| Autore |
 Discussione  |
|
Pauline
Junior Member
50 Messaggi |
 Inserito il - 05/07/2012 : 17:46:04
|
Ciao a tutti, sono una new entry del forum.
Premetto che possiedo un pc Desktop HP Pavillon con so windows vista home premium 64bit.
Ieri mentre navigavo in internet mi si è aperta una pagina con il logo della Guardia di Finanza, nella quale c'era scritto che il mio pc era stato bloccato in quanto conteneva materiale illecito e che per sbloccarlo avrei dovuto pagare 100€.
Facendo una ricerca in internet (da un altro sistema operativo perchè vista era bloccato), ho scoperto che si trattava di un virus ed ho trovato una guida per eliminarlo, la quale diceva di entrare in modalità provvisoria, cliccare START, tutti i programmi ed in esecuzione automatica mi sarei dovuta trovare un file con estensione .DLL che però sembrava non esistere da nessuna parte.
Mi è stato quindi consigliato di avviare la modalità provvisoria e successivamente di utlizzare 2 programmi della McAfee, Stinger e Root Kit Remover ma neanche questi hanno rilevato virus o minacce.
Ho voluto allora provare con l'utilità di sistema System Recovery, creando un punto di ripristino al giorno precedente l'infezione però leggendo un po' qui e la ho paura di non aver avuto una buona idea, forse facendo così non ho elimiinato completamente il virus ma ho solo aggirato temporaneamente il problema, sbaglio?
Ora sto facendo una scansione con MalwareBytes che sembra non rilevare alcun file infetto.
Grazie a chi mi risponderà!
|
Modificato da - in Data
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 05/07/2012 : 18:07:19
|
ciao
quando finisce la scansione posta il risultato poi esegui una scansione cautelativa con Combofix
htt*://download.bleepingcomputer[.com]/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
non usare il pc durante la scansione, nemmeno il mouse! |
 |
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 05/07/2012 : 20:37:14
|
Citazione:
Messaggio inserito da shang
ciao
quando finisce la scansione posta il risultato poi esegui una scansione cautelativa con Combofix
htt*://download.bleepingcomputer[.com]/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
non usare il pc durante la scansione, nemmeno il mouse!
Comincio a postare il log di malwarebytes, ha rilevato una chiave di registro infetta come puoi vedere (una cosa che non so se ho sbagliato è che non ho effettuato la scansione in modalità provvisoria).
Malwarebytes Anti-Malware (Prova) 1.61.0.1400
[www].malwarebytes.org
Versione database: v2012.07.05.05
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Paola :: PC-PAOLA [amministratore]
Protezione: Attivata
05/07/2012 17.04.27
mbam-log-2012-07-05 (20-30-47).txt
Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 438496
Tempo impiegato: 2 ore, 42 minuti, 50 secondi
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Nessuna azione intrapresa.
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 0
(non sono stati rilevati elementi nocivi)
fine)
Ora scarico combofix e poi allego il rapporto. |
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 05/07/2012 : 21:37:31
|
Questo è il report di combofix:
ComboFix 12-07-05.04 - Paola 05/07/2012 20.56.43.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.4094.1300 [GMT 2:00]
Eseguito da: j:\programmi e driver\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\vlc-0.9.9-win32.exe
c:\users\Paola\AppData\Local\bifmzwdb.dat
c:\users\Paola\AppData\Local\bifmzwdb_nav.dat
c:\users\Paola\AppData\Local\bifmzwdb_navps.dat
c:\users\Paola\AppData\Roaming\Ydow
c:\users\Paola\AppData\Roaming\Ydow\agfa.ziy
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-05 al 2012-07-05 )))))))))))))))))))))))))))))))))))
.
.
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\users\Paola\AppData\Roaming\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 14:58 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 17:12 . 2012-07-04 17:13 -------- d-----w- c:\users\Paola\AppData\Roaming\Iwreke
2012-06-13 20:07 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:02 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:02 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:02 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 18:34 . 2012-06-13 19:21 -------- d-----w- c:\users\Paola\AppData\Roaming\Exne
2012-06-13 18:34 . 2012-06-13 18:45 -------- d-----w- c:\users\Paola\AppData\Roaming\Zipoic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:11 . 2012-04-12 14:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 07:11 . 2011-06-13 19:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 08:24 . 2012-04-22 17:25 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-31 04:04 . 2012-07-05 13:46 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8D04CF7-2638-4CBC-99A9-616245A150F7}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AliceRV_McciTrayApp"="c:\program files (x86)\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-06-26 115816]
"Symantec PIF AlertEng"="c:\program files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-04-16 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
 ="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:11]
.
