368	----a-w-	c:\windows\system32\drivers\kltdi.sys
2014-02-12 11:33 . 2012-06-19 16:28	458336	----a-w-	c:\windows\system32\drivers\kl1.sys
2014-01-19 19:07 . 2014-01-19 19:05	24135564	----a-w-	C:\torbrowser-install-3.5_it.exe
2014-01-06 19:23 . 2014-01-06 19:23	4558848	----a-w-	c:\windows\SysWow64\GPhotos.scr
2013-12-22 12:02 . 2013-12-22 12:00	291944	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-12-22 12:02 . 2013-12-22 12:00	291944	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-12-22 12:00 . 2013-12-22 12:00	291944	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-12-22 12:00 . 2013-12-22 12:00	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-12-18 20:09 . 2013-10-29 12:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 05:13 . 2012-09-06 16:37	270496	------w-	c:\windows\system32\MpSigStub.exe
2013-12-12 00:40 . 2013-12-12 00:40	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-12 00:40 . 2013-12-12 00:40	194048	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-12-12 00:40 . 2013-12-12 00:40	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-12 00:40 . 2013-12-12 00:40	645120	----a-w-	c:\windows\SysWow64\jsIntl.dll
2013-12-12 00:40 . 2013-12-12 00:40	62464	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-12-12 00:40 . 2013-12-12 00:40	61952	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2013-12-12 00:40 . 2013-12-12 00:40	34816	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-12 00:40 . 2013-12-12 00:40	337408	----a-w-	c:\windows\SysWow64\html.iec
2013-12-12 00:40 . 2013-12-12 00:40	24576	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-12-12 00:40 . 2013-12-12 00:40	235008	----a-w-	c:\windows\system32\elshyph.dll
2013-12-12 00:40 . 2013-12-12 00:40	182272	----a-w-	c:\windows\SysWow64\msls31.dll
2013-12-12 00:40 . 2013-12-12 00:40	151552	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-12-12 00:40 . 2013-12-12 00:40	139264	----a-w-	c:\windows\SysWow64\wextract.exe
2013-12-12 00:40 . 2013-12-12 00:40	1051136	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-12-12 00:40 . 2013-12-12 00:40	942592	----a-w-	c:\windows\system32\jsIntl.dll
2013-12-12 00:40 . 2013-12-12 00:40	90112	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-12-12 00:40 . 2013-12-12 00:40	86016	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-12-12 00:40 . 2013-12-12 00:40	86016	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-12-12 00:40 . 2013-12-12 00:40	84992	----a-w-	c:\windows\system32\mshtmled.dll
2013-12-12 00:40 . 2013-12-12 00:40	83968	----a-w-	c:\windows\system32\MshtmlDac.dll
2013-12-12 00:40 . 2013-12-12 00:40	81408	----a-w-	c:\windows\system32\icardie.dll
2013-12-12 00:40 . 2013-12-12 00:40	774144	----a-w-	c:\windows\system32\jscript.dll
2013-12-12 00:40 . 2013-12-12 00:40	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-12-12 00:40 . 2013-12-12 00:40	74240	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-12 00:40 . 2013-12-12 00:40	62464	----a-w-	c:\windows\system32\pngfilt.dll
2013-12-12 00:40 . 2013-12-12 00:40	616104	----a-w-	c:\windows\system32\ieapfltr.dat
2013-12-12 00:40 . 2013-12-12 00:40	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-12-12 00:40 . 2013-12-12 00:40	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-12-12 00:40 . 2013-12-12 00:40	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-12-12 00:40 . 2013-12-12 00:40	48128	----a-w-	c:\windows\system32\imgutil.dll
2013-12-12 00:40 . 2013-12-12 00:40	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2013-12-12 00:40 . 2013-12-12 00:40	413696	----a-w-	c:\windows\system32\html.iec
2013-12-12 00:40 . 2013-12-12 00:40	40448	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-12 00:40 . 2013-12-12 00:40	36352	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-12-12 00:40 . 2013-12-12 00:40	30208	----a-w-	c:\windows\system32\licmgr10.dll
2013-12-12 00:40 . 2013-12-12 00:40	296960	----a-w-	c:\windows\system32\dxtrans.dll
2013-12-12 00:40 . 2013-12-12 00:40	263376	----a-w-	c:\windows\system32\iedkcs32.dll
2013-12-12 00:40 . 2013-12-12 00:40	247808	----a-w-	c:\windows\system32\msls31.dll
2013-12-12 00:40 . 2013-12-12 00:40	243200	----a-w-	c:\windows\system32\webcheck.dll
2013-12-12 00:40 . 2013-12-12 00:40	235520	----a-w-	c:\windows\system32\url.dll
2013-12-12 00:40 . 2013-12-12 00:40	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-12-12 00:40 . 2013-12-12 00:40	147968	----a-w-	c:\windows\system32\occache.dll
2013-12-12 00:40 . 2013-12-12 00:40	143872	----a-w-	c:\windows\system32\wextract.exe
2013-12-12 00:40 . 2013-12-12 00:40	13824	----a-w-	c:\windows\system32\mshta.exe
2013-12-12 00:40 . 2013-12-12 00:40	135680	----a-w-	c:\windows\system32\iepeers.dll
2013-12-12 00:40 . 2013-12-12 00:40	13312	----a-w-	c:\windows\SysWow64\mshta.exe
2013-12-12 00:40 . 2013-12-12 00:40	13312	----a-w-	c:\windows\system32\msfeedssync.exe
2013-12-12 00:40 . 2013-12-12 00:40	131072	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-12-12 00:40 . 2013-12-12 00:40	1228800	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-12-12 00:40 . 2013-12-12 00:40	111616	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-12-12 00:40 . 2013-12-12 00:40	105984	----a-w-	c:\windows\system32\iesysprep.dll
2013-12-12 00:40 . 2013-12-12 00:40	101376	----a-w-	c:\windows\system32\inseng.dll
2013-11-27 01:41 . 2014-01-15 17:41	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 17:41	53248	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 17:41	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 17:41	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 17:41	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 17:41	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 17:41	376768	----a-w-	c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 17:41	3156480	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2011-02-10 1475584]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-10-08 766208]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2014-02-12 356128]
.
c:\users\Alessio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitoraggio della tecnologia Intel® Turbo Boost 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 GPCIDrv;GPCIDrv;c:\program files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys;c:\program files (x86)\GIGABYTE\EasyBoost\GPCIDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c:\windows\SYSNATIVE\DRIVERS\ivusb.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunnelBearMaintenance;TunnelBear Maintenance;c:\program files (x86)\TunnelBear\TBear.Maintenance.exe;c:\program files (x86)\TunnelBear\TBear.Maintenance.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 20:23	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 21:20]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 19:24]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-24 19:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-03 6463592]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi ad Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CD8D669D-684C-46F7-BA4A-0DDB46558345}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vhen3vza.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.igoogle.it
FF - prefs.js: network.proxy.ftp - 119.252.164.210
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 119.252.164.210
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 119.252.164.210
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 119.252.164.210
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 119.252.164.210
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.searchgol.tlbrSrchUrl - 
FF - user.js: extensions.searchgol.id - 9cb2369a0000000000008c89a5dc4082
FF - user.js: extensions.searchgol.appId - {4277F7CF-0000-46CF-BA49-D624465C4BAB}
FF - user.js: extensions.searchgol.instlDay - 15991
FF - user.js: extensions.searchgol.vrsn - 1.8.16.19
FF - user.js: extensions.searchgol.vrsni - 1.8.16.19
FF - user.js: extensions.searchgol.vrsnTs - 1.8.16.1919:44
FF - user.js: extensions.searchgol.prtnrId - searchgol
FF - user.js: extensions.searchgol.prdct - searchgol
FF - user.js: extensions.searchgol.aflt - babsst
FF - user.js: extensions.searchgol.smplGrp - none
FF - user.js: extensions.searchgol.tlbrId - base
FF - user.js: extensions.searchgol.instlRef - sst
FF - user.js: extensions.searchgol.dfltLng - it
FF - user.js: extensions.searchgol.excTlbr - false
FF - user.js: extensions.searchgol.ffxUnstlRst - false
FF - user.js: extensions.searchgol.admin - false
FF - user.js: extensions.searchgol.autoRvrt - false
FF - user.js: extensions.searchgol.rvrt - false
FF - user.js: extensions.searchgol.newTab - false
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Agent - c:\program files\Bitdefender\Bitdefender\pmbxag.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet - c:\program files\Bitdefender\Bitdefender\pwdmanui.exe
Wow6432Node-HKU-Default-Run-Bitdefender Wallet Application Agent - c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-InstallerLauncher - c:\program files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-02-22  21:36:19
ComboFix-quarantined-files.txt  2014-02-22 20:36
.
Pre-Run: 61.816.582.144 byte disponibili
Post-Run: 61.778.087.936 byte disponibili
.
- - End Of File - - 1B711E3D1D95EFF2DAF0977496466FDF
A36C5E4F47E84449FF07ED3517B43A31
 
