www.MegaLab.it

[Lele.1990]

Ciao ragazzi,innanzitutto buon ferragosto a tutti, come da titolo ho un problema con il servizio Centro sisurezza Pc Windows. Non so perché ma da qualche giorno mi dice che è disabilitato e non riesco ad abilitarlo. Come mai? é un problema grave?

Ho Avira 2012 free e Malwarebytes Anti-Malware free

Sistema operativo Windows 7 ultimate 32 bit

[Al3x]

non è una cosa buona, la disabilitazione è quasi sempre provocata da malware. In attesa che i cacciatori di virus ti diano una mano, sarebbe opportuno che tu postassi un log di HiJackThis

[Lele.1990]

ecco il log fatto in modalità provvisoria ... ( in modalità normale il log non si creava)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:23, on 15/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.plusnetwork.com/?publisher= ... sp=addr&q={searchTerms}&t=a0630
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.plusnetwork.com/?publisher= ... sp=addr&q={searchTerms}&t=a0630
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.plusnetwork.com/?publisher= ... sp=addr&q={searchTerms}&t=a0630
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.plusnetwork.com/?publisher= ... sp=addr&q={searchTerms}&t=a0630
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Scarica con Mipony - file://C:\Program Files\MiPony\Browser\IEContext.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 8429 bytes

[crazy.cat]

Se tenti di riattivarlo, modificando il suo servizio cosa ti dice?

Il log non è che dica moltissimo tranne le inutili toolbar.

[Lele.1990]

se tento di riattivarlo da " servizi" mi dice quanto segue :

Impossibile avviare il servizio Centro sicurezza Pc su Computer locale.

Errore 1079: L'account specificato per questo servizio è diverso da quello specificato per altri servizi eseguiti nello stesso processo.

Non so se può essere utile ma andando in proprietà,su "connessione" avevo selezionato "Account di sistema locale" con il rispettivo "consenti al servizio di interagire col desktop" pensando di sistemare ( cosa che non è successa ), mentre prima era selezionato "account" con "Password" e "Conferma password" appunto con le rispettive password ( che non so).

[crazy.cat]

Avevi visto questo?
http://support.microsoft.com/kb/2519899/it
La password da inserire è quella dell'amministratore locale del pc.

[Lele.1990]

ora ho selezionato "account" con "Password" e "Conferma password" appunto con le rispettive password. Ho fatto applica poi ok.

Ma quando tento di avviarlo mi dà questo errore :


Impossibile avviare il servizio Centro sicurezza Pc su Computer locale.

Errore 5: Accesso negato.

a cosa può essere dovuto ciò? come risolvo?

[Lele.1990]

e se formattassi?

[GERONIMO*]

fai una scansione completa del pc con Avira e Malwarebytes
aggiornali, prima di fare le scansioni

[Lele.1990]

scansioni gia fatte ( in modalità provvisoria) inutile dire che ho rimosso tutto quello che hanno trovato.

[sampei.nihira]

I malwares hanno fatto il loro "lavoro" e disattivato ciò che per loro poteva rappresentare una minaccia.
Devi modificare la configurazione di sicurezza altrimenti in futuro.....
Comunque per la risoluzione del tuo problema dovresti:

Uploaded with ImageShack.us

verificare ed attivare ricercandoli singolarmente in services.msc se i servizi nella scheda "relazioni di dipendenza" risultano attivati e quindi attivarli.

Ma la cosa più importante è modificare per il futuro la configurazione di sicurezza:

a) Account Standard
b) UAC max
c) EMET
d) Secunia PSI per gli aggiornamenti dei sw installati...........ecc ecc

[GERONIMO*]

Rilancia HijackThis: tasto destro - Esegui come Amministratore per aprirlo
clicca sul pulsante Do a system scan only
Metti la spunta alle voci che vedi sotto
clicca su Fix checked
Se vengono rilasciati messaggi clicca su Si

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

poi fai una scansione con combofix seguendo questa guida
e posta sul forum il report che rilascia
http://windowsguide.altervista.org/combofix/

[Lele.1990]

e se invece riformattassi e poi usassi MyPCDrivers per reinstallare i driver mancanti? il cd di installazione di windows 7 ce lo mi mancano solo gli altri cd (scheda madre, scheda audio, ecc) che li ho persi
ps combofix ho paura ad usarlo.... l' ultima volta che lo usai mi cancello il certificato di originalità di windows quindi sono stato costretto a comprare un nuovo seriale .... che dici? risuccederà?

[GERONIMO*]

se vuoi formattare formatta,non so che dirti,ma mi sembra assurdo formattare un pc solo perché non funziona il centro operativo
combofix non mi risulta che cancelli il product key,soprattutto se poi il windows è originale
potresti provare
seguendo queste istruzioni
http://support.microsoft.com/kb/2519899/it

[GERONIMO*]

scusa non avevo visto che già crazy.cat ti aveva postato il link
potresti provare con questo FIX
http://support.microsoft.com/mats/windo ... gnostic/it

[Lele.1990]

ho deciso di lanciare combofix... questo è il log

ComboFix 12-08-18.03 - Samuele 19/08/2012 18:39:34.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.958.410 [GMT 2:00]
Eseguito da: c:\users\Samuele\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Samuele\AppData\Roaming\Microsoft\Windows\lwE9H2ZWNTb4KlAE.dat
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-19 al 2012-08-19 )))))))))))))))))))))))))))))))))))
.
.
2012-08-19 16:47 . 2012-08-19 16:48 -------- d-----w- c:\users\Samuele\AppData\Local\temp
2012-08-19 16:47 . 2012-08-19 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-19 16:47 . 2012-08-19 16:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-19 15:44 . 2012-08-19 15:52 -------- d-----w- c:\users\Samuele\AppData\Roaming\driveridentifier
2012-08-17 19:51 . 2002-07-25 15:06 282624 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2012-08-17 19:51 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-08-17 19:51 . 2012-08-17 19:51 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-08-17 19:51 . 2012-08-17 19:51 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-08-17 19:51 . 2003-02-27 14:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-08-17 19:51 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-08-17 16:28 . 2012-08-17 16:28 388096 ----a-r- c:\users\Samuele\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-17 03:11 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-17 03:11 . 2012-08-17 03:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-17 02:35 . 2012-08-17 02:35 -------- d-----w- c:\program files\CDBurnerXP
2012-08-17 01:57 . 2012-08-17 01:57 -------- d-----w- c:\users\Samuele\AppData\Local\AskToolbar
2012-08-17 01:54 . 2012-08-17 01:54 -------- d-----w- c:\users\Samuele\AppData\Roaming\Avira
2012-08-17 01:39 . 2012-08-17 01:39 -------- d-----w- c:\program files\Ask.com
2012-08-17 01:38 . 2012-08-17 15:46 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-17 01:38 . 2012-08-17 15:46 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-17 01:38 . 2012-02-03 13:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-17 01:38 . 2012-08-17 01:38 -------- d-----w- c:\program files\Avira
2012-08-16 14:59 . 2012-08-16 15:19 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-16 14:59 . 2012-08-16 15:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 23:09 . 2012-08-15 23:11 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-15 17:43 . 2012-08-15 17:43 -------- d-----w- c:\program files\Trend Micro
2012-08-15 16:45 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 16:45 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 16:45 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 16:45 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 16:44 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 16:44 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 16:44 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-11 18:34 . 2012-08-11 18:34 -------- d-----w- c:\users\Samuele\AppData\Local\APN
2012-08-09 00:15 . 2012-08-09 00:19 1660 ----a-w- c:\windows\system32\ASOROSet.bin
2012-08-07 16:46 . 2012-08-07 20:12 161264 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-08-07 16:26 . 2012-05-29 15:19 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-08-07 16:26 . 2012-05-29 15:19 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-08-07 16:25 . 2012-08-07 16:26 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-08-07 16:22 . 2012-07-16 12:25 17320 ----a-w- c:\windows\system32\roboot.exe
2012-08-07 16:22 . 2012-08-07 16:22 -------- d-----w- c:\program files\RegClean Pro
2012-08-07 16:21 . 2012-08-07 20:23 -------- d-----w- c:\programdata\CPA_VA
2012-08-07 16:15 . 2012-08-07 16:16 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-07 16:14 . 2012-08-07 16:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-07 16:14 . 2012-08-07 16:14 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-08-07 16:14 . 2012-08-07 16:14 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-08-07 16:08 . 2012-08-07 16:09 -------- d-----w- c:\program files\CCleaner
2012-07-29 06:35 . 2012-07-23 11:32 98192 ----a-w- c:\windows\system32\drivers\MsgPlusDriver.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-19 16:46 . 2012-08-19 16:46 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C83B37E5-4EA8-40E4-9739-5D774655560E}\offreg.dll
2012-07-23 13:59 . 2012-07-02 16:03 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-07 14:21 . 2012-06-24 16:19 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-02 16:05 . 2012-07-02 16:05 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-07-02 16:05 . 2012-07-02 16:05 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-07-02 16:05 . 2012-07-02 16:05 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-06-30 16:07 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-29 08:44 . 2012-08-17 13:58 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C83B37E5-4EA8-40E4-9739-5D774655560E}\mpengine.dll
2012-06-24 22:12 . 2012-06-24 22:12 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-24 22:12 . 2012-06-24 22:12 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-24 22:12 . 2012-06-24 22:12 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-24 22:12 . 2012-06-24 22:12 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-24 22:12 . 2012-06-24 22:12 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-24 22:12 . 2012-06-24 22:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-24 22:12 . 2012-06-24 22:12 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-24 22:12 . 2012-06-24 22:12 367104 ----a-w- c:\windows\system32\html.iec
2012-06-24 22:12 . 2012-06-24 22:12 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-24 22:12 . 2012-06-24 22:12 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-24 22:12 . 2012-06-24 22:12 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-24 22:12 . 2012-06-24 22:12 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-24 22:12 . 2012-06-24 22:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-24 22:12 . 2012-06-24 22:12 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-24 22:12 . 2012-06-24 22:12 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-24 22:12 . 2012-06-24 22:12 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-24 17:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-06-24 16:45 . 2012-06-24 16:46 8192 ----a-w- c:\windows\system32\srvany.exe
2012-06-24 16:45 . 2012-06-24 16:46 151552 ----a-w- c:\windows\KMService.exe
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-11 07:18 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 07:18 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 07:18 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-28 21:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 21:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 21:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 21:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-28 21:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-28 21:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-28 21:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-28 21:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-28 21:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-11 07:18 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 07:18 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 07:18 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 07:18 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 07:18 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-04 15:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-17 348664]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-07-24 801792]
"SoundMan"="SOUNDMAN.EXE" [2007-03-09 598016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper]
2012-06-25 10:10 19312 ----a-w- c:\users\Samuele\AppData\Local\Smartbar\Application\Smartbar.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON SX125 Series"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE /FU "c:\windows\TEMP\E_S6E68.tmp" /EF "HKCU"
"Google Update"="c:\users\Samuele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"CCleaner"=c:\program files\CCleaner\CCleaner.exe
"TuneUp Utilities - Interfaccia di avvio"=c:\program files\TuneUp Utilities 2012\Integrator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [x]
S3 MsgPlusDriver;Messenger Plus! Virtual Camera;c:\windows\system32\DRIVERS\MsgPlusDriver.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 15:19]
.
2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-112170123-896870011-3457703113-1000Core.job
- c:\users\Samuele\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 01:27]
.
2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-112170123-896870011-3457703113-1000UA.job
- c:\users\Samuele\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 01:27]
.
2012-08-19 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-08-07 12:25]
.
2012-08-19 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-08-07 12:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://feed.plusnetwork.com/?publisher= ... sp=addr&q={searchTerms}&t=a0630
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Scarica con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-08-19 18:50:50
ComboFix-quarantined-files.txt 2012-08-19 16:50
.
Pre-Run: 42.366.849.024 byte disponibili
Post-Run: 42.292.379.648 byte disponibili
.
- - End Of File - - FFAF17AFE42792D1E8625C0E8B90C7B4

ho seguito anche gli altri 2 consigli ma niente da fare purtroppo

[GERONIMO*]

sposta Combofix dalla cartella Downloads sul Desktop
combo deve stare sul desktop
poi disattiva Avira e il firewall

Crea sul desktop un Nuovo documento di testo
ci copi\incolli dentro lo script che vedi sotto
e lo salvi con il nome di CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
se chiede il riavvio del pc riavvia
Posta il log aggiornato di combofix

Codice: Seleziona tutto

ClearJavaCache::

File::
c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\Updater\Updater.exe
c:\users\Samuele\AppData\Local\Smartbar\Application\Smartbar.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

Folder::
c:\users\Samuele\AppData\Local\AskToolbar
c:\program files\Ask.com
c:\users\Samuele\AppData\Local\APN
c:\program files\RegClean Pro
c:\windows\Tasks
c:\program files\Microsoft\BingBar

Driver::
BBSvc
BBUpdate

Suspect::
c:\windows\system32\ASOROSet.bin

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Infrastructure Helper]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

[Lele.1990]

il log non me lo fa mettere perché è troppo lungo .... intanto però ho tolto tutte le toolbar che avevo

[GERONIMO*]

il log non me lo fa mettere perché è troppo lungo ....

ma...non capisco cosa intendi
devi spostare Combofix dalla cartella Downloads sul Desktop
poi
Creare sul desktop un Nuovo documento di testo
ci copi\incolli dentro lo script che ti ho postato
e lo salvi con il nome di CFScript.txt
e trascinalo sull'icona di ComboFix.

[Lele.1990]

intendo il log che crea combofix.... esce fuori questo messaggio " Il messaggio contiene 532703 caratteri. Il numero massimo di caratteri permessi è 60000."

lo divido in 2 parti?