2012-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-08 13:38]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000Core.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000UA.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-02 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Paola.job
- c:\program files (x86)\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 03:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://[www].iol.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Qeiwedepo - c:\users\Paola\AppData\Roaming\Enmeoh\qiwo.exe
Wow6432Node-HKCU-Run-Fehyov - c:\users\Paola\AppData\Roaming\Exne\akmi.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-*******! Internet Mail - c:\windows\system32\regsvr32
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files (x86)\*******!\SoftwareUpdate\*******AUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files (x86)\Portrait Displays\HP My Display\DTHtml.exe
c:\program files (x86)\Portrait Displays\Pivot Software\floater.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\hp\kbd\kbd.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-05 21:33:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-05 19:33
.
Pre-Run: 132.012.335.104 byte disponibili
Post-Run: 132.535.619.584 byte disponibili
.
- - End Of File - - F0E35D82CF14D3DB07433FE90A9F7094
|
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 05/07/2012 : 22:34:39
|
Evidenzia gli elementi trovati da malwarebyts e premi "Rimuovi elementi selezionati".
apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script in blu
file::
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
folder::
c:\program files (x86)\AskBarDis
registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
Dirlook::
c:\users\Paola\AppData\Roaming\Exne
c:\users\Paola\AppData\Roaming\Zipoic
c:\users\Paola\AppData\Roaming\Iwreke
salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt
Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione. |
Modificato da - shang in data 05/07/2012 22:40:39 |
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 06/07/2012 : 14:14:55
|
Citazione:
Messaggio inserito da shang
Evidenzia gli elementi trovati da malwarebyts e premi "Rimuovi elementi selezionati".
apri un file di testo (dal blocco note di windows), al suo interno incollaci il seguente script in blu
file::
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
folder::
c:\program files (x86)\AskBarDis
registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
Dirlook::
c:\users\Paola\AppData\Roaming\Exne
c:\users\Paola\AppData\Roaming\Zipoic
c:\users\Paola\AppData\Roaming\Iwreke
salva il file nella stessa cartella dove hai messo combofix chiamandolo obbligatoriamente CFScript.txt
Fatto ciò, con il puntatore del mouse, trascina il file sull'icona di combofix. Il programma avvierà una nuova scansione, come la precedente. Non fare e non muovere nulla. Al termine di essa, se non si riavvierà automaticamente il computer, fallo tu. Allega il nuovo file c:\combofix.txt prodotto dalla scansione.
Per il momento non lo posso fare perchè ieri sera ho beccato un altro virus, stavolta è il Security Schield, conosci?
Hai qualche consiglio per eliminarlo? Non capisco come mai l'antivirus non me li blocchi più, ho il norton internet security 2007. |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 06/07/2012 : 17:26:24
|
tanto per cominciare rimuovi il norton che e' come un virus scarica lo strumento per disinstallarlo da qui e installa avira e settalo secondo questa guida
prima di eseguire queste operazioni prova a copiare quello script con le istruzioni che ti ho dato, una volta finito posta il rapporto e avvia una scansione completa con avira aggiornato |
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 06/07/2012 : 20:58:53
|
Citazione:
Messaggio inserito da shang
tanto per cominciare rimuovi il norton che e' come un virus scarica lo strumento per disinstallarlo da qui e installa avira e settalo secondo questa guida
prima di eseguire queste operazioni prova a copiare quello script con le istruzioni che ti ho dato, una volta finito posta il rapporto e avvia una scansione completa con avira aggiornato
In che senso norton è come un virus? Avira ha anche il firewall? |
Modificato da - Pauline in data 06/07/2012 21:04:18 |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 06/07/2012 : 21:05:29
|
nel senso che fa' schifo, l'ho avuto per due anni ....entrava di tutto
segui le istruzioni che ti ho dato
grazie |
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 07/07/2012 : 12:36:02
|
Ho rimosso gli elementi rilevati da malwarebytes ed avviato una nuova scansione con combofix con lo script che mi hai dato.
Questo è il nuovo report creato da combofix:
ComboFix 12-07-05.04 - Paola 07/07/2012 12.01.09.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.4094.1989 [GMT 2:00]
Eseguito da: j:\programmi e driver\ComboFix.exe
Opzioni usate :: j:\programmi e driver\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\AskBarDis\bar\bin\askBar.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AskBarDis
c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
c:\program files (x86)\AskBarDis\bar\bin\askPopStp.dll
c:\program files (x86)\AskBarDis\bar\bin\psvince.dll
c:\program files (x86)\AskBarDis\bar\Settings\config.dat
c:\program files (x86)\AskBarDis\bar\Settings\config.dat.bak
c:\program files (x86)\AskBarDis\unins000.dat
c:\program files (x86)\AskBarDis\unins000.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-07 al 2012-07-07 )))))))))))))))))))))))))))))))))))
.
.
2012-07-07 10:18 . 2012-07-07 10:21 -------- d-----w- c:\users\Paola\AppData\Local\temp
2012-07-07 10:18 . 2012-07-07 10:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\users\Paola\AppData\Roaming\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 14:58 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 17:12 . 2012-07-04 17:13 -------- d-----w- c:\users\Paola\AppData\Roaming\Iwreke
2012-06-13 20:07 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:02 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:02 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:02 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 18:34 . 2012-06-13 19:21 -------- d-----w- c:\users\Paola\AppData\Roaming\Exne
2012-06-13 18:34 . 2012-06-13 18:45 -------- d-----w- c:\users\Paola\AppData\Roaming\Zipoic
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:11 . 2012-04-12 14:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 07:11 . 2011-06-13 19:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 08:24 . 2012-04-22 17:25 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-31 04:04 . 2012-07-07 10:02 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AC01897-951B-4686-A52D-B5A24D026331}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Paola\AppData\Roaming\Exne ----
.
.
---- Directory of c:\users\Paola\AppData\Roaming\Iwreke ----
.
.
---- Directory of c:\users\Paola\AppData\Roaming\Zipoic ----
.
.
.
((((((((((((((((((((((((((((( SnapShot2012-07-05_19.26.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-07-05 18:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-07-07 10:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-07-05 18:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-07-07 10:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-05 19:25 . 2012-07-05 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-07 10:20 . 2012-07-07 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-05 19:25 . 2012-07-05 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 10:20 . 2012-07-07 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2012-07-07 10:20 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-07-05 18:51 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-10 21:47 . 2012-07-07 10:18 539244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-10 21:47 . 2012-07-05 19:21 539244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-21 22:05 . 2012-07-07 10:18 12491114 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-8192.dat
- 2011-02-21 22:05 . 2012-07-05 19:21 12491114 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-8192.dat
+ 2011-02-21 22:05 . 2012-07-07 10:18 37641164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-4096.dat
- 2011-02-21 22:05 . 2012-07-05 19:21 37641164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AliceRV_McciTrayApp"="c:\program files (x86)\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-06-26 115816]
"Symantec PIF AlertEng"="c:\program files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-04-16 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:11]
.
2012-07-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-08 13:38]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000Core.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000UA.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-02 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Paola.job
- c:\program files (x86)\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 03:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://[www].iol.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files (x86)\AskBarDis\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files (x86)\*******!\SoftwareUpdate\*******AUService.exe
c:\program files (x86)\Portrait Displays\HP My Display\DTHtml.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Portrait Displays\Pivot Software\floater.exe
c:\hp\kbd\kbd.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-07 12:27:53 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-07 10:27
ComboFix2.txt 2012-07-05 19:33
.
Pre-Run: 132.572.049.408 byte disponibili
Post-Run: 132.471.693.312 byte disponibili
.
- - End Of File - - F4B8F0F4C8E643B96DFF48FE6D35CC3A
Al più presto provvedo a disinstallare norton e scaricare avira.
Oltre ad avira potrebbe essere opportuno tenere anche malwarebytes? |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 07/07/2012 : 13:05:36
|
lo script va eseguito dal desktop
j:\programmi e driver\CFScript.txt
controlla cosa contengono queste cartelle se non le conosci
eliminale
c:\users\Paola\AppData\Roaming\Exne
c:\users\Paola\AppData\Roaming\Iwreke
c:\users\Paola\AppData\Roaming\Zipoic
|
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 07/07/2012 : 15:02:17
|
Ho eliminato i file che mi hai detto e rilanciato un nuovo script di combofix dal desktop. questo è il nuovo rwport:
ComboFix 12-07-07.02 - Paola 07/07/2012 14.12.52.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.4094.2203 [GMT 2:00]
Eseguito da: c:\users\Paola\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Paola\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\AskBarDis\bar\bin\askBar.dll"
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-07 al 2012-07-07 )))))))))))))))))))))))))))))))))))
.
.
2012-07-07 12:28 . 2012-07-07 12:30 -------- d-----w- c:\users\Paola\AppData\Local\temp
2012-07-07 12:28 . 2012-07-07 12:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-07 10:02 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6AC01897-951B-4686-A52D-B5A24D026331}\mpengine.dll
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\users\Paola\AppData\Roaming\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 14:58 . 2012-07-05 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 14:58 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 20:07 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:02 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:02 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:02 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 20:02 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 20:02 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 07:11 . 2012-04-12 14:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 07:11 . 2011-06-13 19:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 08:24 . 2012-04-22 17:25 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((( SnapShot2012-07-05_19.26.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-07-05 18:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-07-07 12:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-07-05 18:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-07-07 12:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-05 19:25 . 2012-07-05 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-07 12:29 . 2012-07-07 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-05 19:25 . 2012-07-05 19:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 12:29 . 2012-07-07 12:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-01-21 03:20 . 2012-07-07 12:30 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-07-05 18:51 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-10 21:47 . 2012-07-07 12:28 539244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-10 21:47 . 2012-07-05 19:21 539244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-21 22:05 . 2012-07-07 12:28 12491114 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-8192.dat
- 2011-02-21 22:05 . 2012-07-05 19:21 12491114 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-8192.dat
+ 2011-02-21 22:05 . 2012-07-07 12:28 37641164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-4096.dat
- 2011-02-21 22:05 . 2012-07-05 19:21 37641164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2870153315-1412752025-1148091603-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AliceRV_McciTrayApp"="c:\program files (x86)\Alice ti aiuta\McciTrayApp.exe" [2007-01-23 1001472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2007-06-26 115816]
"Symantec PIF AlertEng"="c:\program files (x86)\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT HPW"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-04-16 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-03-10 2617808]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-03-10 909592]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 257224]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 07:11]
.
2012-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-08 13:38]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-06 20:23]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000Core.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2870153315-1412752025-1148091603-1000UA.job
- c:\users\Paola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-20 14:51]
.
2012-07-02 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Paola.job
- c:\program files (x86)\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-06-26 03:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-03-10 140568]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://[www].iol.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp[.com]/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Paola\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.8 85.38.28.73
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
Denied: (A 2) (Everyone)
="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
Denied: (A 2) (Everyone)
="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Denied: (A 2) (Everyone)
=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files (x86)\*******!\SoftwareUpdate\*******AUService.exe
c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files (x86)\Portrait Displays\HP My Display\DTHtml.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files (x86)\Portrait Displays\Pivot Software\floater.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-07 14:36:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-07 12:36
ComboFix2.txt 2012-07-07 12:04
ComboFix3.txt 2012-07-07 10:27
ComboFix4.txt 2012-07-05 19:33
.
Pre-Run: 132.399.747.072 byte disponibili
Post-Run: 132.345.753.600 byte disponibili
.
- - End Of File - - 15BDF0C9B6D7FED2384B89122F5817A7
|
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 07/07/2012 : 19:15:51
|
Scarica ed installa
CCleaner
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
scarica atf cleaner non richiede installazione
Una volta avviata l´applicazione seleziona “Select All” , nella barra del menù in alto compariranno anche le voci dei browers, (Firofox o Opera) premi sulla voce di menu che riguarda il tuo browers e seleziona anche lì la casella “Select All“, (se vuoi mantenere le password deseleziona la rispettiva casella).
Fatto questo non resta altro da fare, premi sul pulsante “Empty selected” e attendi che venga mostrato il messaggio “Done Cleaning!.” la pulizia è terminata.
Scarica OTL sul desktop:
htt*://oldtimer.geekstogo[.com]/OTL.exe
Apri OTL e clicca su Cleanup.
Si disistallerà Combofix e lo stesso OTL.
Fai una scansione col tuo antivirus (visto che ti fidi del norton) eseguila lo stesso, non accetti i consigli che ti vengono dati ma il pc e' il tuo e non posso obbligarti
Quando hai finito posta un log di hit e fammi sapere se riscontri ancora problemi
|
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 07/07/2012 : 19:29:21
|
Forse non hai letto ma ti avevo scritto nel messaggio delle 12.36 che al più presto toglierò norton ed installerò avira.
Comunque ti ringrazio, farò come mi hai detto e ti farò sapere. |
|
|
|
Pauline
Junior Member
50 Messaggi |
Inserito il - 08/07/2012 : 14:16:40
|
Ho scaricato ed installato CCleaner versione 3.20 ma in Impostazioni, Avanzate la voce 'Cancella solo file più vecchi di 48 ore' non c'è, c'è 'Cancella solo file più vecchi di 24 ore', è quella?
Inoltre alla voce "Pulizia" non ho trovato 'Disinstallatori aggiornamento di WinUpdate'.
|
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 08/07/2012 : 15:56:37
|
si si e' quella Cancella solo file più vecchi di 24 ore', |
|
|
|
Discussione |
|
|
|
Virus 'Guardia di Finanza'
Forum Bloccato
