Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

smart hdd virus e ... altro virus.... :-( Opzioni
kristeen
Inviato: Sunday, July 15, 2012 7:29:05 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
ciao ragazzi :-)

proprio ieri avevo trovato nel mio portatile un virus... all'inizio mi dava errori di avvio, errori nell'hard disk e mi aveva nascosto le icone del desktop (tranne il cestino e mozilla) e tutti i programmi nel menù avvio. mi era spuntata una finestra che diceva che se volevo ripulire tutto dovevo comprare il software.
ma io non avevo software da pagare in previsione... Not talking

ho cercato le guide per la rimozione (avevo creduto fosse un guasto.... ma ho letto che era un virus)

ho riavviato in modalità provvisoria con rete e non mi apriva avira per disattivarla. ho dovuto eliminare il programma dall'elenco applicazioni.

insomma ho scaricato da un altro pc:
-rkill
-malwarebytes anti malware
-roguekiller
-unhide non system files

rkill mi si bloccava per le finestrelle e quindi ho dotato il portatile di
-combofix

ho avviaton combofix, ho avviato rkill, poi mbam, poi unhide non system files, poi rogue killer.
ho notato da subito che la prevista cartella smtmp non spuntava... ma alla fine il pc era tornato normale...

non ho attualmente nessun antivirus attivo... ma mbam dà notifiche ogni tanto.

oggi la novità... finestrella!!!

messaggino: è stata tentata un'operazione non consentita su una chiave di registro di sistema segnata per l'eliminazione.

ripetutamente ogni volta che tentavo di aprire uyn programma.

bene, ho cercato la guida per questo ennesimo virus... ed ho trovato voi. ho ripetuto la trafila di ieri e....

sembra essere tutto regolare... ma di log io non me ne intendo... :-(

e non posso fare tutti i giorni questo percorso prima di potermi sentire libera di usare il pc...

ma da dove entrano tutti sti maledettissimi virus?? tutti a me?? :-(

aiutatemi....... vi prego.....


grazie.... Kristeen.
Sponsor
Inviato: Sunday, July 15, 2012 7:29:05 PM

 
shapiro
Inviato: Sunday, July 15, 2012 8:07:32 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao Kristeen

tanto per cominciare la domanda che ti sei fatta.....da dove entrano questi virus e' semplice: non hai un antivirus installato... ti consoglio di installarne uno quanto prima, puoi scaricare questo e' free ed e' uno dei migliori se non il migliore

per il resto ti pregherei di postare i log delle scansioni fatte con mbam e combofix, potrebbe esserci ancora qualche infezione da togliere

il log di combofix lo trovi in C:\ come COMBOFIX.TXT
kristeen
Inviato: Sunday, July 15, 2012 8:14:49 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
Ciao Shapiro, grazie mille...

il primo virus è entrato bellamente con avira attivo.... perciò non so... lo installo nuovamente... chissà :-(

ora faccio di nuovo le scansioni e posto i log ;-)

grazie :-)
kristeen
Inviato: Sunday, July 15, 2012 9:08:21 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
LOG COMBOFIX

ComboFix 12-07-14.01 - cristina 15/07/2012 20:24:15.6.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4028.2232 [GMT 2:00]
Eseguito da: c:\users\cristina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-15 al 2012-07-15 )))))))))))))))))))))))))))))))))))
.
.
2012-07-15 18:33 . 2012-07-15 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 18:23 . 2012-07-15 18:23 -------- d-----w- c:\users\cristina\AppData\Roaming\Avira
2012-07-15 18:17 . 2012-02-03 13:26 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-15 18:17 . 2012-02-03 13:26 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-15 18:17 . 2012-02-03 13:26 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-15 18:17 . 2012-07-15 18:17 -------- d-----w- c:\program files (x86)\Avira
2012-07-15 16:18 . 2012-07-15 16:18 388096 ----a-r- c:\users\cristina\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-15 16:18 . 2012-07-15 16:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-14 12:33 . 2012-07-14 12:33 -------- d-----w- c:\users\cristina\AppData\Roaming\Malwarebytes
2012-07-14 12:33 . 2012-07-14 12:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 12:33 . 2012-07-14 12:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 12:33 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 11:54 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 07:44 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 07:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-07-08 09:45 . 2012-07-08 09:45 -------- d-----w- c:\users\cristina\AppData\Local\WinZip
2012-07-08 09:45 . 2012-07-15 18:16 -------- d-----w- c:\programdata\WinZip
2012-07-05 14:34 . 2012-07-05 14:34 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-05 14:34 . 2012-07-05 14:34 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-02 18:46 . 2012-07-02 18:47 -------- d-----w- c:\users\cristina\AppData\Roaming\Magic Academy
2012-07-02 18:26 . 2012-07-02 18:26 -------- d-----w- c:\program files (x86)\Magic Academy
2012-06-25 15:51 . 2012-06-25 15:51 -------- d-----w- c:\users\cristina\AppData\Roaming\ImTOO
2012-06-25 15:51 . 2012-06-25 15:51 -------- d-----w- c:\programdata\ImTOO
2012-06-25 15:51 . 2012-06-25 15:51 -------- d-----w- c:\program files (x86)\ImTOO
2012-06-25 08:37 . 2012-05-29 15:19 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-06-25 08:37 . 2012-05-29 15:19 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-06-25 08:37 . 2012-05-29 15:19 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-06-25 08:36 . 2012-06-25 08:36 -------- d-----w- c:\users\cristina\AppData\Roaming\TuneUp Software
2012-06-25 08:36 . 2012-06-25 08:37 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-06-25 08:36 . 2012-06-25 08:37 -------- d-----w- c:\programdata\TuneUp Software
2012-06-25 08:36 . 2012-06-25 08:36 -------- d-s---w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-25 08:36 . 2012-06-25 08:36 -------- d-----w- c:\programdata\Common Files
2012-06-25 08:10 . 2012-06-25 08:10 -------- d-----w- c:\program files (x86)\ToniArts
2012-06-25 08:10 . 2012-06-25 08:10 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2012-06-25 08:05 . 2012-06-25 08:05 -------- d-----w- c:\program files (x86)\FinalWire
2012-06-25 08:00 . 2012-07-08 18:42 -------- d-----w- c:\program files (x86)\SpeedFan
2012-06-25 07:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-25 07:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-25 07:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-25 07:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-25 07:58 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-25 07:58 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-25 07:58 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-25 07:58 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-25 07:58 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 12:18 . 2012-06-22 12:18 -------- d-----w- c:\users\cristina\AppData\Local\Google
2012-06-22 12:17 . 2012-06-22 12:17 -------- d-----w- c:\program files (x86)\Google
2012-06-22 12:16 . 2012-06-22 12:16 -------- d-----w- c:\program files (x86)\GPS Tracker
2012-06-18 21:32 . 2012-06-18 21:32 -------- d-----w- c:\users\cristina\AppData\Roaming\FastStone
2012-06-18 21:32 . 2012-06-18 21:32 -------- d-----w- c:\users\cristina\AppData\Local\FastStone
2012-06-18 21:32 . 2012-06-18 21:32 -------- d-----w- c:\program files (x86)\FastStone Capture
2012-06-18 13:42 . 2012-07-13 10:53 -------- d-----w- c:\users\cristina\UNIVERSITA'
2012-06-16 12:53 . 2012-06-16 14:03 -------- d-----w- c:\users\cristina\shape collage's
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 12:37 . 2012-02-21 11:24 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-15 12:37 . 2012-02-21 11:24 34720 ----a-w- c:\windows\system32\LMIport.dll
2012-07-15 12:37 . 2012-02-21 11:24 80800 ----a-w- c:\windows\system32\LMIinit.dll
2012-06-03 18:15 . 2012-02-21 11:24 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2012-05-04 11:06 . 2012-06-12 20:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 20:48 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 20:48 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-28 05:32 . 2012-06-12 20:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-04-28 03:55 . 2012-06-12 20:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 20:48 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 20:48 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 20:48 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-02-20 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BS_Player\prxtbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files (x86)\BS_Player\prxtbBS_P.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-05 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-15 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\cristina\AppData\Roaming\Mozilla\Firefox\Profiles\5zaoidgb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-07-15 20:53:51
ComboFix-quarantined-files.txt 2012-07-15 18:53
ComboFix2.txt 2012-07-15 15:43
ComboFix3.txt 2012-07-15 15:09
ComboFix4.txt 2012-07-15 13:21
ComboFix5.txt 2012-07-15 18:23
.
Pre-Run: 151.753.355.264 byte disponibili
Post-Run: 151.705.317.376 byte disponibili
.
- - End Of File - - 0ED05CFB302DCADC70B3F50AA1616811
kristeen
Inviato: Sunday, July 15, 2012 9:10:30 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
hijack this:

for some reason your sysrtem denied write access to the Hosts file etc etc...

