Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer bloccato..avviso polizia di stato. allego Log di Combofix

2 pages: [1] 2
computer bloccato..avviso polizia di stato. allego Log di Combofix Opzioni
Topic Precedente · Topic Sucessivo
farenzi
Inviato: Saturday, July 14, 2012 4:33:57 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Buongiorno a tutti..ho letto in alcuni post di questo virus in cui sono incappato..ho il computer bloccato e un avviso della polizia..ho fatto una scansione con combofix di cui allego il Log finale..cosa debbo fare? Grazie

ComboFix 12-07-13.03 - utente 14/07/2012 16.09.21.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1598 [GMT 2:00]
Eseguito da: c:\users\utente\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\avg_free_stf_eu_85_287a1483.exe
c:\windows\hide.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-14 al 2012-07-14 )))))))))))))))))))))))))))))))))))
.
.
2012-07-14 14:14 . 2012-07-14 14:14 -------- d-----w- c:\users\utente\AppData\Local\temp
2012-07-14 14:14 . 2012-07-14 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 13:16 . 2012-07-14 13:32 -------- d-----w- c:\program files\stinger
2012-07-13 17:23 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423594A1-0D0A-411D-9BCE-7D7A495A1F1C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-26 09:20 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-26 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Skytel"="Skytel.exe" [2007-09-04 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-18 2042208]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-26 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-26 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - ECACHE
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{04B8337E-5412-4C23-B45C-D8ACF95CFFFA}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 16:14
Windows 6.0.6001 Service Pack 1 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asibisag]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nabqra]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbztsu]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-07-14 16:16:34
ComboFix-quarantined-files.txt 2012-07-14 14:16
.
Pre-Run: 21.512.224.768 byte disponibili
Post-Run: 21.542.436.864 byte disponibili
.
- - End Of File - - 9E5FBC7D71A41ABFD62BB79DCA73261A
Torna in alto
 
Sponsor
Inviato: Saturday, July 14, 2012 4:33:57 PM

 
Torna in alto
 
r16
Inviato: Saturday, July 14, 2012 6:46:27 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Da "Programmi e funzionalità" disistalla AVG. (versione vecchia di qualche anno)

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223


Apri un file di testo con il Block Note all'interno della cartella Downloads. (dove hai Combofix, con l'icona a forma di testa di leone)

Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt (non copiare la parola code )


Code:
KillAll::

File::
c:\users\utente\AppData\Roaming\hhsjerq.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asibisag]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nabqra]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbztsu]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


e trascinalo sull'icona di ComboFix. (quella a forma di testa di leone)
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

N.B:
Se viene visualizzato il seguente errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione,
sarà necessario riavviare il computer che di norma risolve questo problema.


Seguiranno istruzioni per l'installazione di un antivirus.
NB:
Ovviamente sconsiglio di navigare in rete, finchè non sarà finita la bonifica.
Limitati a entrare in questo sito.
Torna in alto
 
farenzi
Inviato: Saturday, July 14, 2012 10:01:45 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Grazie..provvedo e riposto il tutto..
Torna in alto
 
farenzi
Inviato: Saturday, July 14, 2012 11:01:33 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Posto il nuovo Log di Combofix:

ComboFix 12-07-13.03 - utente 14/07/2012 22.29.33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1200 [GMT 2:00]
Eseguito da: c:\users\utente\Downloads\ComboFix.exe
Opzioni usate :: c:\users\utente\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\utente\AppData\Roaming\hhsjerq.dll"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-14 al 2012-07-14 )))))))))))))))))))))))))))))))))))
.
.
2012-07-14 20:35 . 2012-07-14 20:37 -------- d-----w- c:\users\utente\AppData\Local\temp
2012-07-14 20:35 . 2012-07-14 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Default\AppData\Roaming\Intel
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\utente\Roaming
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Public\Roaming
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Default\Roaming
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\windows\LastGood.Tmp
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\program files\Cisco
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\program files\Common Files\Intel
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\programdata\Intel
2012-07-14 13:16 . 2012-07-14 13:32 -------- d-----w- c:\program files\stinger
2012-07-13 17:23 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423594A1-0D0A-411D-9BCE-7D7A495A1F1C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Acer Tour Reminder"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Skytel"="Skytel.exe" [2007-09-04 1826816]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-14 c:\windows\Tasks\User_Feed_Synchronization-{04B8337E-5412-4C23-B45C-D8ACF95CFFFA}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-14 22:38
Windows 6.0.6001 Service Pack 1 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asibisag]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nabqra]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbztsu]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(3072)
c:\windows\system32\ieframe.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WLANExt.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\windows\system32\SupportAppXL\cdrom_mon.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-14 22:42:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-14 20:42
ComboFix2.txt 2012-07-14 14:16
.
Pre-Run: 20.014.395.392 byte disponibili
Post-Run: 19.906.170.880 byte disponibili
.
- - End Of File - - EFFA535CC8D1595FA0DC78F71D17A2D5
Torna in alto
 
shapiro
Inviato: Saturday, July 14, 2012 11:38:22 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

l'infezione non e' stata eliminata

lo script deve essere eseguito dal desktop, attendi le istruzioni che ti dara' r16


ComboFix 12-07-13.03 - utente 14/07/2012 22.29.33.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1200 [GMT 2:00]
Eseguito da: c:\users\utente\Downloads\ComboFix.exe
Opzioni usate :: c:\users\utente\Downloads\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Torna in alto
 
r16
Inviato: Sunday, July 15, 2012 2:09:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Clicca su Cleanup.

Di disistallerà correttamente sia Combofix che lo stesso OTL.

Ti chiedrà di riavviare il pc: acconsenti.

Riscarica Combofix: (sul DESKTOP per favore)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Fai la scansione.
Finita la scansione, se il pc non si riavvia da solo, riavvialo tu.

Al riavvio:
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\users\utente\AppData\Roaming\hhsjerq.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asibisag]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nabqra]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbztsu]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]


e trascinalo sull'icona di ComboFix. (quella a forma di testa di leone)
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix

N.B:
Se viene visualizzato il seguente errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione,
sarà necessario riavviare il computer che di norma risolve questo problema.
Torna in alto
 
farenzi
Inviato: Sunday, July 15, 2012 4:38:45 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Grazie..ho rifatto tutta la procedura..ecco il Log finale:

ComboFix 12-07-14.01 - utente 15/07/2012 16.19.08.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.2046.1124 [GMT 2:00]
Eseguito da: c:\users\utente\Desktop\ComboFix.exe
Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\utente\AppData\Roaming\hhsjerq.dll"
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-15 al 2012-07-15 )))))))))))))))))))))))))))))))))))
.
.
2012-07-15 14:24 . 2012-07-15 14:25 -------- d-----w- c:\users\utente\AppData\Local\temp
2012-07-15 14:24 . 2012-07-15 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Default\AppData\Roaming\Intel
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\utente\Roaming
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Public\Roaming
2012-07-14 19:53 . 2012-07-14 19:53 -------- d-----w- c:\users\Default\Roaming
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\program files\Cisco
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\program files\Common Files\Intel
2012-07-14 19:52 . 2012-07-14 19:52 -------- d-----w- c:\programdata\Intel
2012-07-14 13:16 . 2012-07-14 13:32 -------- d-----w- c:\program files\stinger
2012-07-13 17:23 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{423594A1-0D0A-411D-9BCE-7D7A495A1F1C}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Acer Tour Reminder"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"NSLauncher"="c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-03-07 2957312]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-15 c:\windows\Tasks\User_Feed_Synchronization-{04B8337E-5412-4C23-B45C-D8ACF95CFFFA}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://it.intl.acer.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-15 16:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\asibisag]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nabqra]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbztsu]
"ServiceDll"="c:\users\utente\AppData\Roaming\hhsjerq.dll"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\WLANExt.exe
c:\acer\ALaunch\ALaunchSvc.exe
c:\windows\system32\SupportAppXL\cdrom_mon.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-15 16:30:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-15 14:30
ComboFix2.txt 2012-07-15 14:07
.
Pre-Run: 20.570.300.416 byte disponibili
Post-Run: 20.535.369.728 byte disponibili
.
- - End Of File - - FF7DDC53C1D000A1659175B06B9E697F
Torna in alto
 
r16
Inviato: Sunday, July 15, 2012 4:47:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non ha funzionato lo stesso.

Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.



Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.

Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
Torna in alto
 
shapiro
Inviato: Sunday, July 15, 2012 5:18:04 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao r16 non ha funzionato perche' lo ha salvato con doppia estensione

Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt
Torna in alto
 
r16
Inviato: Sunday, July 15, 2012 5:22:47 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
shapiro ha scritto:

ciao r16 non ha funzionato perche' lo ha salvato con doppia estensione

Opzioni usate :: c:\users\utente\Desktop\CFScript.txt.txt

No no Shap.
Doveva funzionare anche con le indicazioni del mio primo post.
Nel secondo, ha funzionato solo in parte.
Ha sistemato solo le chiavi bloccate. (ma le infezioni non le ha toccate)
Ho avuto un'altro paio di volte questo problema.
E sempre con Vista.
Torna in alto
 
pepper61
Inviato: Sunday, July 15, 2012 7:09:48 PM

Rank: AiutAmico

Iscritto dal : 4/15/2007
Posts: 250
Buona sra,scusate se mi intrometto,io ho risolto con combofix in modalità provvisoria e non sto più avendo problemi
Torna in alto
 
r16
Inviato: Sunday, July 15, 2012 8:55:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
pepper61 ha scritto:
Buona sra,scusate se mi intrometto,io ho risolto con combofix in modalità provvisoria e non sto più avendo problemi

E allora?Think
Torna in alto
 
maopapof
Inviato: Monday, July 16, 2012 12:04:32 AM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
un saluto a tutti e scusatemi se mi intrometto anche perchè di siti porno me ne intendo ;O)))))

avvia in modalità provvisoria F8

start ... esegui .... msconfig .... avvio e togli la spunta su una voce dove compare O_o o cosa simile spegni e riaccendi sempre in modalità provvisoria fai una sansione con malware .... o con combofix in modalità normale

ricordati .... opzioni predefinite di internet e poi la pagina predefinita .....

saluti :O)
Torna in alto
 
simo95
Inviato: Monday, July 16, 2012 4:19:34 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Scusate l'intromissione.

Ciao r16, se hai due minuti ti ho lasciato un messaggio privato, grazie.

Buon lavoro.
Torna in alto
 
r16
Inviato: Monday, July 16, 2012 6:36:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
simo95 ha scritto:
Scusate l'intromissione.
Ciao r16, se hai due minuti ti ho lasciato un messaggio privato, grazie.
Buon lavoro.

Ciao giovane.Angel
Non ti piacerà la risposta.
Ma ti ho risposto.
Torna in alto
 
farenzi
Inviato: Tuesday, July 17, 2012 12:29:41 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Scusate l'assenza e gli errori commessi..allora riposto qui i link ricavati dalla procedura con wikisend..spero vadano bene,grazie ancora



Extras.Txt

OTL.Txt
Torna in alto
 
r16
Inviato: Tuesday, July 17, 2012 6:39:59 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:Services
:OTL
SRV - (wbztsu) -- C:\Users\utente\AppData\Roaming\hhsjerq.dll File not found
SRV - (nabqra) -- C:\Users\utente\AppData\Roaming\hhsjerq.dll File not found
SRV - (asibisag) -- C:\Users\utente\AppData\Roaming\hhsjerq.dll File not found
IE - HKU\S-1-5-21-2108796109-799829849-1612337803-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
:commands
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Il pc si riavvierà da solo.
Posta il log
Torna in alto
 
farenzi
Inviato: Tuesday, July 17, 2012 10:46:01 PM
Rank: Member

Iscritto dal : 10/31/2004
Posts: 13
Grazie r16 però ho fatto la procedura..avviato OTL e tutto il resto..solo che non si avvia nessuna scansione e non produce nessun Log finale..appare solo un messaggio per far riavviare il computer cliccando su ok..
penso che se formatto il tutto faccio prima..
Grazie ancora per la pazienza
Torna in alto
 
qwerty
Inviato: Friday, July 20, 2012 8:35:54 AM
Rank: Member

Iscritto dal : 5/25/2001
Posts: 2
Ciao Ragazzi, anche io ho contratto il virus della Polizia di stato, utilizzando ComboFix ed attendendo tutta la procedura al nuovo riavvio sembra che sia tutto OK ... (nel senso non mi compare + la schermata di blocco) ma posso fidarmi ? Siamo sicuri che non ci sia qualcosa dormiente o qualche altra cosa che possa carpire i miei dati sensibili ?
Vi allego il Log in modo da capire se realmente ci sono ulteriori minacce :

ComboFix 12-07-19.02 - EZIO1 20/07/2012 0:28.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4023.2938 [GMT 2:00]
Eseguito da: c:\users\EZIO1\Desktop\abc.exe
Opzioni usate :: /killall
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\CB588B2647.sys
c:\users\EZIO1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
c:\windows\vspc1000.exe
c:\windows\vspc1300.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-20 al 2012-07-20 )))))))))))))))))))))))))))))))))))
.
.
2012-07-19 22:37 . 2012-07-19 22:37 -------- d-----w- c:\users\Simona\AppData\Local\temp
2012-07-19 22:37 . 2012-07-19 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 22:06 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F295BE2C-98D6-4F38-A07B-52F4855A5032}\mpengine.dll
2012-07-19 21:25 . 2012-07-19 21:25 -------- d-----w- c:\users\Salvo\AppData\Local\IomegaStorageManager
2012-07-15 16:12 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 16:03 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-15 16:03 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-15 16:03 . 2012-06-02 12:52 174200 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-15 16:03 . 2012-06-02 12:04 237056 ----a-w- c:\windows\system32\url.dll
2012-07-15 16:03 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-15 16:03 . 2012-06-02 09:08 140920 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-07-15 16:03 . 2012-06-02 08:22 194560 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2012-07-15 16:00 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-29 12:47 . 2012-06-29 12:47 -------- d-----w- c:\users\EZIO1\AppData\Roaming\skypePM
2012-06-27 22:12 . 2012-06-27 22:12 -------- d-----w- c:\windows\it
2012-06-27 22:07 . 2012-03-08 16:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-27 22:07 . 2012-06-27 22:07 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-27 22:04 . 2012-06-27 22:04 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-27 22:03 . 2012-06-27 22:03 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a29638df1cd54b00d\bingbarsetup.exe
2012-06-27 22:02 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-27 22:02 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-27 22:02 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-27 22:02 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-27 22:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-27 22:02 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-27 22:02 . 2012-06-27 22:02 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8f622f611cd54b00b\MeshBetaRemover.exe
2012-06-27 22:02 . 2012-06-27 22:02 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aa550a41cd54b00a\DXSETUP.exe
2012-06-27 22:02 . 2012-06-27 22:02 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aa550a41cd54b00a\dsetup32.dll
2012-06-27 22:02 . 2012-06-27 22:02 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8aa550a41cd54b00a\DSETUP.dll
2012-06-27 22:02 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-27 21:57 . 2012-06-27 21:57 -------- d-----w- c:\users\EZIO1\AppData\Local\Windows Live
2012-06-27 21:56 . 2012-06-27 21:56 -------- d-----w- c:\users\EZIO1\Tracing
2012-06-24 13:24 . 2012-06-24 13:24 -------- d-----w- c:\users\EZIO1\AppData\Local\IomegaStorageManager
2012-06-24 13:24 . 2012-06-24 13:24 -------- d-----w- c:\program files\Iomega
2012-06-24 13:23 . 2012-06-24 13:23 -------- d-----w- c:\programdata\twonkyserver
2012-06-24 13:22 . 2012-06-24 13:24 -------- d-----w- c:\program files (x86)\Iomega Storage Manager
2012-06-24 10:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 10:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 10:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 10:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 10:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-24 10:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 10:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 10:45 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 10:45 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 22:04 . 2010-09-08 19:18 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-14 14:03 . 2010-09-13 19:33 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2012-07-03 16:21 . 2012-02-26 16:08 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-03-16 18:14 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-09-08 19:26 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-09-08 19:26 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-09-08 19:26 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-09-08 19:26 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-09-08 19:25 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-09-08 19:25 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-21 19:22 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-17 18:08 . 2012-04-05 16:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 18:08 . 2011-05-21 16:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 10:25 . 2010-02-05 05:00 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-11 05:20 . 2011-01-20 20:17 20048 ----a-w- c:\windows\system32\drivers\vNICdrv.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-05 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\EZIO1\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-11-25 469536]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-10-19 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\EZIO1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
Facebook Messenger.lnk - c:\users\EZIO1\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe [2012-7-6 217536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Iomega Storage Manager.lnk - c:\program files (x86)\Iomega Storage Manager\IomegaStorageManager.exe [2012-5-11 2295376]
Twonky Tray Control.lnk - c:\program files (x86)\TwonkyMedia\twonkymediaserverconfig.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-10-27 95928]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 20552]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 135664]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-09 82816]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-10-27 203320]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vNICdrv;Iomega Virtual Miniport;c:\windows\system32\DRIVERS\vNICdrv.sys [2012-05-11 20048]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/09/08 23:18];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-04-02 07:11 146928]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/09/08 20:41];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-12-22 17:11 146928]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-18 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-19 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-11-17 255744]
S2 PCloudd;PCloudd;c:\program files (x86)\Iomega Storage Manager\pCloudd.exe [2012-05-11 213504]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
S3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\DRIVERS\spc1000.sys [2007-12-04 3249024]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1008Core.job
- c:\users\EZIO1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 20:39]
.
2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1008UA.job
- c:\users\EZIO1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 20:39]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 19:19]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 19:19]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1001Core.job
- c:\users\Simona\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 19:19]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1001UA.job
- c:\users\Simona\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-13 19:19]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1005Core.job
- c:\users\Salvo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 16:24]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1005UA.job
- c:\users\Salvo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 16:24]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1008Core.job
- c:\users\EZIO1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 16:30]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436970907-2420890953-1754088570-1008UA.job
- c:\users\EZIO1\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-12 16:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_m3870&r=173609100706pe475v105w45i1v356
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-spc1000 - c:\windows\vspc1000.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Ora fine scansione: 2012-07-20 06:33:35 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-20 04:33
.
Pre-Run: 75.925.508.096 byte disponibili
Post-Run: 78.578.352.128 byte disponibili
.
- - End Of File - - 29CC4AD0B233D5351F0F83F7ACE98512

Ciao e Grazie in anticipo a chi risponderà !!!!
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » computer bloccato..avviso polizia di stato. allego Log di Combofix


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.