Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus posto file log

Virus posto file log Opzioni
Topic Precedente · Topic Sucessivo
luciano999
Inviato: Sunday, October 21, 2012 5:36:11 PM

Rank: AiutAmico

Iscritto dal : 10/20/2010
Posts: 831
Ciao e ritornato il virus... gentilmente mi date una controllata al file log
ciao e grazie a tutti

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:20:34, on 21/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnalyzeRP.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\AnalyzeProduct\AS4\Kernel300\AnalyzeRP\AServices.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MediaBar - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - C:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\ToolBar\lpdtxmltbpi.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: UrlHelper Class - {EA35911C-1B6A-4AF3-B803-913BA025C271} - C:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: MediaBar - {9a95b751-bf3e-4ea8-a938-2d4d84cd4964} - C:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\ToolBar\lpdtxmltbpi.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files (x86)\3 Internet\3 Internet.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: AnalyzeRP.exe
O8 - Extra context menu item: Add to Local Website Archive - C:\Users\Luciano\AppData\Roaming\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Local Website Archive - {205B8A4B-A664-4D86-BBF7-C09464072B44} - C:\Program Files (x86)\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: (no name) - {32BCE889-1723-4BC9-A81B-27CFBC34A15C} - C:\Program Files (x86)\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {32BCE889-1723-4BC9-A81B-27CFBC34A15C} - C:\Program Files (x86)\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Start Local Website Archive - {81558020-02B7-4088-B207-88CBC1066485} - C:\Program Files (x86)\Local Website Archive\wsarc.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\datamngr.dll c:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11638 bytes


COMBOFIX

ComboFix 12-09-30.01 - Luciano 30/09/2012 22:57:03.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2480 [GMT 2:00]
Running from: c:\users\Luciano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01KI92CD\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\cc.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 21:03 . 2012-09-30 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-30 01:48 . 2012-09-30 01:48 -------- d-----w- c:\program files\Google
2012-09-30 01:48 . 2012-09-30 01:49 -------- d-----w- c:\programdata\Google Updater
2012-09-30 01:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-30 01:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-30 01:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-30 01:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-30 01:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-30 01:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-30 01:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-30 00:49 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-09-30 00:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-09-30 00:46 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-09-30 00:46 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-09-30 00:46 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-09-30 00:46 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-09-30 00:46 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-09-30 00:46 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-09-30 00:43 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-30 00:43 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-30 00:43 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-30 00:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 00:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-30 00:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-30 00:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-29 23:54 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F60E2F47-FEA4-4106-BC5D-75E79FC3B79D}\mpengine.dll
2012-09-29 23:22 . 2012-09-30 01:29 -------- d-----w- c:\users\Luciano\AppData\Local\Deployment
2012-09-29 23:22 . 2012-09-29 23:22 -------- d-----w- c:\users\Luciano\AppData\Local\Apps
2012-09-23 02:44 . 2012-09-23 02:44 -------- d-----w- c:\program files (x86)\wxDownload Fast
2012-09-23 02:44 . 2012-09-23 02:44 -------- d-----w- c:\program files (x86)\SProtector
2012-09-23 02:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-23 02:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-23 02:37 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-23 02:37 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-23 02:37 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-23 02:37 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-23 02:37 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-23 02:37 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-23 02:37 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-23 02:34 . 2012-09-23 02:34 -------- d-----w- c:\users\Luciano\AppData\Roaming\ExpressFiles
2012-09-19 16:36 . 2012-09-19 16:36 -------- d-----w- c:\users\Luciano\AppData\Local\Canon Easy-PhotoPrint EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 22:43 . 2011-02-18 20:39 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 09:13 . 2011-05-22 22:03 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-09 19:51 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-09 19:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-05-11 09:49 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2011-01-09 19:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-09 19:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-09 19:51 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-09 19:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-01-15 03:25 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}]
2011-05-30 14:44 87488 ----a-w- c:\progra~2\LPHANT~2\MediaBar\Datamngr\ToolBar\lpdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA35911C-1B6A-4AF3-B803-913BA025C271}]
2011-08-09 13:13 1235352 ----a-w- c:\progra~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}"= "c:\progra~2\LPHANT~2\MediaBar\Datamngr\ToolBar\lpdtxmltbpi.dll" [2011-05-30 87488]
.
[HKEY_CLASSES_ROOT\clsid\{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Mobile Partner"="c:\program files (x86)\3 Internet\3 Internet.exe" [2011-01-09 110592]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 592616]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-01 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AnalyzeRP.exe [2010-12-8 419723]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\LPHANT~2\MediaBar\Datamngr\datamngr.dll c:\progra~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2010-09-02 119680]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2010-09-02 135168]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2010-09-02 119680]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2010-09-02 119680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-04-05 341296]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\GBoxUpdaterTask{890E9C0E-E1BE-4832-B1F4-89B1CA3A0DF7}.job
- c:\programdata\Premium\GBox\GBox.exe [2012-09-23 12:31]
.
2012-09-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-30 01:48]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 01:23]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 01:23]
.
2012-09-30 c:\windows\Tasks\WxDFastUpdaterTask{CDFEF98B-F92A-4D27-B9AD-2F65B54D9EDC}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-23 12:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\LPHANT~2\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\LPHANT~2\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Local Website Archive - c:\users\Luciano\AppData\Roaming\aignes\Local Website Archive\config\iearc.htm
IE: Crawler Search
IE: Download with &Media Finder
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{AE509428-C72C-42BF-8477-9223D0421CD5}: NameServer = 62.13.173.92 62.13.173.93
FF - ProfilePath - c:\users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\nai463kg.default\
FF - prefs.js: browser.search.selectedEngine - GadgetBox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-30 23:07:46
ComboFix-quarantined-files.txt 2012-09-30 21:07
.
Pre-Run: 40.850.939.904 byte disponibili
Post-Run: 43.106.557.952 byte disponibili
.
- - End Of File - - 6BA88658467075A707230F8A9ACD5A19
Torna in alto
 
Sponsor
Inviato: Sunday, October 21, 2012 5:36:11 PM

 
Torna in alto
 
r16
Inviato: Sunday, October 21, 2012 7:59:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Torna in alto
 
shapiro
Inviato: Tuesday, October 23, 2012 9:39:31 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164



FAI QUELLO CHE R16 TI HA CONSIGLIATO
Torna in alto
 
luciano999
Inviato: Thursday, October 25, 2012 4:11:13 AM

Rank: AiutAmico

Iscritto dal : 10/20/2010
Posts: 831
# AdwCleaner v2.005 - Logfile created 10/25/2012 at 04:04:12
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Luciano - LUCIANO-PC
# Boot Mode : Normal
# Running from : C:\Users\Luciano\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Premium
Folder Deleted : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\nai463kg.default\extensions\staged

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\datamngr.dll c:\PROGRA~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v6.0.1 (it)

Profile name : default
File : C:\Users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\nai463kg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Luciano\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://www.google.it/", "hxxp://search.gboxapp.com/", "hxxps://www.facebook.com/?ref=tn_tnmn", "hxxps://www.google.com/dashboard/" ]
Deleted [l.2258] : urls_to_restore_on_startup = [ "hxxp://www.google.it/", "hxxp://search.gboxapp.com/", "hxxps://www.facebook.com/?ref=tn_tnmn", "hxxps://www.google.com/dashboard/" ]

*************************

AdwCleaner[R1].txt - [61682 octets] - [30/09/2012 22:41:30]
AdwCleaner[S1].txt - [63044 octets] - [30/09/2012 22:42:11]
AdwCleaner[S2].txt - [2139 octets] - [25/10/2012 04:04:12]

########## EOF - C:\AdwCleaner[S2].txt - [2199 octets] ##########

La volta precedente non riuscivo avviarlo adwclenner,
gia eseguito altre volte le scansioni, ma sembra che il virus mi ritorna
posto link precedente topic
http://forum.aiutamici.com/yaf_postst86460_file-log.aspx
ciao e grazie
Torna in alto
 
r16
Inviato: Saturday, October 27, 2012 5:26:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
Code:
KillAll::
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA35911C-1B6A-4AF3-B803-913BA025C271}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}"=-
[-HKEY_CLASSES_ROOT\clsid\{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=""
"AppInit_DLLs"=""


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
luciano999
Inviato: Sunday, October 28, 2012 12:22:22 PM

Rank: AiutAmico

Iscritto dal : 10/20/2010
Posts: 831
Ciao alla fine della scansione ha riavviato il pc, e mi ha restituito il log,
mi e ritornato il menu windows in inglese, che riprovero reinstallare,
mi sono spariti tutti i collegamenti che avevo sulla barra




