ciao r16

ho fatto quello che mi ai detto di seguito il log di malware bytes


Malwarebytes Anti-Malware (Prova) 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.05.13.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
utente :: PC-UTENTE [amministratore]

Protezione: Attivata

13/05/2012 11.01.48
mbam-log-2012-05-13 (11-01-48).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 328613
Tempo impiegato: 2 ore, 22 minuti, 12 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)



e questo e il log di combofix



ComboFix 12-05-13.02 - utente 13/05/2012 14.58.41.1.1 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.1526.572 [GMT 2:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\install.log
c:\program files\OfferBox\install.xml
c:\program files\OfferBox\language.xml
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxHTTPProxy.exe
c:\program files\OfferBox\uninstaller.exe
c:\users\utente\AppData\Roaming\OfferBox
c:\windows\Temp\log.txt
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-13 al 2012-05-13 )))))))))))))))))))))))))))))))))))
.
.
2012-05-13 13:16 . 2012-05-13 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\users\utente\AppData\Roaming\Malwarebytes
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-05-12 11:34 . 2012-05-12 11:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-05-12 11:34 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 15:18 . 2012-04-27 15:18 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-04-27 15:18 . 2012-04-27 15:18 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-04-27 15:18 . 2012-04-27 15:18 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-04-24 18:04 . 2012-04-24 18:05 -------- d-----w- c:\program files\HOEPLI Esercitazioni Office 2007
2012-04-20 17:30 . 2012-04-20 17:30 250 ----a-w- C:\user.js
2012-04-20 17:30 . 2012-04-20 17:30 -------- d-----w- c:\program files\BabylonToolbar
2012-04-20 17:30 . 2012-04-20 17:30 -------- d-----w- c:\program files\GPLGS
2012-04-20 17:30 . 2011-10-04 20:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- C:\Program1
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\program files\PDFCreator
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\users\utente\AppData\Local\Babylon
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\users\utente\AppData\Roaming\Babylon
2012-04-20 17:29 . 2012-04-20 17:29 -------- d-----w- c:\programdata\Babylon
2012-04-16 11:14 . 2012-03-11 21:13 33984 ----a-w- c:\windows\system32\cmdcsr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-07 09:50 . 2011-09-30 13:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-06 14:46 . 2011-06-04 14:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 10:12 . 2012-03-24 10:12 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-24 10:11 . 2012-03-24 10:11 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-24 10:11 . 2012-03-24 10:11 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-24 10:11 . 2012-03-24 10:11 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-24 10:11 . 2012-03-24 10:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-24 10:11 . 2012-03-24 10:11 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-24 10:11 . 2012-03-24 10:11 367104 ----a-w- c:\windows\system32\html.iec
2012-03-24 10:11 . 2012-03-24 10:11 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-24 10:11 . 2012-03-24 10:11 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-24 10:11 . 2012-03-24 10:11 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-24 10:11 . 2012-03-24 10:11 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-24 10:11 . 2012-03-24 10:11 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-24 10:11 . 2012-03-24 10:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-24 10:11 . 2012-03-24 10:11 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-24 10:11 . 2012-03-24 10:11 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-24 10:11 . 2012-03-24 10:11 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-24 10:11 . 2012-03-24 10:11 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-24 10:08 . 2012-03-24 10:08 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-03-24 10:08 . 2012-03-24 10:08 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-03-24 10:08 . 2012-03-24 10:08 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-03-24 10:08 . 2012-03-24 10:08 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-03-24 10:08 . 2012-03-24 10:08 98816 ----a-w- c:\windows\system32\mfps.dll
2012-03-24 10:08 . 2012-03-24 10:08 2873344 ----a-w- c:\windows\system32\mf.dll
2012-03-24 10:08 . 2012-03-24 10:08 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-03-24 10:08 . 2012-03-24 10:08 586240 ----a-w- c:\windows\system32\stobject.dll
2012-03-24 10:07 . 2012-03-24 10:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-03-24 10:07 . 2012-03-24 10:07 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-03-24 10:07 . 2012-03-24 10:07 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-03-24 10:07 . 2012-03-24 10:07 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-24 10:07 . 2012-03-24 10:07 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-03-24 10:07 . 2012-03-24 10:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-03-24 10:07 . 2012-03-24 10:07 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-03-24 10:07 . 2012-03-24 10:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-03-24 10:07 . 2012-03-24 10:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-03-24 10:07 . 2012-03-24 10:07 258048 ----a-w- c:\windows\system32\winspool.drv
2012-03-24 10:07 . 2012-03-24 10:07 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-03-24 10:07 . 2012-03-24 10:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-03-24 10:06 . 2012-03-24 10:06 4096 ----a-w- c:\windows\system32\drivers\it-IT\dxgkrnl.sys.mui
2012-03-24 10:06 . 2012-03-24 10:06 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-03-24 10:06 . 2012-03-24 10:06 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-03-24 10:06 . 2012-03-24 10:06 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-03-24 10:06 . 2012-03-24 10:06 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-03-24 10:06 . 2012-03-24 10:06 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-03-24 10:06 . 2012-03-24 10:06 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-03-24 10:06 . 2012-03-24 10:06 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-03-11 21:13 . 2011-01-06 16:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-03-11 21:13 . 2011-01-06 16:36 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-01-06 16:36 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-01-06 16:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2010-12-29 00:42 301224 ----a-w- c:\windows\system32\guard32.dll
2012-02-29 15:11 . 2012-04-12 01:19 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11 . 2012-04-12 01:19 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09 . 2012-04-12 01:19 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32 . 2012-04-12 01:19 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 01:18 . 2012-04-12 01:21 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 01:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 01:21 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 01:21 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-05 07:34 . 2012-04-27 15:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-06-24 12:58 . 2010-03-16 14:01 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-01-24 15:45 89008 ----a-w- c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2011-02-08 15:47 721288 ----a-w- c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 15:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll" [2011-01-24 89008]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 01:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4853760]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-07 858632]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-24 30192]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
"MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files\Brother\Brmfl07b\FAXRX.exe [2010-3-16 512000]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Sommario di OneNote.onetoc2 [2010-12-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-04 14:33]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-04 14:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?affID=110819&tl=gbn269661&babsrc=HP_ss&mntrId=224f03ad00000000000000234d53116b
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vz32&d=0310&m=extensa_5220
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:56847
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3776555D-C2EF-47A0-9E87-86793F9E47FE}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{BD91BB5B-420A-401C-AC86-54A99BF3BCA1}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\liyx39le.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tl=gbn269661
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 224f03ad00000000000000234d53116b
FF - user.js: extensions.BabylonToolbar_i.hardId - 224f03ad00000000000000234d53116b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-offerbox - c:\program files\OfferBox\OfferBox.exe
AddRemove-OfferBox - c:\program files\OfferBox\uninstaller.exe
AddRemove-PDF Creator - c:\program\uninstpw.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-13 15:17
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2012-05-13 15:28:04
ComboFix-quarantined-files.txt 2012-05-13 13:27
.
Pre-Run: 24.634.761.216 byte disponibili
Post-Run: 26.433.421.312 byte disponibili
.
- - End Of File - - 85DA7EE3784F338E60EE9FC29B7EF69A

Buongiorno r16,


ho provato piu volte a fare quello che mi ai descritto pero MI SUCEDE CHE QUANDO VADO AD APRIRE IL BLOCO NOTE ATTRAVERSO STRART-TUTTI I PROGRAMMI-ACCESSORI-BLOCCO NOTE VADO A FARE COPIA INCOLA DI TUTTO QUEL CODICE CHE MI AI MANDATO E LO SALVO CON IL NOME CFSscript.txt poi vado a spostare tutta la cartella sull'icona combofix e mi chiede di disattivare l'antivirus. Io lo disattivo pero in seguito mi esce una piccola finestra dove escono tante voci estrazioni,estrazioni, e cosi via ma in seguito non succede nient'altro.

cosa devo fare aspettare un bel po o devo fare l'operazione con l'antivirus attivo


grazie

Se lo hai salvato con il nome che hai scritto sopra, è errato.
CFScript con estensione .txt
Così è giusto.



Quale cartella...
Stiamo parlando di un file di testo.

Fai:
start\esegui\digita notepad.exe e clicca Ok
Si apre un foglio Block note sul desktop. Giusto?
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
NB:
Non copiare la parola Code.
Dopo averlo salvato con il nome CFScript.txt clicca in alto sulla X per chiuderlo.
Adesso trovi il file di testo sul desktop. Giusto?
Con il mouse, lo trascini sopra l'icona a forma di testa di leone che hai sul desktop, e aspetta che finisca.
Quando ha finito, se il pc non si riavvia da solo, lo riavvii tu.

Vedi se trovi il log seguendo questo percorso:
C:\ComboFix.txt

Fai attenzione a non confonderlo con il primo log.
Come funziona il pc?

il pc sembra che vada leggermente meglio perche prima si spegneva circa ogni mezz'ora ora invece si spegne ogni tanto tipo 1 volta ogni due tre giorni