Think
kristeen
Inviato: Sunday, July 15, 2012 9:19:12 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
LOG DI HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:18:43, on 15/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8841 bytes
shapiro
Inviato: Sunday, July 15, 2012 9:30:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

riesegui hjt e metti la spunta accanto a questa voce poi premi fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559

aggiorna avira e fai una scansione completa, posta il log insieme a quello della scansione fatta con mbam
kristeen
Inviato: Sunday, July 15, 2012 9:38:02 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
shapiro ha scritto:

riesegui hjt e metti la spunta accanto a questa voce poi premi fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559

aggiorna avira e fai una scansione completa, posta il log insieme a quello della scansione fatta con mbam


primo scan fatto, aggiornato avira, fix checked sul percorso indicatomi, qui il log nuovo di hijack

appena termina combofix ti posto anche quello... GRAZIE :-)
kris

***************

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:36:28, on 15/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O4 - HKLM\..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8751 bytes
shapiro
Inviato: Sunday, July 15, 2012 9:40:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ricorda di postare il log di mbam e della scansione che farai con avira

a dopo
kristeen
Inviato: Sunday, July 15, 2012 9:44:21 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
LOG MBAM

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cristina :: CRISTINA-PC [amministratore]

Protezione: Attivata

15/07/2012 21:38:41
mbam-log-2012-07-15 (21-38-41).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 210825
Tempo impiegato: 2 minuti, 14 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
kristeen
Inviato: Sunday, July 15, 2012 9:47:44 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
non manda la scansione da avira :-(
cbbusto
Inviato: Sunday, July 15, 2012 10:49:14 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao Kris, la scansione con Malwarebytes la devi fare COMPLETA non veloce, riposta il nuovo log. Speak to the hand
kristeen
Inviato: Sunday, July 15, 2012 11:03:58 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
cbbusto ha scritto:
Ciao Kris, la scansione con Malwarebytes la devi fare COMPLETA non veloce, riposta il nuovo log. Speak to the hand


Ciao!

rimando subito ;-)

scusate :-(
kristeen
Inviato: Sunday, July 15, 2012 11:04:55 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
REPORT AVIRA SU C:



Avira Free Antivirus
Data del file di report: domenica 15 luglio 2012 21:55

Ricerca di 3873463 virus e programmi indesiderati.

Il programma funziona come versione completa e illimitata.
I servizi online sono disponibili.

Concesso in licenza a : Avira AntiVir Personal - Free Antivirus
Numero di serie : 0000149996-ADJIE-0000001
Piattaforma : Windows 7 x64
Versione di Windows : (Service Pack 1) [6.1.7601]
Modalità di avvio : Booting eseguito regolarmente
Nome utente : cristina
Nome computer : CRISTINA-PC

Informazioni sulla versione:
BUILD.DAT : 12.0.0.157 Bytes 03/02/2012 18:36:00
AVSCAN.EXE : 12.1.0.20 492496 Bytes 03/02/2012 13:26:25
AVSCAN.DLL : 12.1.0.18 63440 Bytes 03/02/2012 13:26:48
LUKE.DLL : 12.1.0.19 68304 Bytes 03/02/2012 13:26:33
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 15/07/2012 18:19:41
AVREG.DLL : 12.3.0.17 232200 Bytes 15/07/2012 18:19:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 17:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 22:26:32
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:26:43
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 18:18:52
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 18:19:04
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 18:19:13
VBASE006.VDF : 7.11.34.117 2048 Bytes 29/06/2012 18:19:14
VBASE007.VDF : 7.11.34.118 2048 Bytes 29/06/2012 18:19:14
VBASE008.VDF : 7.11.34.119 2048 Bytes 29/06/2012 18:19:14
VBASE009.VDF : 7.11.34.120 2048 Bytes 29/06/2012 18:19:14
VBASE010.VDF : 7.11.34.121 2048 Bytes 29/06/2012 18:19:14
VBASE011.VDF : 7.11.34.122 2048 Bytes 29/06/2012 18:19:14
VBASE012.VDF : 7.11.34.123 2048 Bytes 29/06/2012 18:19:14
VBASE013.VDF : 7.11.34.124 2048 Bytes 29/06/2012 18:19:14
VBASE014.VDF : 7.11.34.201 169472 Bytes 02/07/2012 18:19:15
VBASE015.VDF : 7.11.35.19 122368 Bytes 04/07/2012 18:19:16
VBASE016.VDF : 7.11.35.87 146944 Bytes 06/07/2012 18:19:17
VBASE017.VDF : 7.11.35.143 126464 Bytes 09/07/2012 18:19:17
VBASE018.VDF : 7.11.35.235 151552 Bytes 12/07/2012 18:19:18
VBASE019.VDF : 7.11.36.45 118784 Bytes 13/07/2012 18:19:19
VBASE020.VDF : 7.11.36.46 2048 Bytes 13/07/2012 18:19:19
VBASE021.VDF : 7.11.36.47 2048 Bytes 13/07/2012 18:19:19
VBASE022.VDF : 7.11.36.48 2048 Bytes 13/07/2012 18:19:19
VBASE023.VDF : 7.11.36.49 2048 Bytes 13/07/2012 18:19:19
VBASE024.VDF : 7.11.36.50 2048 Bytes 13/07/2012 18:19:19
VBASE025.VDF : 7.11.36.51 2048 Bytes 13/07/2012 18:19:20
VBASE026.VDF : 7.11.36.52 2048 Bytes 13/07/2012 18:19:20
VBASE027.VDF : 7.11.36.53 2048 Bytes 13/07/2012 18:19:20
VBASE028.VDF : 7.11.36.54 2048 Bytes 13/07/2012 18:19:20
VBASE029.VDF : 7.11.36.55 2048 Bytes 13/07/2012 18:19:20
VBASE030.VDF : 7.11.36.56 2048 Bytes 13/07/2012 18:19:20
VBASE031.VDF : 7.11.36.84 51200 Bytes 15/07/2012 18:19:21
Motore : 8.2.10.114
AEVDF.DLL : 8.1.2.10 102772 Bytes 15/07/2012 18:19:37
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 15/07/2012 18:19:36
AESCN.DLL : 8.1.8.2 131444 Bytes 15/07/2012 18:19:35
AESBX.DLL : 8.2.5.12 606578 Bytes 15/07/2012 18:19:38
AERDL.DLL : 8.1.9.15 639348 Bytes 20/01/2012 22:25:54
AEPACK.DLL : 8.3.0.14 807287 Bytes 15/07/2012 18:19:35
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 15/07/2012 18:19:33
AEHEUR.DLL : 8.1.4.72 5038455 Bytes 15/07/2012 18:19:32
AEHELP.DLL : 8.1.23.2 258422 Bytes 15/07/2012 18:19:25
AEGEN.DLL : 8.1.5.32 434548 Bytes 15/07/2012 18:19:24
AEEXP.DLL : 8.1.0.62 86389 Bytes 15/07/2012 18:19:39
AEEMU.DLL : 8.1.3.2 393587 Bytes 15/07/2012 18:19:23
AECORE.DLL : 8.1.27.2 201078 Bytes 15/07/2012 18:19:23
AEBB.DLL : 8.1.1.0 53618 Bytes 20/01/2012 22:25:50
AVWINLL.DLL : 12.1.0.17 27344 Bytes 03/02/2012 13:26:27
AVPREF.DLL : 12.1.0.17 51920 Bytes 03/02/2012 13:26:25
AVREP.DLL : 12.3.0.15 179208 Bytes 15/07/2012 18:19:40
AVARKT.DLL : 12.1.0.23 209360 Bytes 03/02/2012 13:26:23
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 03/02/2012 13:26:24
SQLITE3.DLL : 3.7.0.0 398288 Bytes 03/02/2012 13:26:37
AVSMTP.DLL : 12.1.0.17 62928 Bytes 03/02/2012 13:26:26
NETNT.DLL : 12.1.0.17 17104 Bytes 03/02/2012 13:26:34
RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20/01/2012 22:26:50
RCTEXT.DLL : 12.1.1.16 98768 Bytes 03/02/2012 13:26:49

Impostazioni di configurazione per la scansione attuale:
Nome del job................................: ShlExt
File di configurazione......................: C:\Users\cristina\AppData\Local\Temp\80cd3e73.avp
Report......................................: standard
Azione primaria.............................: interattivo
Azione secondaria...........................: ignora
Scansione dei record master di avvio........: Attivo
Scansiona record di avvio...................: Attivo
Record di avvio.............................: C:,
Scansione dei programmi attivi..............: Non attivo
Scansiona la registrazione..................: Non attivo
Cerca Rootkits..............................: Non attivo
Controllo di integrità dei file di sistema..: Non attivo
Modalità di scansione file..................: Tutti i file
Scansione degli archivi.....................: Attivo
Limita la profondità di ricorsione..........: 20
Archivio estensioni Smart...................: Attivo
Tipi di archivi irregolari..................: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, +Windows Imaging File (WIM),
Macro euristico.............................: Attivo
File euristico..............................: avanzato

Avvio della scansione: domenica 15 luglio 2012 21:55

Avvio della scansione del file selezionati:

Inizia con la scansione di 'C:\'
C:\CRACK\7Loader By Orbit30 & Hazar v1.2.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Swisyn.rgy

Avvio della disinfezione:
C:\CRACK\7Loader By Orbit30 & Hazar v1.2.exe
[RILEVAMENTO] Si tratta del cavallo di Troia TR/Swisyn.rgy
[NOTA] Il file è stato spostato in quarantena con il nome '55d09d79.qua'!


Fine della scansione: domenica 15 luglio 2012 23:03
Tempo impiegato: 1:03:20 Ora(e)

La scansione è stata completamente eseguita.

26648 Directory scansionate
528658 I file sono stati scansionati
1 Rilevati virus e/o programmi indesiderati
0 I file sono stati classificati come sospetti
0 I file sono stati eliminati
0 I virus o i programmi indesiderati sono stati riparati
1 File spostati in quarantena
0 File rinominati
0 Impossibile scansionare i file
528657 File non infetti
3966 Archivi scansionati
0 Avvisi
1 Note

shapiro
Inviato: Sunday, July 15, 2012 11:30:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
rimuovi combofix OTL (salvalo sul desktop)
http://oldtimer.geekstogo.com/OTL.exe
Lo apri e clicca su CleanUP

scarica CKScanner sul desktop

doppio clic sull'icona CKScanner.exe per lanciare il programma e quindi clic sul pulsante Search For Files.

Quando la scansione è terminata (- il cursore clessidra scompare quando la scansione è completata), clicca sulla lista pulsante Save to File.

verrà creata sul desktop --- > ckfiles.txt

clic sul pulsante Esci per chiudere il programma

Fai pulizia con ccleaner e controlla se hai ancora problemi

kristeen
Inviato: Sunday, July 15, 2012 11:42:36 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
shapiro ha scritto:
rimuovi combofix OTL (salvalo sul desktop)
http://oldtimer.geekstogo.com/OTL.exe
Lo apri e clicca su CleanUP

scarica CKScanner sul desktop

doppio clic sull'icona CKScanner.exe per lanciare il programma e quindi clic sul pulsante Search For Files.

Quando la scansione è terminata (- il cursore clessidra scompare quando la scansione è completata), clicca sulla lista pulsante Save to File.

verrà creata sul desktop --- > ckfiles.txt

clic sul pulsante Esci per chiudere il programma

Fai pulizia con ccleaner e controlla se hai ancora problemi



anche mentre va mbam? :-)
shapiro
Inviato: Sunday, July 15, 2012 11:53:18 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
anche mentre va mbam? :-)



no uno alla volta
kristeen
Inviato: Sunday, July 15, 2012 11:57:42 PM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
50 minuti di mbam e ancora non ha finito :-(
appena finisce posto il log e poi vi libero per oggi altrimenti qui tiriamo mattima...

per ora tutto stabile dopo quel fix di prima... ma anche ieri avevo risolto con lo smart hdd... speriamo bene..
kristeen
Inviato: Monday, July 16, 2012 12:08:45 AM
Rank: Member

Iscritto dal : 7/15/2012
Posts: 14
MBAM LOG (finalmenteee :-) )

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cristina :: CRISTINA-PC [amministratore]

Protezione: Attivata

15/07/2012 23:06:47
mbam-log-2012-07-15 (23-06-47).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 331406
Tempo impiegato: 1 ore, 54 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.