ComboFix 12-10-26.05 - Luciano 28/10/2012 10:44:34.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2628 [GMT 1:00]
Running from: c:\users\Luciano\Desktop\ComboFix.exe
Command switches used :: c:\users\Luciano\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\cc.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-28 )))))))))))))))))))))))))))))))
.
.
2012-10-28 09:54 . 2012-10-28 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 00:14 . 2012-10-25 00:14 -------- d-----w- C:\eLearn
2012-09-30 01:48 . 2012-09-30 01:48 -------- d-----w- c:\program files\Google
2012-09-30 01:48 . 2012-09-30 01:49 -------- d-----w- c:\programdata\Google Updater
2012-09-30 01:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-30 01:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-30 01:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-30 01:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-30 01:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-30 01:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-30 01:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-30 00:49 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-09-30 00:49 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-09-30 00:46 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-09-30 00:46 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-09-30 00:46 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-09-30 00:46 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-09-30 00:46 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-09-30 00:46 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-09-30 00:43 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-30 00:43 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-30 00:43 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-09-30 00:43 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-09-30 00:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-30 00:41 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-30 00:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-29 23:54 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F60E2F47-FEA4-4106-BC5D-75E79FC3B79D}\mpengine.dll
2012-09-29 23:22 . 2012-09-30 01:29 -------- d-----w- c:\users\Luciano\AppData\Local\Deployment
2012-09-29 23:22 . 2012-09-29 23:22 -------- d-----w- c:\users\Luciano\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 22:43 . 2011-02-18 20:39 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 09:13 . 2011-05-22 22:03 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-01-09 19:51 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-01-09 19:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-05-11 09:49 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2011-01-09 19:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-01-09 19:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-01-09 19:51 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-01-09 19:51 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-01-15 03:25 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9a95b751-bf3e-4ea8-a938-2d4d84cd4964}]
2011-05-30 14:44 87488 ----a-w- c:\progra~2\LPHANT~2\MediaBar\Datamngr\ToolBar\lpdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA35911C-1B6A-4AF3-B803-913BA025C271}]
2011-08-09 13:13 1235352 ----a-w- c:\progra~2\LPHANT~2\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Mobile Partner"="c:\program files (x86)\3 Internet\3 Internet.exe" [2011-01-09 110592]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-01-12 592616]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-01 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AnalyzeRP.exe [2010-12-8 419723]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-12-07 246224]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 114304]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [2010-09-02 119680]
R3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys [2010-09-02 135168]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys [2010-09-02 119680]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys [2010-09-02 119680]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-04-05 341296]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-09-28 301024]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-28 c:\windows\Tasks\GBoxUpdaterTask{890E9C0E-E1BE-4832-B1F4-89B1CA3A0DF7}.job
- c:\programdata\Premium\GBox\GBox.exe [2012-09-23 12:31]
.
2012-10-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-30 01:48]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 01:23]
.
2012-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 01:23]
.
2012-10-28 c:\windows\Tasks\ReclaimerResumeInstall_Luciano.job
- c:\users\Luciano\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-28 09:30]
.
2012-10-28 c:\windows\Tasks\WxDFastUpdaterTask{CDFEF98B-F92A-4D27-B9AD-2F65B54D9EDC}.job
- c:\programdata\Premium\WxDFast\WxDFast.exe [2012-09-23 12:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\LPHANT~2\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\LPHANT~2\MediaBar\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Local Website Archive - c:\users\Luciano\AppData\Roaming\aignes\Local Website Archive\config\iearc.htm
IE: Crawler Search
IE: Download with &Media Finder
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Luciano\AppData\Roaming\Mozilla\Firefox\Profiles\nai463kg.default\
FF - prefs.js: browser.search.selectedEngine - GadgetBox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AnalyzeRP.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\analyzeproduct\AS4\Kernel300\AnalyzeRP\AServices.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2012-10-28 11:13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-28 10:13
.
Pre-Run: 42.207.465.472 byte disponibili
Post-Run: 41.986.682.880 byte disponibili
.
- - End Of File - - B0EB4BEDAB95525CA7487A7F6EA8DE65
Torna in alto
 
r16
Inviato: Sunday, October 28, 2012 2:09:56 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
mi e ritornato il menu windows in inglese, che riprovero reinstallare,

Non è necessario.
Combofix prima delle eliminazioni ha creato un punto di ripristino.
Fra l'altro non sono state nemmeno eliminate, le voci che volevo eliminare. (si sono rigenerate per la seconda volta)
Tale comportamento di solito si verifica con S.O non originali.
Ma forse non è il tuo caso.
Torna in alto
 
luciano999
Inviato: Monday, October 29, 2012 11:34:15 PM

Rank: AiutAmico

Iscritto dal : 10/20/2010
Posts: 831
A questo punto che fare ???
FORMAT C:
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virus posto file log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.