virus o cosa è ?

In questa sezione del forum si parla di sicurezza, soluzioni antivirus, firewall, problematiche relative a malware in generale

Moderatore: Staff forum IlSoftware.it

Re: virus o cosa è ?

Messaggiodi teresio » 14 ago 2011 17:54

scansione con combofix
ComboFix 11-08-14.02 - Giancarlo 14/08/2011 17.39.51.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3066.2210 [GMT 2:00]
Eseguito da: c:\users\Giancarlo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\$NtUninstallKB5999$
c:\windows\$NtUninstallKB5999$\2288541944\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB5999$\2288541944\L\ogejidap
c:\windows\$NtUninstallKB5999$\3657602567
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Creati Da 2011-07-14 al 2011-08-14 )))))))))))))))))))))))))))))))))))
.
.
2011-08-12 22:08 . 2011-08-12 22:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-12 22:08 . 2011-08-12 22:08 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-12 22:07 . 2011-08-12 22:18 -------- d-----w- c:\programdata\Hitman Pro
2011-08-09 22:59 . 2011-08-09 22:59 388096 ----a-r- c:\users\Giancarlo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-09 22:59 . 2011-08-09 22:59 -------- d-----w- c:\program files\Trend Micro
2011-08-09 22:12 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-09 21:11 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 21:11 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 21:11 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 21:11 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-08 23:07 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-08 22:40 . 2011-08-08 22:40 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-08-08 22:40 . 2011-08-08 22:40 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-08-08 22:40 . 2011-08-08 22:40 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-08-08 22:40 . 2011-08-08 22:40 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-08-08 22:40 . 2011-08-08 22:40 -------- d-----w- c:\program files\Prevx
2011-08-08 22:40 . 2011-08-08 22:40 -------- d-----w- c:\programdata\PrevxCSI
2011-08-07 21:12 . 2011-08-09 22:28 -------- d-----w- c:\users\Guest
2011-08-07 20:43 . 2011-08-07 20:43 -------- d-----w- c:\users\Giancarlo\AppData\Roaming\Malwarebytes
2011-08-07 20:42 . 2011-08-07 20:42 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 20:42 . 2011-08-09 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 20:40 . 2011-08-07 20:40 -------- d-----w- c:\programdata\!SASCORE
2011-08-07 19:46 . 2011-08-07 19:46 -------- d-----w- c:\users\Giancarlo\AppData\Roaming\SUPERAntiSpyware.com
2011-08-07 19:44 . 2011-08-09 00:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-07 19:44 . 2011-08-07 19:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-05 20:41 . 2011-08-09 10:04 -------- d-----w- c:\users\Public\Conduit
2011-08-05 20:41 . 2011-08-09 00:17 -------- d-----w- c:\users\Elena\AppData\Local\Conduit
2011-08-01 22:33 . 2011-08-01 22:33 -------- d-----w- c:\windows\ufa
2011-07-30 21:14 . 2011-07-30 21:14 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-30 20:59 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-30 20:59 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-30 20:59 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-30 20:59 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-30 20:59 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-30 20:59 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-30 20:58 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-30 20:58 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-27 20:54 . 2011-08-11 21:49 41360 --sha-w- c:\windows\system32\c_04664.nl_
2011-07-27 20:23 . 2011-07-27 20:23 -------- d-sh--w- c:\windows\%APPDATA%
2011-07-27 20:21 . 2011-07-27 20:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-07-26 17:38 . 2011-07-26 17:38 15544 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2011-07-25 15:34 . 2011-07-25 15:34 -------- d-----w- c:\users\Elena\AppData\Local\Adobe
2011-07-24 22:23 . 2011-07-31 15:46 -------- d-----w- c:\windows\av_ico
2011-07-24 22:20 . 2011-07-24 22:20 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 22:20 . 2011-07-24 22:20 -------- d--h--w- c:\windows\update.tray-12-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 21:48 . 2011-01-28 10:16 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-08-10 22:09 . 2011-05-16 19:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34 . 2011-07-13 14:17 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 21:38 . 2011-03-26 15:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\e:\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-672666650-3834261237-89321473-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-672666650-3834261237-89321473-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-08-08 6416120]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-04-27 20032]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-08-12 23624]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [2011-02-28 119296]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-08-08 32008]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-08-08 76696]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-08-08 26096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Giancarlo\AppData\Roaming\Mozilla\Firefox\Profiles\682mhw4n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BittorrentBar_IT Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2849853&q=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-wxpdrv - (no file)
SafeBoot-97770246.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 17:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
c:\windows\4167067784:2006425351.exe 816 bytes executable
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\886860f8]
"ImagePath"="\systemroot\4167067784:2006425351.exe"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-08-14 17:50:07
ComboFix-quarantined-files.txt 2011-08-14 15:50
.
Pre-Run: 309.349.437.440 byte disponibili
Post-Run: 308.442.251.264 byte disponibili
.
- - End Of File - - 9FBE1DCCC6265838B1D2BCA27CB48662
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi teresio » 14 ago 2011 23:45

MalwareBytes, non ha trovato minacce,Hitman Pro purtoppo quado ha finito e tavo salvando il log si e bloccato e non sono riuscito a salvarlo, ho rifatto la scansione e d ha trovato solo un kookie e Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.41.28, on 14/08/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Giancarlo\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\system32\PxSecure.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Philips Device Listener] "C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe
O23 - Service: Installer Service - Unknown owner - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe

--
End of file - 4328 bytes
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi FDAC » 15 ago 2011 10:38

Disinstalla Prevx e SuperAntiSpyware, poi;
crea un file di testo sul desktop con il blocco note (start tutti i programmi accessori blocco note) e al suo interno copia e incolla quanto scritto sotto (clicca su SELEZIONA TUTTO):

Codice: Seleziona tutto
File::
c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\windows\4167067784:2006425351.exe

Folder::
c:\users\Public\Conduit
c:\users\Elena\AppData\Local\Conduit
c:\windows\ufa
c:\windows\update.tray-7-0-lnk
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

Driver::
AVG Security Toolbar Service
886860f8

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\886860f8]

Firefox::
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&q=



Salvalo con il nome CFScript.txt e trascinalo con il puntatore del mouse sull'icona di combofix, partirà una nuova scansione, allega il report risultante.

Buon lavoro! :D
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 22:18

Re: virus o cosa è ?

Messaggiodi teresio » 15 ago 2011 17:55

Prevx non riesco a cancellarlo mi dice che non ho i diritti per farlo, anche se entro come amministratore, anche se cambio utente , ho provato con tutti gli utenti guest .SuperAntiSpyware non cè su progranni e funzionalita , nemmeno su start/ tutti iprogrammi (ho verificato anche negli altri utenti)
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi teresio » 15 ago 2011 18:21

ComboFix 11-08-14.02 - Giancarlo 14/08/2011 17.39.51.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.3066.2210 [GMT 2:00]
Eseguito da: c:\users\Giancarlo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Elena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\$NtUninstallKB5999$
c:\windows\$NtUninstallKB5999$\2288541944\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB5999$\2288541944\L\ogejidap
c:\windows\$NtUninstallKB5999$\3657602567
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Files Creati Da 2011-07-14 al 2011-08-14 )))))))))))))))))))))))))))))))))))
.
.
2011-08-12 22:08 . 2011-08-12 22:21 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-12 22:08 . 2011-08-12 22:08 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-12 22:07 . 2011-08-12 22:18 -------- d-----w- c:\programdata\Hitman Pro
2011-08-09 22:59 . 2011-08-09 22:59 388096 ----a-r- c:\users\Giancarlo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-09 22:59 . 2011-08-09 22:59 -------- d-----w- c:\program files\Trend Micro
2011-08-09 22:12 . 2009-04-11 04:45 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-08-09 21:11 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 21:11 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 21:11 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-09 21:11 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-08 23:07 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-08 22:40 . 2011-08-08 22:40 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-08-08 22:40 . 2011-08-08 22:40 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-08-08 22:40 . 2011-08-08 22:40 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-08-08 22:40 . 2011-08-08 22:40 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-08-08 22:40 . 2011-08-08 22:40 -------- d-----w- c:\program files\Prevx
2011-08-08 22:40 . 2011-08-08 22:40 -------- d-----w- c:\programdata\PrevxCSI
2011-08-07 21:12 . 2011-08-09 22:28 -------- d-----w- c:\users\Guest
2011-08-07 20:43 . 2011-08-07 20:43 -------- d-----w- c:\users\Giancarlo\AppData\Roaming\Malwarebytes
2011-08-07 20:42 . 2011-08-07 20:42 -------- d-----w- c:\programdata\Malwarebytes
2011-08-07 20:42 . 2011-08-09 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-07 20:40 . 2011-08-07 20:40 -------- d-----w- c:\programdata\!SASCORE
2011-08-07 19:46 . 2011-08-07 19:46 -------- d-----w- c:\users\Giancarlo\AppData\Roaming\SUPERAntiSpyware.com
2011-08-07 19:44 . 2011-08-09 00:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-07 19:44 . 2011-08-07 19:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-05 20:41 . 2011-08-09 10:04 -------- d-----w- c:\users\Public\Conduit
2011-08-05 20:41 . 2011-08-09 00:17 -------- d-----w- c:\users\Elena\AppData\Local\Conduit
2011-08-01 22:33 . 2011-08-01 22:33 -------- d-----w- c:\windows\ufa
2011-07-30 21:14 . 2011-07-30 21:14 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-30 20:59 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-30 20:59 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-30 20:59 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-30 20:59 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-30 20:59 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-30 20:59 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-30 20:58 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-30 20:58 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-27 20:54 . 2011-08-11 21:49 41360 --sha-w- c:\windows\system32\c_04664.nl_
2011-07-27 20:23 . 2011-07-27 20:23 -------- d-sh--w- c:\windows\%APPDATA%
2011-07-27 20:21 . 2011-07-27 20:21 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-07-26 17:38 . 2011-07-26 17:38 15544 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2011-07-25 15:34 . 2011-07-25 15:34 -------- d-----w- c:\users\Elena\AppData\Local\Adobe
2011-07-24 22:23 . 2011-07-31 15:46 -------- d-----w- c:\windows\av_ico
2011-07-24 22:20 . 2011-07-24 22:20 -------- d--h--w- c:\windows\update.tray-12-0
2011-07-24 22:20 . 2011-07-24 22:20 -------- d--h--w- c:\windows\update.tray-12-0-lnk
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-11 21:48 . 2011-01-28 10:16 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-08-10 22:09 . 2011-05-16 19:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 13:34 . 2011-07-13 14:17 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 21:38 . 2011-03-26 15:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-10-15 380416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\e:\0autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-672666650-3834261237-89321473-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-672666650-3834261237-89321473-1001]
"EnableNotificationsRef"=dword:00000001
.
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2011-08-08 6416120]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-04-27 20032]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-08-12 23624]
R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe [2011-02-28 119296]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2011-08-08 32008]
S1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-08-08 76696]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-08-08 26096]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://it.yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Giancarlo\AppData\Roaming\Mozilla\Firefox\Profiles\682mhw4n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BittorrentBar_IT Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.corriere.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2849853&q=
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-wxpdrv - (no file)
SafeBoot-97770246.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-14 17:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
.
c:\windows\4167067784:2006425351.exe 816 bytes executable
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\886860f8]
"ImagePath"="\systemroot\4167067784:2006425351.exe"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-08-14 17:50:07
ComboFix-quarantined-files.txt 2011-08-14 15:50
.
Pre-Run: 309.349.437.440 byte disponibili
Post-Run: 308.442.251.264 byte disponibili
.
- - End Of File - - 9FBE1DCCC6265838B1D2BCA27CB48662
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi FDAC » 15 ago 2011 20:58

Ciao. Non hai eseguito lo script precedente, segui alla lettera queste istruzioni;
Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


Codice: Seleziona tutto
File::
c:\program files\Prevx\prevx.exe
c:\windows\system32\FsUsbExDisk.SYS
c:\windows\System32\drivers\pxscan.sys
c:\windows\system32\drivers\pxrts.sys
c:\windows\system32\drivers\pxkbf.sys
c:\windows\system32\drivers\hitmanpro35.sys
c:\windows\system32\PxSecure.dll
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswFsBlk.sys
c:\windows\system32\drivers\aswSnx.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswMonFlt.sys
c:\windows\avastSS.scr
c:\windows\system32\aswBoot.exe
c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe
c:\windows\4167067784:2006425351.exe

Driver::
CSIScanner
AVG Security Toolbar Service
FsUsbExDisk
hitmanpro35
pxkbf
pxrts
pxscan
AVG Security Toolbar Service
886860f8

Folder::
c:\programdata\PrevxCSI
c:\program files\Prevx
c:\program files\AVG
c:\programdata\!SASCORE
c:\users\Giancarlo\AppData\Roaming\SUPERAntiSpyware.com
c:\program files\SUPERAntiSpyware
c:\programdata\SUPERAntiSpyware.com
c:\users\Public\Conduit
c:\users\Elena\AppData\Local\Conduit
c:\windows\ufa
c:\windows\update.tray-7-0-lnk
c:\windows\av_ico
c:\windows\update.tray-12-0
c:\windows\update.tray-12-0-lnk

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Firefox::
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&SearchSource=3&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849853&q=

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\886860f8]


● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi. Se dovesse succedere, apri il Task Manager (Ctrl + Alt + Canc), clicca sul tab Processi e termina tutti i processi findstr, find, sed o swreg. In tal modo ComboFix dovrebbe avviarsi correttamente
● se dovesse succedere ciò, vorrei sapere cortesemente quale processo hai dovuto terminare

Infine; termina di disinstallare avast con questo tool;
Per disinstallare Avast!:
● cessane l'esecuzione dalla Traybar (vicino all'orologio)
● clicca su Start - Pannello di Controllo - Installazione Applicazioni e disinstalla Avast!

Scarica Aswclear: http://files.avast.com/files/eng/aswclear.exe
● posiziona il file sul Desktop
● doppio click sul tool per eseguirlo
● clicca sul tasto Remove
riavvia il sistema

Ciao e buon lavoro!
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 22:18

Re: virus o cosa è ?

Messaggiodi teresio » 23 ago 2011 22:34

ragazzi dopo l'ultima volta che ho usato combofx il pc non ha avuto piu voglia di ripartire ed ho dovuto portarlo in assistenza
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi FDAC » 24 ago 2011 13:46

ComboFix è un tool molto potente, siamo stati costretto ad usarlo visto che gli altri programmi avevano fallito.

Speriamo lo sistemino per bene (probabilmente, formatteranno).

Saluti.
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 22:18

Re: virus o cosa è ?

Messaggiodi teresio » 24 ago 2011 13:51

hanno gia formattato,
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Re: virus o cosa è ?

Messaggiodi FDAC » 24 ago 2011 13:55

Te pareva.. Ciao e buon PC, occhio a quello che scarichi ed esegui d'ora in poi.
Installa Avira e MalwareBytes Free.


Ciao!
FDAC
Advanced Software
Advanced Software
 
Messaggi: 1322
Iscritto il: 29 ago 2010 22:18

Re: virus o cosa è ?

Messaggiodi teresio » 24 ago 2011 23:27

grazie a tutti
Avatar utente
teresio
Active Software Plus
Active Software Plus
 
Messaggi: 588
Iscritto il: 05 ott 2003 15:27
Località: Cremona

Precedente

Torna a Sicurezza e antivirus

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite