Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

aiuto infezione cattiva

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

aiuto infezione cattiva

Messaggioda mitrha » sab feb 08, 2014 3:28 pm

Ciao a tutti,
premetto che nn è il mio PC (meno male) perché mi sembra una cosa moolto seria,è successo questo:arriva un avviso tipo un aggiornamento di windows viene dato l'ok e inizia il delirio. questo il log di combofix. nn funziona praticamente nlla.

ComboFix 14-02-05.02 - Paolo 08/02/2014 0:13.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.3894.2897 [GMT 1:00]
Eseguito da: c:\users\Paolo\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\file recuperati\Desktop_1.ini
c:\file recuperati\Desktop_2.ini
c:\program files (x86)\FindLyrics
c:\program files (x86)\Windows Live\Messenger\msacm32.dll
c:\programdata\31.nls
c:\users\Paolo\Desktop\Setup.exe
c:\windows\ST6UNST.000
.
c:\windows\SysWow64\svchost.exe . . . è infetto!!
.
c:\windows\System32\dllhost.exe . . . è infetto!!
.
c:\windows\SysWOW64\dllhost.exe . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-07 al 2014-02-07 )))))))))))))))))))))))))))))))))))
.
.
2014-02-07 23:22 . 2014-02-07 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-07 22:41 . 2014-02-07 23:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-07 22:41 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-07 22:21 . 2014-02-07 23:09 -------- d-----w- C:\AdwCleaner
2014-02-07 22:04 . 2014-02-07 22:04 -------- d-----w- c:\users\Paolo\AppData\Roaming\WildTangent
2014-02-07 21:57 . 2014-02-07 21:58 -------- d-----w- c:\programdata\AppsWatcher
2014-02-06 17:44 . 2014-02-06 17:44 -------- d-----w- c:\users\Paolo\AppData\Roaming\Malwarebytes
2014-02-06 17:44 . 2014-02-06 17:44 -------- d-----w- c:\programdata\Malwarebytes
2014-02-03 18:28 . 2014-02-03 18:28 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-24 20:03 . 2014-01-24 20:03 -------- d-----w- c:\programdata\Canneverbe Limited
2014-01-24 20:03 . 2014-01-24 20:03 -------- d-----w- c:\users\Paolo\AppData\Roaming\Canneverbe Limited
2014-01-24 20:03 . 2014-01-24 20:03 -------- d-----w- c:\program files\CDBurnerXP
2014-01-24 19:41 . 2014-01-24 19:41 -------- d-----w- c:\users\Paolo\lmms
2014-01-24 19:40 . 2014-01-24 19:40 -------- d-----w- c:\program files (x86)\LMMS
2014-01-24 13:11 . 2014-01-24 13:11 -------- d-----w- c:\users\Paolo\AppData\Local\Microsoft Help
2014-01-24 13:11 . 2014-01-24 13:11 -------- d-----w- c:\programdata\Microsoft Help
2014-01-24 03:50 . 2014-01-24 03:51 -------- d-----w- c:\users\Paolo\AppData\Roaming\Resolume Arena 4
2014-01-24 03:50 . 2014-01-24 03:50 -------- d-----w- c:\users\Paolo\AppData\Roaming\Resolume
2014-01-24 03:50 . 2014-01-24 03:50 -------- d-----w- c:\programdata\Resolume Arena 4
2014-01-24 03:49 . 2014-01-24 03:50 -------- d-----w- c:\program files (x86)\Resolume Arena 4.1.3
2014-01-23 23:00 . 2014-01-24 13:10 -------- d-----w- c:\program files (x86)\UnderCoverXP
2014-01-23 22:34 . 2014-01-23 22:34 -------- d-----w- c:\program files (x86)\CdCoverCreator
2014-01-23 18:22 . 2014-01-24 12:15 -------- d-----w- c:\program files (x86)\Buffetti
2014-01-23 18:21 . 2014-01-24 12:15 253952 ------w- c:\windows\Setup1.exe
2014-01-23 18:21 . 2014-01-24 12:15 74752 ----a-w- c:\windows\ST6UNST.EXE
2014-01-17 04:27 . 2014-01-18 02:38 -------- d-----w- c:\users\Paolo\AppData\Roaming\Audacity
2014-01-17 04:26 . 2014-01-17 04:26 -------- d-----w- c:\users\Paolo\AppData\Local\CrashRpt
2014-01-15 18:45 . 2014-01-15 18:45 -------- d-----w- c:\program files (x86)\coverXP
2014-01-14 11:18 . 2014-01-14 11:18 -------- d-----w- c:\users\Paolo\AppData\Roaming\Nitro PDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-07 22:37 . 2010-06-22 05:57 771072 ----a-w- c:\windows\system32\atiesrxx.exe
2014-02-06 19:09 . 2012-08-20 19:48 1128960 ----a-w- c:\windows\system32\spoolsv.exe
2014-02-06 18:45 . 2011-06-29 09:45 1162752 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-02-06 18:44 . 2012-02-14 23:57 79672 ----a-w- c:\windows\system32\drivers\AFD.SYS
2014-02-06 18:44 . 2009-07-14 00:10 79672 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2014-02-06 14:40 . 2009-07-13 23:31 950272 ----a-w- c:\windows\system32\msinfo32.exe
2014-02-06 12:46 . 2009-07-13 23:48 698880 ----a-w- c:\windows\system32\msiexec.exe
2014-02-06 12:09 . 2009-07-13 23:39 2170368 ----a-w- c:\windows\system32\VSSVC.exe
2014-02-06 12:09 . 2009-07-14 01:05 4093952 ----a-w- c:\windows\system32\sppsvc.exe
2014-02-06 12:08 . 2009-07-13 23:59 578560 ----a-w- c:\windows\system32\dllhost.exe
2014-02-06 12:02 . 2009-07-14 00:10 583168 ----a-w- c:\windows\system32\snmptrap.exe
2014-02-06 12:02 . 2009-07-13 23:52 609792 ----a-w- c:\windows\system32\UI0Detect.exe
2014-02-06 12:02 . 2009-07-13 23:47 771072 ----a-w- c:\windows\system32\wbem\WmiApSrv.exe
2014-02-06 12:02 . 2009-07-13 23:37 2074624 ----a-w- c:\windows\system32\wbengine.exe
2014-02-06 12:02 . 2009-07-13 23:37 1102848 ----a-w- c:\windows\system32\vds.exe
2014-02-06 12:02 . 2009-07-14 00:36 1257472 ----a-w- c:\windows\system32\FXSSVC.exe
2014-02-06 12:02 . 2009-07-13 23:59 710144 ----a-w- c:\windows\system32\msdtc.exe
2014-02-06 12:02 . 2009-07-14 00:08 647680 ----a-w- c:\windows\system32\alg.exe
2014-02-06 12:02 . 2009-07-13 23:19 589312 ----a-w- c:\windows\SysWow64\svchost.exe
2014-02-05 02:33 . 2013-03-23 19:19 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 02:33 . 2011-08-26 12:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-16 00:15 . 2011-10-27 10:53 86054176 ----a-w- c:\windows\system32\MRT.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2014-02-06 . F9236295CA18EBEBB03B1305D520A2EF . 1128960 . . [6.1.7600.16962] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16962_none_32533f26db2c36c0\spoolsv.exe
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7601.17777] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[7] 2012-02-11 . 807B5B0E287027F72AC37B0CDA9512DA . 559104 . . [6.1.7600.21149] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.21149_none_32f955f1f433834b\spoolsv.exe
[7] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7601.21921] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[7] 2010-08-21 . F8E1FA03CB70D54A9892AC88B91D1E7B . 558592 . . [6.1.7600.16661] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe
[7] 2010-08-20 . 8547491BE7086EE317163365D83A37D2 . 559104 . . [6.1.7600.20785] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe
[7] 2009-07-14 . 89E8550C5862999FCF482EA562B0E98E . 558080 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe
[-] 2014-02-06 . F9236295CA18EBEBB03B1305D520A2EF . 1128960 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[-] 2014-02-06 . 3D1A9C6A1E4670BB52886ACD24B64044 . 589312 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[-] 2014-02-06 . 3D1A9C6A1E4670BB52886ACD24B64044 . 589312 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 motumidi64;MOTU USB MIDI Device for 64 bit Windows;c:\windows\system32\drivers\motumidi64.sys;c:\windows\SYSNATIVE\drivers\motumidi64.sys [x]
R3 MotuUsb64;MotuUsb64;c:\windows\system32\Drivers\MotuUsb64.sys;c:\windows\SYSNATIVE\Drivers\MotuUsb64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys;c:\windows\SYSNATIVE\DRIVERS\nvnusbaudio.sys [x]
R3 RDID1064;MC-808;c:\windows\system32\Drivers\rdwm1064.sys;c:\windows\SYSNATIVE\Drivers\rdwm1064.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TASCAM_US200_MIDI;TASCAM US-200 WDM MIDI Device;c:\windows\system32\drivers\tus200_m.sys;c:\windows\SYSNATIVE\drivers\tus200_m.sys [x]
R3 TASCAM_US200_USB;TASCAM US-200 Audio Device driver;c:\windows\system32\Drivers\tus200_u.sys;c:\windows\SYSNATIVE\Drivers\tus200_u.sys [x]
R3 TASCAM_US200_WDM;TASCAM US-200 WDM;c:\windows\system32\drivers\tus200_a.sys;c:\windows\SYSNATIVE\drivers\tus200_a.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\MotuBus64.sys;c:\windows\SYSNATIVE\drivers\MotuBus64.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 42478172
*Deregistered* - 42478172
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-05 02:23 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-05 c:\windows\Tasks\HPCeeScheduleForPaolo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-23 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.Google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Paolo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C8F3C9-FDA2-4229-850D-1C273FBCE2AF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{17C8F3C9-FDA2-4229-850D-1C273FBCE2AF}\350756564645F6573686739364039373: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{17C8F3C9-FDA2-4229-850D-1C273FBCE2AF}\44D2C496E6B6024435C4D22373530324: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\m44fvlhs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-ESI - KeyControl25 Driver Setup - c:\program files (x86)\ESI\KeyCon25\uninst.exe Software\ESI\KeyCon25\Setup
AddRemove-{A0493B63-7550-5410-248C-8C2781986D52} - c:\progra~3\INSTAL~1\{DC3B2~1\Setup.exe
AddRemove-{A879F769-0802-5A3E-8B5C-FF904C93C9F2} - c:\progra~3\INSTAL~1\{A6578~1\Setup.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-2086302364.portal.qtrax.com - c:\program files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-02-08 00:24:18
ComboFix-quarantined-files.txt 2014-02-07 23:24
.
Pre-Run: 17.798.258.688 byte disponibili
Post-Run: 17.586.188.288 byte disponibili
.
- - End Of File - - 867BCD286157CC0F4F17FC72D79DB70D
Se le cose non le sai....Salle!!!
AMD Athlon 3200+ 2.1GHz,1.0 GB Ram,WIN XP SP3
Avatar utente
mitrha
Senior Member
Senior Member
 
Messaggi: 295
Iscritto il: sab lug 31, 2010 10:28 pm
Località: Roma

Re: aiuto infezione cattiva

Messaggioda GERONIMO* » sab feb 08, 2014 6:38 pm

hai il sistema molto infetto [sh]
segui tutta questa guida alla lettera [;)]
http://www.windoctor.it/sicurezza/ripul ... 8-i-virus/
Avatar utente
GERONIMO*
Bronze Member
Bronze Member
 
Messaggi: 931
Iscritto il: lun apr 23, 2012 11:30 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising