Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Adesso Anche io faccio parte della "banda" Opzioni
emmem18
Inviato: Monday, January 14, 2013 5:18:48 PM
Rank: Newbie

Iscritto dal : 1/14/2013
Posts: 2
Ciao buongiorno a tutti ; qualke giorno fa' ho avuto il grande onore di far parte della grande famiglia; quelli del Virus ex gurdia di finanza / polizia postale!
A me e' apparsa la schermata simil Polizia postale ! alla vista della richiesta di denaro , mi sono disconnessso ho staccato la spina del modem! e il pc ! al riavvio si e acceso "Apparentemente" come nulla fosse ! tanto che potevo e posso navigare! quindi mi sono buttato in rete alla ricerca di info e soluzioni per rimuovere il "TROJAN win32 fackGdF" questo l'ho imparato quasi a memoria , vi chiedo un 'aiuto! nonostante i tentativi fatti non sono riuscito a rimuoverlo!
Leggendo e scorrendo forum di SITI piu' o meno specializzati anche quello ufficiale di "WINDOWS"non ho trovato sufficenti garanzie di risoluzione totale Qui in questo sito mi ha colpito positivamente "PIDUE" quando ha aiutato a risolvere il problema di Jimmy 76
che aveva lo stesso problema Che ho io( FORUM del 14 gennaio 2012) !! nello specifico, per cercare di rimuovere il file contaminato sono andato sia in modalità provvisoria che in modalita' normale a cercare in "Esecuzione automatica" dentro "tutti i programmi" il virus da cancellare ma la mia cartella e' vuota ! Dopo tanti tentativi mi e' stato cosigliato da molti di scaricare e lanciare in modalita' provvisoria COMBOFIX ; fatto !! ha generato un "LOG" io lo posto nella speranza che "PIDUE" e molti di voi che nn parlano a vanvera e che hanno cognizione di causa, possano darmi una mano! vi ringrazio anticipatamente! Il log e' il seguente !!

ComboFix 13-01-08.01 - mauro 10/01/2013 21:55:26.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3835.3182 [GMT 1:00]
Eseguito da: c:\users\mauro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mauro\AppData\Roaming\OfferBox
c:\users\mauro\AppData\Roaming\OfferBox\config.xml
c:\users\mauro\AppData\Roaming\OfferBox\run.log
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-10 al 2013-01-10 )))))))))))))))))))))))))))))))))))
.
.
2013-01-10 21:15 . 2013-01-10 21:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-10 21:15 . 2013-01-10 21:15 -------- d-----w- c:\users\for kids\AppData\Local\temp
2013-01-10 21:15 . 2013-01-10 21:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 20:53 . 2013-01-10 20:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A66269D-487C-45EA-8FBB-A267132372B9}\offreg.dll
2013-01-10 01:18 . 2013-01-10 03:19 -------- d-----w- C:\QUARANTENA_VIRIT
2013-01-09 09:24 . 2013-01-09 09:24 -------- d-----w- c:\program files\CCleaner
2013-01-09 08:19 . 2012-12-07 11:20 30720 ----a-w- c:\windows\system32\usk.rs
2013-01-09 08:18 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 08:18 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 08:18 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 08:18 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 08:18 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 08:18 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 08:18 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 13:05 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A66269D-487C-45EA-8FBB-A267132372B9}\mpengine.dll
2013-01-06 17:02 . 2013-01-06 17:02 -------- dc-h--w- c:\programdata\{2ED6D467-FECD-432C-B623-1A99560B7B34}
2013-01-06 17:02 . 2013-01-06 17:08 60056 ----a-w- c:\windows\system32\drivers\VIAGLT64.SYS
2013-01-06 17:02 . 2013-01-10 20:36 -------- d-----w- C:\VEXPLite
2013-01-05 03:15 . 2013-01-05 03:24 -------- d-----w- c:\users\mauro\AppData\Local\Microsoft Games
2013-01-04 00:05 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-04 00:05 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-04 00:05 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-04 00:05 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-04 00:05 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-04 00:05 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-04 00:05 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-04 00:05 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-04 00:05 . 2013-01-04 00:05 -------- d-----w- c:\program files\AVAST Software
2013-01-03 17:51 . 2013-01-03 17:51 308200 ----a-w- c:\windows\system32\javaws.exe
2013-01-03 17:51 . 2013-01-03 17:51 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-03 17:51 . 2013-01-03 17:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-03 17:51 . 2013-01-03 17:51 188392 ----a-w- c:\windows\system32\javaw.exe
2013-01-03 17:51 . 2013-01-03 17:51 188392 ----a-w- c:\windows\system32\java.exe
2013-01-03 17:51 . 2013-01-03 17:51 -------- d-----w- c:\program files\Java
2013-01-03 17:13 . 2012-11-28 09:35 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-01 15:41 . 2013-01-03 16:22 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-01 09:05 . 2013-01-03 16:22 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-01-01 09:05 . 2013-01-01 09:05 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-12-30 15:28 . 2012-12-30 15:28 -------- d-----w- c:\users\mauro\AppData\Local\Programs
2012-12-30 15:25 . 2012-12-30 15:25 -------- d-----w- c:\users\mauro\AppData\Roaming\Malwarebytes
2012-12-30 15:24 . 2012-12-30 15:24 -------- d-----w- c:\programdata\Malwarebytes
2012-12-23 23:30 . 2013-01-03 16:22 -------- d-----w- c:\program files (x86)\PokerStars.IT
2012-12-21 17:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 17:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 17:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 17:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 02:50 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 02:50 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 02:50 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 02:50 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 17:57 . 2012-04-04 09:34 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 17:57 . 2011-12-17 17:40 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 08:23 . 2011-12-17 16:13 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-03 17:51 . 2010-07-17 11:00 959976 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 08:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-02 11:16 . 2012-11-02 11:16 60056 ----a-w- c:\windows\SysWow64\drivers\VIAGLT64.sys
2012-10-30 22:50 . 2011-12-15 00:09 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-28 13:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{373BCD12-5B7A-4c09-897B-6B42EC48B0F8}]
2013-01-06 17:08 101016 ----a-w- c:\vexplite\VIRITIE.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2013-01-06 335872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 netr28x;Driver wireless 802.11n Ralink per Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ONDA_MW823UP_cdc_acm;ONDA MW823UP CDC-ACM driver;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_acm.sys [2010-01-27 78336]
R3 ONDA_MW823UP_cdc_ecm;ONDA_MW823UP_cdc_ecm;c:\windows\system32\DRIVERS\ONDA_MW823UP_cdc_ecm.sys [2010-01-27 88576]
R3 ONDA_MW823UP_cpo;ONDA MW823UP Install;c:\windows\system32\DRIVERS\ONDA_MW823UP_cpo.sys [2010-01-27 13824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-30 203264]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
R4 PowerOffer Service;Pos Service;c:\users\mauro\AppData\Local\PosService\Pos.exe [2011-12-16 164352]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R4 ServUpdater;Serv Updater;c:\users\mauro\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
S0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIAGLT64.SYS [2013-01-06 60056]
S3 ONDA_MW823UP_dc_enum;ONDA MW823UP DC Enumerator;c:\windows\system32\DRIVERS\ONDA_MW823UP_dc_enum.sys [2010-01-27 75776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:57]
.
2013-01-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1006926792-397873870-2483535380-1000Core.job
- c:\users\mauro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-15 22:28]
.
2013-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1006926792-397873870-2483535380-1000UA.job
- c:\users\mauro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-15 22:28]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 00:09]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15 00:09]
.
2012-12-31 c:\windows\Tasks\HPCeeScheduleForMAURO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-01-05 c:\windows\Tasks\HPCeeScheduleFormauro.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files (x86)\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2913A28F-90F2-409C-B51E-A255D781368C}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{83B2A5ED-1D9A-4CEE-B8C9-9D26DCD0CB7F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{83B2A5ED-1D9A-4CEE-B8C9-9D26DCD0CB7F}\4594353414C494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{83B2A5ED-1D9A-4CEE-B8C9-9D26DCD0CB7F}\46C696E6B6: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{83B2A5ED-1D9A-4CEE-B8C9-9D26DCD0CB7F}\B6162796E61633030353: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{83B2A5ED-1D9A-4CEE-B8C9-9D26DCD0CB7F}\D4758383337696262616: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8A71FE35-C83F-440E-A8EF-C64984446B20}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{A87F6CE2-1F53-4572-8FFC-626BE0A16CFB}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C5D101BC-D547-4635-9489-74463D02559F}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\mauro\AppData\Roaming\Mozilla\Firefox\Profiles\1m205vjg.default\
FF - ExtSQL: 2013-01-03 17:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\mauro\AppData\Roaming\Mozilla\Firefox\Profiles\1m205vjg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-03 17:59; {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}; c:\users\mauro\AppData\Roaming\Mozilla\Firefox\Profiles\1m205vjg.default\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
FF - ExtSQL: 2013-01-04 01:05; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{fd6d0d57-f67f-4e2d-a5f7-0c4c2c820470} - (no file)
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-01-10 22:17:32
ComboFix-quarantined-files.txt 2013-01-10 21:17
.
Pre-Run: 426.595.655.680 byte disponibili
Post-Run: 426.498.469.888 byte disponibili
.
- - End Of File - - D8C1EE91DBCBECE51877B2304482F368
Sponsor
Inviato: Monday, January 14, 2013 5:18:48 PM

 
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.