log hijackthis, (quello precedente era combofix)
Codice: 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:08:12, on 26/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)

FIREFOX: 27.0.1 (it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Tor Browser\Browser\firefox.exe
C:\Tor Browser\Tor\tor.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
Z:\Internet Download\HijackThis(1).exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-4207703880-2728405927-611813907-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (User 'Alessio')
O4 - S-1-5-21-4207703880-2728405927-611813907-1000 Startup: Monitoraggio della tecnologia Intel® Turbo Boost 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (User 'Alessio')
O4 - S-1-5-21-4207703880-2728405927-611813907-1000 User Startup: Monitoraggio della tecnologia Intel® Turbo Boost 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (User 'Alessio')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8D669D-684C-46F7-BA4A-0DDB46558345}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Servizio Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSI_SuperCharger - MSI - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TunnelBear Maintenance (TunnelBearMaintenance) - Unknown owner - C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12301 bytes

c'è qualcos'altro che posso fare?
 
E' ok

Aggiorna le Flash (sono da aggiornare) ed eventualmente le Java
 
grazie..
come mai hai usato il plurale "LE flash"? che devo aggiornare oltre flash player?
java dovrebbe essere aggiornato, l'ho aggiornato pochi gg fa..
 
Se l'antivirus l'ha rilevato , l'ha rimosso sicuramente

Poi non l'avevi aperto ;)
 
si, non so se mi sono spiegato bene..
ho scaricato il rar, ho cliccato due volte e mi si è aperto winrar.
quindi lo zip l'ho aperto, ma non l'ho estratto. Ho visto che il file invece che essere .avi era .exe,
ho richiuso winrar e l'ho fatto scansionare da antimalwarebytes (kaspersky non mi rilevava nulla) ha rilevato il trojan e l'ha cancellato.

ecco spero di essermi spiegato meglio. :D

cmq grazie davvero dell'aiuto!
 
furbo1984 ha scritto:
si, non so se mi sono spiegato bene..
ho scaricato il rar, ho cliccato due volte e mi si è aperto winrar.
quindi lo zip l'ho aperto, ma non l'ho estratto. Ho visto che il file invece che essere .avi era .exe,
ho richiuso winrar e l'ho fatto scansionare da antimalwarebytes (kaspersky non mi rilevava nulla) ha rilevato il trojan e l'ha cancellato.

ecco spero di essermi spiegato meglio. :D

cmq grazie davvero dell'aiuto!
Clicca per espandere...

Io invece, qualche volta, ho notato con antimalwarebyte, che se non estraevo il file compresso non mi segnalava la minaccia mentre se lo estraevo rilevava il virus. Poi pero' un'altra volta me l'ha rilevato pure senza che l'avessi estratto.

In ogni caso, se te l'ha rilevato ed eliminato, ora non dovresti avere piu' nessun problema.
 
Ad ogni modo, ma questo mi sembra scontato per ogni antivirus o antispyware che sia vanno dapprima di effettuare le scansioni impostate per bene le configurazioni e le opzioni e devono essere aggiornati sempre alle utlime definizioni.
Inoltre le scansioni devono essere seguite sempre in modalità provvisoria e con la funzione di ripristino confiurazione di sistema disattivata. ;)
 
Corry744 ha scritto:
Ad ogni modo, ma questo mi sembra scontato per ogni antivirus o antispyware che sia vanno dapprima di effettuare le scansioni impostate per bene le configurazioni e le opzioni e devono essere aggiornati sempre alle utlime definizioni.
Inoltre le scansioni devono essere seguite sempre in modalità provvisoria e con la funzione di ripristino confiurazione di sistema disattivata. ;)
Clicca per espandere...
e perche???
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso