Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

virus polizia o qualcosa del genere

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » gio gen 31, 2013 11:46 pm

ciao hashcat.scusa il ritardo.
nel registro di sistema sono presenti alcune voci come indicato nel link sotto riferito a un vostro articolo

http://www.MegaLab.it/8276/2/come-rimuovere-i-virus-ransomware-o-virus-della-polizia-e-recuperare-i-dati-criptati

shutdown flags, win stationsdisabled,userinit system32.


eccoti il log di system look

SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 30/01/2013 by user
Administrator - Elevation successful

========== file ==========

C:\Windows\System32\Wait.exe - File found and opened.
MD5: 4EC6B8195640CCAF2D0DC319B82F79E3
Created at 18:54 on 06/03/2011
Modified at 09:52 on 28/01/2009
Size: 142337 bytes
Attributes: --a----

C:\Windows\System32\drivers\sptd.sys - Unable to find/read file.

========== Environment Variables ==========

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\user\AppData\Roaming
asl.log=%asl.log%
CLASSPATH=%CLASSPATH%
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-USER
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=%configsetroot%
DFSTRACINGON=%DFSTRACINGON%
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\user
LOCALAPPDATA=C:\Users\user\AppData\Local
LOGONSERVER=\\PC-USER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\SolidWorks Corp\COSMOS M;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\Acronis\SnapAPI;C:\Windows\System32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=%PROMPT%
PUBLIC=C:\Users\Public
QTJAVA=%QTJAVA%
SESSIONNAME=%SESSIONNAME%
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\user\AppData\Local\Temp
TMP=C:\Users\user\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=%TRACE_FORMAT_SEARCH_PATH%
USERDOMAIN=PC-user
USERNAME=user
USERPROFILE=C:\Users\user
VBOX_INSTALL_PATH=%VBOX_INSTALL_PATH%
windir=C:\Windows

-= EOF =-


il log extras di otl

OTL Extras logfile created on: 31/01/2013 21:50:47 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 53.30% Memory free
4.93 Gb Paging File | 3.63 Gb Available in Paging File | 73.56% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 59.80 Gb Free Space | 53.60% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.46 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PC-USER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-397757737-986699961-1055673849-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F9EAF6B-6F99-40C7-9ACE-2469FFA6F139}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EF7EFAE4-A9F5-48D2-BC8C-9D760A18FEAD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A3B8C4B-6BAF-4EB1-BE47-A69F750A24F5}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{4D12B58D-9373-46F1-9F76-B9FE22C9C1FA}" = protocol=58 | dir=in | app=system |
"{53D15430-396E-4BD3-8965-8272ACF5B2D6}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{631FBCA3-EEE7-4A01-A8AD-F5E3ED0D42B6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{803AAA64-7D1D-40A5-9F87-B8EC9FACA402}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{818C8618-2A4C-4BDD-A183-4FD3A8795F8E}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{BAD05865-3DAB-456B-B145-48916BB2F938}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{C9A23E54-55B1-4763-A97F-7C3577496CF2}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D9D3ED53-3C62-4AFA-BF94-A0F219FC8714}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{22A9D9CC-B931-43AB-ABD9-7185D3480792}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{24606D3C-EEDF-463D-8771-3EC9C02D9630}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C4CD8AE-42F8-44B3-A99D-ED9A8C367AFC}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |
"TCP Query User{D50AC6D1-8148-4B95-8FE2-F881A56248FB}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{0BEED1BF-FDB6-4BB4-84F5-44602DDE9677}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{436C1642-4825-46CD-BF6A-4C2702C9F646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E571B376-3DD3-4407-938F-CCF737BBA4F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB4787D6-43DB-40AC-97C6-7D229D14CC56}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03DB01C6-F188-41DA-B7C1-109F6CBCCF04}" = Delcam PSDocEnglishStandalone 2010
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP0
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1553E6CA-E99D-4885-A8BE-EF67342B859F}" = COSMOSM 2010 (2009/280)
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{257A8354-805C-40E5-A5BF-81397D169FB2}" = Default
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4ceda886-a089-4f97-a408-27ae660d7760}" = Business Contact Manager SP1 per Outlook 2007
"{4D2D9016-70A9-4D91-9AA7-686ACAF056D9}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{55D2E060-9CCB-47B7-BBC2-FE71A1604B65}" = Microsoft SQL Server Native Client
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{6379FD0A-8964-4A50-80A6-B20B65117905}" = File di supporto dell'installazione di Microsoft SQL Server (Italiano)
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT835UP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Componenti di connettività di Microsoft Office Small Business
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{CCA1A427-8E84-4080-9703-B3CF4DDF7CC5}" = Delcam PowerSHAPE8080
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D867B4B4-D6D7-40BC-AE63-742C9EC03023}" = Microsoft SQL Server VSS Writer
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Business Contact Manager" = Business Contact Manager SP1 per Outlook 2007
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registrazione utente Canon MP210 series" = Registrazione utente Canon MP210 series
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2013 15:30:38 | Computer Name = PC-user | Source = MsiInstaller | ID = 11402
Description =

Error - 31/01/2013 15:30:43 | Computer Name = PC-user | Source = MsiInstaller | ID = 1024
Description =

Error - 31/01/2013 15:30:55 | Computer Name = PC-user | Source = MsiInstaller | ID = 11402
Description =

Error - 31/01/2013 15:30:57 | Computer Name = PC-user | Source = MsiInstaller | ID = 1024
Description =

Error - 31/01/2013 15:31:13 | Computer Name = PC-user | Source = MsiInstaller | ID = 11402
Description =

Error - 31/01/2013 15:31:14 | Computer Name = PC-user | Source = MsiInstaller | ID = 1024
Description =

Error - 31/01/2013 16:46:41 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 31/01/2013 16:46:44 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 31/01/2013 16:46:56 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 31/01/2013 16:47:01 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 31/01/2013 15:31:02 | Computer Name = PC-user | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 31/01/2013 15:34:22 | Computer Name = PC-user | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 31/01/2013 16:46:41 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 31/01/2013 16:46:41 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 31/01/2013 16:46:44 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 31/01/2013 16:46:44 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 31/01/2013 16:46:56 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 31/01/2013 16:46:56 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 31/01/2013 16:47:01 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 31/01/2013 16:47:01 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

[ TuneUp Events ]
Error - 10/08/2009 07:13:06 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:36 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:46 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >


il log di otl

http://paste.ubuntu.com/1594836/

ciao e grazie.
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: virus polizia o qualcosa del genere

Messaggioda hashcat » ven feb 01, 2013 2:20 pm

whiterock ha scritto:ciao hashcat.scusa il ritardo.

Nessun problema, sono felice che tu non abbia abbandonato la discussione.
whiterock ha scritto:nel registro di sistema sono presenti alcune voci come indicato nel link sotto riferito a un vostro articolo

http://www.MegaLab.it/8276/2/come-rimuovere-i-virus-ransomware-o-virus-della-polizia-e-recuperare-i-dati-criptati

shutdown flags, win stationsdisabled,userinit system32.

Sono tutte chiavi legittime, l'unica anomalia sarebbe la presenza di un valore differente da explorer.exe per la chiave Shell
whiterock ha scritto:eccoti il log di system look

Il log sembra OK
whiterock ha scritto:il log extras di otl, il log di otl

Purtroppo oggi sono particolarmente impegnato, visionerò i log aggiornati di OTL appena possibile.

[^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » ven feb 01, 2013 7:38 pm

no problem!!!!
hai gia' fatto tantissimo!!!
[^]
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm


Re: virus polizia o qualcosa del genere

Messaggioda hashcat » ven feb 01, 2013 10:09 pm

Premetto che non ho letto in maniera approfondita il log, comunque suggerisco di effettuare la procedura di pulizia che segue:

Scarica ed esegui QUESTO FIX.

Poi passa ad OTL:

  • Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
  • Avviare OTL mediante doppio click
  • Inserire il seguente script nella casella Custom Scans/Fixes di OTL e cliccare Run Fix

    Codice: Seleziona tutto
    :OTL
    IE - HKLM\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
    FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan:  File not found
    [2010/01/16 18:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2009/08/16 12:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    [2010/05/22 12:50:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers

    :Files
    ipconfig /flushdns /c

    :Commands
    [CLEARALLRESTOREPOINTS]
    [EMPTYTEMP]
    [PURITY]


  • Il computer verrà riavviato.

Dunque posta il log generato utilizzando QUESTO strumento.

Utilizza Adwcleaner per ripulire ulteriormente il pc da PUP. Avvialo e clicca su Delete, al termine della pulizia posta il relativo log.


Infine effettua una scansione con Combofix:
  1. Disconnettere il computer da Internet
  2. Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare ComboFix
  3. Terminare tutti i programmi non fondamentali del tuo computer
  4. Fare doppio clic sul file
  5. Non utilizzare il computer durante l'esecuzione di Combofix (nemmeno mouse e tastiera)
  6. Quando Combofix finirà, salverà un log in:
    C:\ComboFix.txt

Per informazioni aggiuntive leggere la guida:
http://www.bleepingcomputer.com/combofix/it/come-usare-combofix

Se il log di Combofix dovesse essere molto lungo postalo su Ubuntu Pastebin

[weponed] [weponed]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » sab feb 02, 2013 1:45 pm

ciao hashcat.
ecco il log di otl.ho usato il tuo strumento ma non ho salvato ma ha eliminato le voci che tu hai messo.il log che vedi e' successivo alla prima pulizia

http://paste.ubuntu.com/1600853/

il log extras di otl

OTL Extras logfile created on: 02/02/2013 10:35:07 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.00% Memory free
4.94 Gb Paging File | 3.60 Gb Available in Paging File | 72.84% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 57.41 Gb Free Space | 51.46% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.46 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 26.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PC-USER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-397757737-986699961-1055673849-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F9EAF6B-6F99-40C7-9ACE-2469FFA6F139}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EF7EFAE4-A9F5-48D2-BC8C-9D760A18FEAD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A3B8C4B-6BAF-4EB1-BE47-A69F750A24F5}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{4D12B58D-9373-46F1-9F76-B9FE22C9C1FA}" = protocol=58 | dir=in | app=system |
"{53D15430-396E-4BD3-8965-8272ACF5B2D6}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{631FBCA3-EEE7-4A01-A8AD-F5E3ED0D42B6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{803AAA64-7D1D-40A5-9F87-B8EC9FACA402}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{818C8618-2A4C-4BDD-A183-4FD3A8795F8E}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{BAD05865-3DAB-456B-B145-48916BB2F938}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{C9A23E54-55B1-4763-A97F-7C3577496CF2}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D9D3ED53-3C62-4AFA-BF94-A0F219FC8714}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{22A9D9CC-B931-43AB-ABD9-7185D3480792}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{24606D3C-EEDF-463D-8771-3EC9C02D9630}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C4CD8AE-42F8-44B3-A99D-ED9A8C367AFC}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |
"TCP Query User{D50AC6D1-8148-4B95-8FE2-F881A56248FB}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{0BEED1BF-FDB6-4BB4-84F5-44602DDE9677}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{436C1642-4825-46CD-BF6A-4C2702C9F646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E571B376-3DD3-4407-938F-CCF737BBA4F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB4787D6-43DB-40AC-97C6-7D229D14CC56}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03DB01C6-F188-41DA-B7C1-109F6CBCCF04}" = Delcam PSDocEnglishStandalone 2010
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP0
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1553E6CA-E99D-4885-A8BE-EF67342B859F}" = COSMOSM 2010 (2009/280)
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{257A8354-805C-40E5-A5BF-81397D169FB2}" = Default
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4ceda886-a089-4f97-a408-27ae660d7760}" = Business Contact Manager SP1 per Outlook 2007
"{4D2D9016-70A9-4D91-9AA7-686ACAF056D9}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{55D2E060-9CCB-47B7-BBC2-FE71A1604B65}" = Microsoft SQL Server Native Client
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{6379FD0A-8964-4A50-80A6-B20B65117905}" = File di supporto dell'installazione di Microsoft SQL Server (Italiano)
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT835UP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Componenti di connettività di Microsoft Office Small Business
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{CCA1A427-8E84-4080-9703-B3CF4DDF7CC5}" = Delcam PowerSHAPE8080
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D867B4B4-D6D7-40BC-AE63-742C9EC03023}" = Microsoft SQL Server VSS Writer
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Business Contact Manager" = Business Contact Manager SP1 per Outlook 2007
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registrazione utente Canon MP210 series" = Registrazione utente Canon MP210 series
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 02/02/2013 04:41:40 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:42:11 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:42:13 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:52:05 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:52:55 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:53:15 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 04:53:27 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 05:09:11 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 05:09:58 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 02/02/2013 05:10:21 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 02/02/2013 05:19:03 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 02/02/2013 05:19:03 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 02/02/2013 05:19:04 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 02/02/2013 05:19:04 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 02/02/2013 05:32:26 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 02/02/2013 05:32:26 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 02/02/2013 05:32:32 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 02/02/2013 05:32:32 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 02/02/2013 05:32:37 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 02/02/2013 05:32:37 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

[ TuneUp Events ]
Error - 10/08/2009 07:13:06 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:36 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:46 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >



il log do adware

# AdwCleaner v2.109 - Logfile creato il 02/02/2013 alle 10:05:11
# Aggiornamento 26/01/2013 by Xplode
# Sistema Operativo : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Utente : user - PC-USER
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\user\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

File Eliminato : C:\user.js

***** [Registro] *****

Chiave Eliminata : HKCU\Software\1ClickDownload
Chiave Eliminata : HKCU\Software\59578fd1b56eba42
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminata : HKCU\Software\AppDataLow\Software\uTorrentControl_v2
Chiave Eliminata : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473B6BD-4691-4744-A82B-7854EB3D70B6}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08C2CFE3-CBD1-4BB4-995C-E30432F7AB72}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0BA605B-D7B3-4B3F-A56D-73039FA9EC9D}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Chiave Eliminata : HKLM\Software\uTorrentControl_v2

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registro Pulito.

-\\ Google Chrome v24.0.1312.57

*************************

AdwCleaner[R1].txt - [2685 octets] - [02/02/2013 10:04:26]
AdwCleaner[R2].txt - [2745 octets] - [02/02/2013 10:05:03]
AdwCleaner[S1].txt - [2724 octets] - [02/02/2013 10:05:11]

########## EOF - C:\AdwCleaner[S1].txt - [2784 octets] ##########


infine il log di combo fix che mi ha fatto riaccendere il pc qundi penso che abbia trovato qualcosa

http://paste.ubuntu.com/1600862/

inoltre nel registro cio sono altre voci es legal notice text e legal notice caption etc.
probabilmente quando ho preso il virus della plozia qualche tempo fa' ho pensato di risolvere tutto con ilpristino sistema tornando indietro di 1 giorno ma qualcosa a quanto pare e' rimasto.
ciao e grazie
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: virus polizia o qualcosa del genere

Messaggioda hashcat » sab feb 02, 2013 2:21 pm

Appena possibile do' un'occhiata approfondita ai nuovi log, comunque Combofix sembra aver lavorato bene rimuovendo forse il responsabile:

Codice: Seleziona tutto
La copia infetta di c:\windows\system32\Services.exe è stata trovata e disinfettata
ripristinata copia da - c:\windows\ERDNT\cache\services.exe

Dunque, persistono ancora i problemi descritti nel primo messaggio?


P.S.: Non abbandonare la discussione che non abbiamo (ancora) finito (manca poco).
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » dom feb 03, 2013 9:16 am

ciao hashcat.
credo abbiamo tolto parecchia schifezza dall inizio.e dopo l'ultima scansione con combofix penso che siano spariti i problemi anche nel registro.vedremo.
fammi sapere se hai trovato ancora qualcosa.io ho installato antivir premium+superantispyware+malawarebites.secondo te e' una buona protezione?mi consigli un firewall?
ciao e grazie
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: virus polizia o qualcosa del genere

Messaggioda jokerinopazzos » lun feb 04, 2013 1:22 pm

Ciao a tutti ,

volevo chiedervi secondo voi come si fa a non prendere questo virus ? che programma mi consigliate di installare sul mio pc ?

Grazie e cordiali saluti
Avatar utente
jokerinopazzos
Bronze Member
Bronze Member
 
Messaggi: 973
Iscritto il: mar apr 20, 2010 10:39 am

Re: virus polizia o qualcosa del genere

Messaggioda sampei.nihira » lun feb 04, 2013 5:58 pm

E' "facile" basta eliminare/ridurre/mitigare eventuali exploit che hanno come bersaglio soft installati nel tuo pc.
Per esempio recentemente questa tipologia di malwares ha preso di mira java:

http://joe4security.blogspot.ch/2013/01 ... nical.html

Siccome tu visiti pagine web che possono essere compromesse da questi multi-exploit (così per i soliti furboni è più redditizio) sembrerà strano ai più ma il browser web guarda caso è il primo indiziato.

Ma probabilmente tu esigevi una risposta più diretta cioè:

1 programma

presto detto
Quindi, anche se per me è una forzatura, se usi navigare con il browser protetto da SandboxIE con attiva l'eliminazione del contenuto dell'area virtuale alla chiusura del browser non prenderai mai (a meno di un bypass della stessa sandboxIE che ci può stare eh non dimentichiamolo) questa tipologia di malware.


釣りキチ三平
Avatar utente
sampei.nihira
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3527
Iscritto il: dom ott 03, 2010 8:18 am

Re: virus polizia o qualcosa del genere

Messaggioda hashcat » lun feb 04, 2013 9:44 pm

whiterock ha scritto:ciao hashcat.
credo abbiamo tolto parecchia schifezza dall inizio.e dopo l'ultima scansione con combofix penso che siano spariti i problemi anche nel registro.vedremo.
fammi sapere se hai trovato ancora qualcosa.io ho installato antivir premium+superantispyware+malawarebites.secondo te e' una buona protezione?mi consigli un firewall?
ciao e grazie

Ultimamente mi trovo (purtroppo) ad essere spesso occupato, domani dovrei avere la tranquillità sufficiente per analizzare il log di Combofix. Nel frattempo ti chiedo di postarne uno di OTL aggiornato.

Innanzitutto posso consigliarti di rimuovere SuperAntispyware (è poco utile), poi ti chiedo, utilizzi Malwarebytes con la protezione in tempo reale attiva? Per Avira premium intendi la suite a pagamento?

Il consiglio riguardo al firewall dipende dalle risposte che darai a queste domande.

[ciao]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda jokerinopazzos » mar feb 05, 2013 11:56 am

Quindi non c'e' un ottimo antimalware per bloccare questo tipo di infenzione ?
Avatar utente
jokerinopazzos
Bronze Member
Bronze Member
 
Messaggi: 973
Iscritto il: mar apr 20, 2010 10:39 am

Re: virus polizia o qualcosa del genere

Messaggioda crazy.cat » mar feb 05, 2013 1:19 pm

jokerinopazzos ha scritto:Quindi non c'e' un ottimo antimalware per bloccare questo tipo di infenzione ?

No, perché sfrutta troppi buchi del sistema e programmi di terze parti non aggiornati.
O il tuo antivirus si è appena aggiornato e lo ha incluso nelle definizioni, o lui rischia di passare.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » mar feb 05, 2013 9:04 pm

ciao hashcat.ti ringrazio e posto qui il log di otl
http://paste.ubuntu.com/1613900/

e qui il log extras di otl

OTL Extras logfile created on: 05/02/2013 18:44:20 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: Regno Unito | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.43% Memory free
4.94 Gb Paging File | 3.56 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): C:\pagefile.sys 3067 3067F:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.57 Gb Total Space | 58.43 Gb Free Space | 52.37% Space Free | Partition Type: NTFS
Drive D: | 111.55 Gb Total Space | 111.46 Gb Free Space | 99.91% Space Free | Partition Type: NTFS
Drive E: | 7.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 26.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: PC-USER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-397757737-986699961-1055673849-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-397757737-986699961-1055673849-1003]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4F9EAF6B-6F99-40C7-9ACE-2469FFA6F139}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EF7EFAE4-A9F5-48D2-BC8C-9D760A18FEAD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A3B8C4B-6BAF-4EB1-BE47-A69F750A24F5}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{4D12B58D-9373-46F1-9F76-B9FE22C9C1FA}" = protocol=58 | dir=in | app=system |
"{53D15430-396E-4BD3-8965-8272ACF5B2D6}" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{631FBCA3-EEE7-4A01-A8AD-F5E3ED0D42B6}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"{803AAA64-7D1D-40A5-9F87-B8EC9FACA402}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{818C8618-2A4C-4BDD-A183-4FD3A8795F8E}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{BAD05865-3DAB-456B-B145-48916BB2F938}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 |
"{C9A23E54-55B1-4763-A97F-7C3577496CF2}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{D9D3ED53-3C62-4AFA-BF94-A0F219FC8714}" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"TCP Query User{22A9D9CC-B931-43AB-ABD9-7185D3480792}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{24606D3C-EEDF-463D-8771-3EC9C02D9630}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2C4CD8AE-42F8-44B3-A99D-ED9A8C367AFC}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |
"TCP Query User{D50AC6D1-8148-4B95-8FE2-F881A56248FB}C:\program files\wintv\wintv7\wintv7.exe" = protocol=6 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{0BEED1BF-FDB6-4BB4-84F5-44602DDE9677}C:\program files\wintv\wintv7\wintv7.exe" = protocol=17 | dir=in | app=c:\program files\wintv\wintv7\wintv7.exe |
"UDP Query User{436C1642-4825-46CD-BF6A-4C2702C9F646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E571B376-3DD3-4407-938F-CCF737BBA4F4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EB4787D6-43DB-40AC-97C6-7D229D14CC56}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03DB01C6-F188-41DA-B7C1-109F6CBCCF04}" = Delcam PSDocEnglishStandalone 2010
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{120D9280-C7A0-F52B-0F0C-8F1DE9ACEAEE}" = Catalyst Control Center Localization Korean
"{15041B8B-AC63-41DF-91D2-2118CE39E8D9}" = SolidWorks Flow Simulation 2010 SP0
"{15112D8C-D377-D1F9-3701-90E9CF9EC65B}" = Catalyst Control Center Localization Japanese
"{1553E6CA-E99D-4885-A8BE-EF67342B859F}" = COSMOSM 2010 (2009/280)
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{163B1CF0-6C0C-D558-341E-BA1DE37F9FA1}" = Catalyst Control Center Localization Danish
"{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010
"{20D08187-7192-A65D-4ABA-BB09BF315E4F}" = Catalyst Control Center Core Implementation
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226EF265-A4E4-4E10-BAA9-9C5D89F6EAF9}" = Catalyst Control Center Localization Turkish
"{238BA203-497D-16EA-8495-A42A37A1D1DC}" = Catalyst Control Center Localization Russian
"{257A8354-805C-40E5-A5BF-81397D169FB2}" = Default
"{2D72ACF2-C3A9-A980-FB98-0062C1F4AABF}" = Catalyst Control Center Localization Chinese Standard
"{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP0
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{34ED728D-ECE5-4A0D-9963-B54B318D0932}" = ccc-Branding
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4971AB6A-D3AF-4227-51BD-0165C56F35F6}" = Catalyst Control Center Localization Dutch
"{4ceda886-a089-4f97-a408-27ae660d7760}" = Business Contact Manager SP1 per Outlook 2007
"{4D2D9016-70A9-4D91-9AA7-686ACAF056D9}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{4EB4978B-F18F-A9BF-114D-275F675CD9E7}" = Catalyst Control Center Localization Polish
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{55D2E060-9CCB-47B7-BBC2-FE71A1604B65}" = Microsoft SQL Server Native Client
"{56DCD20A-E558-4396-AF59-14D15AA737BB}" = DWGeditor
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A44BF79-7923-E7D4-C8A6-F93F81EF48B9}" = Catalyst Control Center Localization Finnish
"{5DCE4F2F-427B-F3DA-AF1E-34FBFCF779ED}" = ccc-core-static
"{62F596B9-0DF7-AD7B-2D66-E6DC4BFB94C1}" = Catalyst Control Center Localization French
"{6379FD0A-8964-4A50-80A6-B20B65117905}" = File di supporto dell'installazione di Microsoft SQL Server (Italiano)
"{64B3A619-65FF-6AF5-ABF8-D7D17E20D8A1}" = Catalyst Control Center Localization German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736D2DAD-3D87-4CAA-8646-83D238AD68E0}" = PhotoView 360
"{7616F372-AFF8-355C-582D-6EA9BE9445CF}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79B92639-4B90-CD61-6CB3-72C1977D7256}" = Catalyst Control Center Localization Portuguese
"{7B8CFD39-A3EA-7469-344A-35715AA9DB10}" = Catalyst Control Center Localization Spanish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT835UP
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99C2CE24-18E1-5779-642B-ED28AFBE912E}" = Catalyst Control Center Localization Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Componenti di connettività di Microsoft Office Small Business
"{AAA58088-CBEE-466C-F225-E6DC91A9A067}" = Catalyst Control Center Localization Norwegian
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0
"{B1286E7E-AAAF-955C-1C72-60C5EF8F5F2D}" = Catalyst Control Center Localization Italian
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4A0EFC6-0933-6AE9-8EE0-7D6C5D5E28A8}" = Catalyst Control Center Localization Swedish
"{B8DC25AB-AEF8-264E-072D-62EB71D331B6}" = Catalyst Control Center Localization Hungarian
"{BDFD03D4-CA66-36B1-41DE-F10059E248C4}" = Catalyst Control Center Localization Greek
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{CCA1A427-8E84-4080-9703-B3CF4DDF7CC5}" = Delcam PowerSHAPE8080
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D273D5F0-5868-358A-F5EE-77565BD6AAD4}" = Catalyst Control Center Localization Chinese Traditional
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D867B4B4-D6D7-40BC-AE63-742C9EC03023}" = Microsoft SQL Server VSS Writer
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}" = Assistente per l'accesso a Windows Live
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F79E42D0-C1F2-C461-5E1A-3A169E25F2C2}" = ccc-utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9E6D14-CD96-B086-BF2B-1E5DE6A7780F}" = Catalyst Control Center Localization Czech
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Any Video Converter_is1" = Any Video Converter 3.5.8
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"Business Contact Manager" = Business Contact Manager SP1 per Outlook 2007
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Google Chrome" = Google Chrome
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.70.0.1100
"MediaMonkey_is1" = MediaMonkey 4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PhotoStitch" = Canon Utilities PhotoStitch
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registrazione utente Canon MP210 series" = Registrazione utente Canon MP210 series
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/02/2013 13:34:45 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:35:05 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:35:18 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:37:02 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:37:22 | Computer Name = PC-user | Source = Application Error | ID = 1000
Description = Applicazione che ha generato l'errore mbar.exe, versione 1.1.0.1017,
timestamp 0x50f9ae57, modulo che ha generato l'errore QtGui4.dll, versione 6.0.6002.18541,
timestamp 0x4ec3e3d5, codice eccezione 0xc0000135, offset errore 0x00009f5d, ID
processo 0x12c0, data e ora di avvio dell'applicazione 0x01ce03c7730addcc.

Error - 05/02/2013 13:39:07 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:39:13 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:40:33 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:41:24 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

Error - 05/02/2013 13:41:39 | Computer Name = PC-user | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 05/02/2013 13:39:13 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 05/02/2013 13:39:13 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 05/02/2013 13:40:33 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 05/02/2013 13:40:33 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 05/02/2013 13:41:24 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 05/02/2013 13:41:24 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 05/02/2013 13:41:39 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 05/02/2013 13:41:39 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

Error - 05/02/2013 13:41:44 | Computer Name = PC-user | Source = Service Control Manager | ID = 7024
Description =

Error - 05/02/2013 13:41:44 | Computer Name = PC-user | Source = Service Control Manager | ID = 7034
Description =

[ TuneUp Events ]
Error - 10/08/2009 07:13:06 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:36 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 07:13:46 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 10/08/2009 08:40:41 | Computer Name = PC-user | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >


per quanto riguarda le mie protezioni ho la versione antivir premium a pagamento poi ho antimalaware bites ma senza la protezione in tempo reale.l'ho provata per un certo periodo e sembrava funzionasse.mi consigli quella? ciao e grazie [^]
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: virus polizia o qualcosa del genere

Messaggioda hashcat » mer feb 06, 2013 9:44 pm

Diciamo che sei praticamente pulito: purtroppo c'è una riga che non mi piace

Codice: Seleziona tutto
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7295FFC-547E-4132-92AF-1870B21F75B1}: DhcpNameServer = 78.46.86.74 212.117.175.185

Proveremo a correggere questa anomalia utilizzando definitive_dnschanger_fix.reg.


Quindi rimuovi alcuni elementi con The Avenger 2:

  1. Scarica The Avenger 2 da qui
  2. Eseguilo
  3. Deseleziona l'opzione Scan for rootkits
  4. Inserisci il seguente script nella casella di testo

    Codice: Seleziona tutto
    Files to delete:
    C:\Windows\system32\npdeployJava1.dll

    Folders to delete:
    C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
    C:\Program Files\Adobe\Reader 9.0

  5. Premi Execute
  6. Autorizza The Avenger 2 a riavviare il computer
  7. Inserisci nel prossimo messaggio il log generato da The Avenger 2 (C:\Avenger.txt)

Effettua un po' di pulizia con OTL:

  • Disattivare o terminare tutte le protezioni in tempo reale di programmi anti-spyware, antivirus, anti-malware, che possono influenzare OTL
  • Avviare OTL mediante doppio click
  • Inserire il seguente script nella casella Custom Scans/Fixes di OTL e cliccare Run Fix

    Codice: Seleziona tutto
    :Files
    ipconfig /flushdns /c

    :Commands
    [CLEARALLRESTOREPOINTS]
    [EMPTYTEMP]
    [PURITY]


  • Il computer verrà riavviato.

Dunque posta il log generato utilizzando QUESTO strumento.


Riapri OTL e clicca sul pulstante CleanUP.

Scarica una versione di Combofix aggiornata da QUI e posta il relativo log (se questo risulterà pulito, avremo finito).

Riguardo ai prodotti di sicurezza: se possiedi una licenza valida per Avira Antivir Premium (non lo stai usando in versione di prova) l'unico mio consiglio può essere quello di disattivare il firewall integrato ed installare Online Armor.

Considerando che al momento sei sprovvisto di un lettore PDF, ti consiglio di installare Sumatra PDF o con PDF-XChange Viewer.

Infine puoi utilizzare un software come Patch My Pc o Secunia PSI per aggiornare i software obsoleti.


P.S.: Se desideri rivedere la tua configurazione di sicurezza o hai dei dubbi in generale inerenti all'argomento, ti consiglio di dare un'occhiata a QUESTA discussione.
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » ven feb 08, 2013 10:43 pm

ciao hashcat.devo scusarmi per il ritardo ma ho avuto da fare anchio.

ecco il log di avenger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: file "C:\Windows\system32\npdeployJava1.dll" not found!
Deletion of file "C:\Windows\system32\npdeployJava1.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" not found!
Deletion of folder "C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Program Files\Adobe\Reader 9.0" not found!
Deletion of folder "C:\Program Files\Adobe\Reader 9.0" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



il log di otl

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\user\Downloads\cmd.bat deleted successfully.
C:\Users\user\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 357469 bytes
->Temporary Internet Files folder emptied: 33436 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 133549592 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15504 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 128.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02072013_225049

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\FwProxyError.log scheduled to be moved on reboot.
C:\Windows\temp\JET76F3.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


infine combo fix


http://paste.ubuntu.com/1626802/

provero' ad installare armor come firewall e gli altri software lettori pdf.
grazie ancora .whiterock
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: virus polizia o qualcosa del genere

Messaggioda hashcat » ven feb 08, 2013 11:09 pm

Non dimenticare di disinstallare Combofix: rinominalo in uninstall.exe ed eseguilo.

[^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: virus polizia o qualcosa del genere

Messaggioda whiterock » sab feb 09, 2013 11:21 pm

ciao hashcat.allora sono a posto.abbiamo finito? [:)]
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: R: virus polizia o qualcosa del genere

Messaggioda hashcat » dom feb 10, 2013 12:28 pm

Si.

[^]
<<Intelligence is the ability to avoid doing work, yet getting the work done.>>
Linus Torvalds

EX [MLI] Power User.
Avatar utente
hashcat
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 2285
Iscritto il: lun ott 25, 2010 1:26 pm

Re: R: virus polizia o qualcosa del genere

Messaggioda whiterock » dom feb 10, 2013 9:41 pm

grazie hashcat!! [^]
non riesco a installare armorfirewall.provero' con comodo.
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

Re: R: virus polizia o qualcosa del genere

Messaggioda whiterock » mar feb 12, 2013 9:42 pm

ciao hashcat.ti disturbo ancora solo per chiederti un informazione.
non riesco ad installare on line armor firewall.faccio partire l'applicazione e una volta finito appare la schermata per l'attivazione.attivo la versione trial e mi appare l'errore:l'host non e' stato trovato errore socket 11001.inoltre la connessione internet non funziona piu' finche non disistallo armon.
ciao e grazie in anticipo. [uhm]
Avatar utente
whiterock
Aficionado
Aficionado
 
Messaggi: 44
Iscritto il: sab dic 27, 2008 1:19 pm

PrecedenteProssimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising