Virus? non so piu cosa fare, aiutatemi perfavore

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
Ciao a tutti, è la prima volta che scrivo in questo forum. ringrazio tutti coloro che leggeranno il mio post.
il problema è il seguente:
sta mattina ho acceso il portatile (wind 7 premium 64bit) e ho visto che alcuni servizi non erano partiti.

BFE(base filtering engine)
Client DHCP
Pubblicazione risorse per individuazione
Riconoscimento presenza in rete
Servizio criteri di diagnostica



poi ci sono altri servizi che non partono perche dipendono da qualcuno di quelli sopra... e sono:
ICS (condivisione connessioen internet)
Moduli di impostazioni chiaviIPSec IKE e Auth-IP
Windows Firewall


ho provato ad avviare i servizi (sono già ni avvio automatico) lanciando services.msc come amministratore:

per

BFE(base filtering engine)
Client DHCP
Servizio criteri di diagnostica


l'errore è lo stesso, errore 5: accesso negato


nivece per "Pubblicazione risorse per individuazione" è : errore 0x80070005: accesso negato

e per "Riconoscimento presenza in rete" è: impossibile avviare .... per maggiori informazioni consultare il registro eventi di sistema. Se non si tratta di un servizio Microsoft contattare il fornitore del servizio e fare riferimento al codice di errore -1073741288



non so se può essere utile ma la sera prima poco priam di spegnerlo avira ha fatto un rilevamento.
questo è il report

Nel file 'C:\Program Files (x86)\DVDVideoSoft\Free Studio\Free Video to Android Converter\FreeVideoToAndroidConverter.exe'
è stato rilevato un virus o programma indesiderato 'TR/Crypt.XPACK.Gen2' [trojan].
Azione eseguita: Nega accesso


inoltre quando l'ho spento per sbaglio ho fatto riavvia e non volendo attendere mentre si stava arrestando ho tenuto premuto il power per spegnerlo subito.


ho fatto una scansione completa con avira e non ha rilevato niente
una scansione completa con Malwarebytes rilevando un oggetto:
File rilevati: 1
D:\CHROME\SoftonicDownloader_per_msn-messenger.exe (PUP.BundleOffer.Downloader.S) -> Spostato in quarantena ed eliminato con successo.


purtroppo il database non aggiornato da 36 giorni e non so come aggiornarlo, ho provato a scaricare le definizioni caricate da tecnico24 su questo topic http://www.tomshw.it/forum/sicurezza/219135-dubbio-su-virus-o-problema-hardware-2.html ma il file non c'è piu :(

questo il log di hijackthis
Codice:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:08:30, on 18/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  C:\Program Files (x86)\Common  Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -  {3049C3E9-B461-4BC5-8870-4C09146192CA} -  C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5  <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program  Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper -  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files  (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live -  {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common  Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -  {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files  (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files  (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF  Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download -  C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to DVD Converter -  C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter -  C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote -  {2670000A-7350-4f3c-8081-5663EE0C6C49} -  C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra 'Tools' menuitem: iMacros V7 -  {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files  (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {4E4D7D39-3E81-4A55-976B-092AF0B3F2BD} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -  C:\Program Files (x86)\Microsoft  Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. -  C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira  Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir  Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira  Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir  Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON  CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3  SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON  CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3  SSRP\E_S50RPB.EXE
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation -  C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google  Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program  Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local  Management Service (LMS) - Intel Corporation - C:\Program Files  (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage)  - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RPC Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) -  Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -  Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User  Notification Service (UNS) - Intel Corporation - C:\Program Files  (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -  Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) -  Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -  Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9941 bytes



invece questo è il log di combofix

Codice:
ComboFix 12-02-17.02 - lissi 19/02/2012  15:42:41.4.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4021.2501 [GMT 1:00]
Eseguito da: c:\users\lissi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-01-19 al 2012-02-19  )))))))))))))))))))))))))))))))))))
.
.
2012-02-19 14:49 . 2012-02-19 14:54    --------    d-----w-    c:\users\lissi\AppData\Local\temp
2012-02-19 14:49 . 2012-02-19 14:49    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-02-18 19:11 . 2012-02-18 19:17    --------    d-----w-    c:\users\lissi\AppData\Local\ElevatedDiagnostics
2012-02-18 17:50 . 2012-02-18 17:50    388096    ----a-r-    c:\users\lissi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-18 17:50 . 2012-02-18 17:50    --------    d-----w-    c:\program files (x86)\Trend Micro
2012-02-18 13:34 . 2012-02-18 13:34    --------    d-----w-    c:\users\lissi\AppData\Roaming\Malwarebytes
2012-02-18 13:33 . 2012-02-18 13:33    --------    d-----w-    c:\programdata\Malwarebytes
2012-02-18 13:33 . 2011-12-10 14:24    23152    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-02-18 13:33 . 2012-02-19 11:51    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-18 12:15 . 2012-02-18 12:15    --------    d-----w-    c:\windows\Profiles
2012-02-18 12:15 . 2012-02-18 12:15    --------    d-----w-    c:\users\Administrator
2012-02-15 20:08 . 2012-01-04 10:44    509952    ----a-w-    c:\windows\system32\ntshrui.dll
2012-02-15 20:08 . 2012-01-04 08:58    442880    ----a-w-    c:\windows\SysWow64\ntshrui.dll
2012-02-15 20:08 . 2012-01-14 04:06    3145728    ----a-w-    c:\windows\system32\win32k.sys
2012-02-15 20:08 . 2011-12-30 06:26    515584    ----a-w-    c:\windows\system32\timedate.cpl
2012-02-15 20:08 . 2011-12-30 05:27    478720    ----a-w-    c:\windows\SysWow64\timedate.cpl
2012-02-15 20:08 . 2011-12-16 08:46    634880    ----a-w-    c:\windows\system32\msvcrt.dll
2012-02-15 20:08 . 2011-12-16 07:52    690688    ----a-w-    c:\windows\SysWow64\msvcrt.dll
2012-02-15 20:08 . 2011-12-28 03:59    498688    ----a-w-    c:\windows\system32\drivers\afd.sys
2012-02-12 14:43 . 2012-02-12 14:46    --------    d-----w-    C:\ADOperationsGuide
2012-02-11 10:34 . 2012-02-11 10:34    --------    d-----w-    c:\program files (x86)\EpsonNet
2012-02-10 18:06 . 2012-02-10 18:06    --------    d-----w-    c:\program files (x86)\Common Files\Java
2012-02-10 00:46 . 2012-02-10 00:46    --------    d-sha-w-    c:\users\Public\DRM
2012-02-08 22:01 . 2012-02-08 22:01    --------    d-----w-    c:\program files (x86)\FinalWire
2012-02-08 20:28 . 2012-02-08 20:28    --------    d-----w-    c:\programdata\ATI
2012-02-08 20:27 . 2012-02-08 20:27    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2012-02-08 18:26 . 2012-02-08 20:28    --------    d-----w-    c:\program files\ATI Technologies
2012-02-08 17:24 . 2008-07-12 07:18    467984    ----a-w-    c:\windows\SysWow64\d3dx10_39.dll
2012-02-08 17:24 . 2008-07-12 07:18    3851784    ----a-w-    c:\windows\SysWow64\D3DX9_39.dll
2012-02-08 17:24 . 2008-07-12 07:18    1493528    ----a-w-    c:\windows\SysWow64\D3DCompiler_39.dll
2012-02-08 17:24 . 2006-09-28 15:05    2414360    ----a-w-    c:\windows\SysWow64\d3dx9_31.dll
2012-02-08 17:23 . 2012-02-10 17:48    --------    d-----w-    c:\program files (x86)\PerformanceTest
2012-02-08 10:59 . 2009-03-09 14:27    5425496    ----a-w-    c:\windows\system32\D3DX9_41.dll
2012-02-08 10:58 . 2012-02-08 10:58    --------    d-----w-    c:\windows\system32\temp
2012-02-08 10:58 . 2012-02-08 10:58    --------    d-----w-    c:\program files\BurnInTest
2012-02-06 19:25 . 2012-02-06 19:26    --------    d-----w-    c:\users\lissi\AppData\Local\Facebook
2012-02-02 10:39 . 2012-02-02 10:39    --------    d-----w-    c:\users\lissi\AppData\Local\Ilivid Player
2012-02-02 10:38 . 2012-02-02 11:28    --------    d-----w-    c:\programdata\boost_interprocess
2012-02-02 10:38 . 2012-02-02 10:38    --------    d-----w-    c:\users\lissi\AppData\Local\PackageAware
2012-02-01 21:41 . 2012-02-02 02:37    --------    d-----w-    c:\programdata\ASUS
2012-02-01 18:03 . 2012-02-01 18:03    --------    d-----w-    c:\program files (x86)\Camtech
2012-02-01 18:03 . 2004-02-22 23:00    1386496    ----a-w-    c:\windows\SysWow64\temp.000
2012-02-01 18:01 . 2012-02-01 22:58    --------    d-----w-    c:\program files (x86)\Passware
2012-02-01 13:16 . 2012-02-01 13:16    --------    d-----w-    c:\users\lissi\AppData\Local\iOpus_Software_GmbH
2012-02-01 13:15 . 2012-02-01 13:15    --------    d-----w-    c:\program files (x86)\iOpus
2012-01-30 00:32 . 2012-01-30 00:33    --------    d-----w-    c:\program files (x86)\Safari
2012-01-30 00:31 . 2012-01-30 00:31    --------    d-----w-    c:\program files (x86)\Common Files\Apple
2012-01-30 00:31 . 2012-01-30 00:31    --------    d-----w-    c:\program files (x86)\Apple Software Update
2012-01-27 22:02 . 2012-01-28 16:37    --------    d-----w-    c:\program files (x86)\Microsoft Works
2012-01-27 21:52 . 2012-01-27 21:52    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 8
2012-01-27 21:51 . 2012-01-27 21:51    --------    d-----w-    c:\users\lissi\AppData\Local\Microsoft Help
2012-01-27 21:51 . 2012-02-01 23:01    --------    d-----w-    c:\programdata\Microsoft Help
2012-01-27 21:51 . 2012-01-27 21:51    --------    d-----r-    C:\MSOCache
2012-01-27 16:07 . 2012-01-27 16:07    --------    d-----w-    c:\windows\SysWow64\Adobe
2012-01-26 17:49 . 2012-01-26 18:05    --------    d-----w-    c:\users\lissi\AppData\Roaming\vlc
2012-01-25 20:41 . 2012-01-25 20:41    --------    d-----w-    c:\program files (x86)\SopCast
2012-01-25 16:12 . 2012-02-10 00:14    --------    d-----w-    c:\program files (x86)\Online TV Player 4
2012-01-25 14:37 . 2012-01-25 14:37    --------    d-----w-    c:\program files (x86)\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 14:53 . 2011-09-12 20:47    45056    ----a-w-    c:\windows\SysWow64\acovcnt.exe
2012-02-10 18:05 . 2011-09-18 23:22    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-02-08 21:38 . 2009-07-13 23:28    6656    ----a-w-    c:\windows\system32\lpcio.dll
2012-01-27 16:06 . 2012-01-09 23:44    414368    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-18 17:46 . 2012-01-18 17:46    4608    ----a-w-    c:\windows\SysWow64\w95inf32.dll
2012-01-18 17:46 . 2012-01-18 17:46    2272    ----a-w-    c:\windows\SysWow64\w95inf16.dll
2012-01-18 17:17 . 2012-01-18 17:17    279616    ----a-w-    c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-16 08:51 . 2011-12-22 14:03    97312    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2011-12-16 08:51 . 2011-12-22 14:03    27760    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2011-12-16 08:51 . 2011-12-22 14:03    130760    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2011-12-06 14:55 . 2011-01-24 15:26    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-18_13.55.13   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-07-16 19:41 . 2012-02-18 12:52    32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-16 19:41 . 2012-02-18 19:56    32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-16 19:41 . 2012-02-18 12:52    32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-16 19:41 . 2012-02-18 19:56    32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-18 12:52    16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-18 19:56    16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-18 13:54 . 2012-02-18 13:54    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 14:50 . 2012-02-19 14:50    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-19 14:50 . 2012-02-19 14:50    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-18 13:54 . 2012-02-18 13:54    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-02 02:58 . 2012-02-19 14:25    482560              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-02-02 02:58 . 2012-02-18 13:53    482560              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-02 02:58 . 2012-02-19 14:49    394344              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-02 02:58 . 2012-02-18 13:53    394344              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 02:58 . 2012-02-19 14:49    4736308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1574342691-3605883445-474851928-1001-12288.dat
- 2012-02-02 02:58 . 2012-02-18 13:16    4736308              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1574342691-3605883445-474851928-1001-12288.dat
+ 2012-02-18 13:32 . 2012-02-18 13:32    1402880              c:\windows\Installer\20a97b.msi
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08    143360    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-01-24 3054136]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2011-1-24 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 135664]
R3 ALSysIO;ALSysIO;c:\users\lissi\AppData\Local\Temp\ALSysIO64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\PerformanceTest\DirectIo.sys [2010-06-30 21056]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 netr7364;Driver scheda LAN wireless USB RT73 per Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001Core.job
- c:\users\lissi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-06 19:25]
.
2012-02-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001UA.job
- c:\users\lissi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-06 19:25]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 14:52]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-24 14:52]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001Core.job
- c:\users\lissi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 10:12]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1574342691-3605883445-474851928-1001UA.job
- c:\users\lissi\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 10:12]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52    159744    ----a-w-    c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to DVD Converter - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
IE: Free YouTube to MP3 Converter - c:\users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {50C3F0BE-A832-45AB-BB6E-352D173AFD8C} - c:\program files (x86)\iOpus\iMacros\iMacrosSidebar.dll
TCP: DhcpNameServer = 193.70.152.15 212.52.97.15
FF - ProfilePath - c:\users\lissi\AppData\Roaming\Mozilla\Firefox\Profiles\6u1e5j99.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-1574342691-3605883445-474851928-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1574342691-3605883445-474851928-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Ora fine scansione: 2012-02-19  16:05:41 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-02-19 15:05
ComboFix2.txt  2012-02-18 22:35
ComboFix3.txt  2012-02-18 13:59
.
Pre-Run: 5.905.063.936 byte disponibili
Post-Run: 5.858.631.680 byte disponibili
.
- - End Of File - - FA2D07320B75D0282E5DCE72FD757EE2


purtroppo non ho punti di ripristino perche era disattivato e neanche copie di backup :(
vi prego aiutatemi, non voglio formattare.
grazie
ps se no nsi tratta di un virus cosa potrebbe essere?
 
Ultima modifica:

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
dopo aver ficato qualcosa con hijackthis,(qualcosa letto su vari forum compreso tomshw, ma non ricordo esattamente cosa, ora il servizio BFE si avvia

Windows Firewall (che ha dipendenza dal BFE) adesso da il seguente errore quando tento di avviarlo:
Impossibile avviare windows firewall su computer locale. per maggiori informazioni consultare il registro eventi di sistema. se non si tratta di un servizio microsoft contattare il fornitore del servizio e fare riferimento al codice di errore 5.

prima era accesso negato


per gli altri servizi scritti all'inizio l'errore è rimasto lo stesso.
perfavore aiutatemi, non voglio proprio formattare, è contro la mia etica, piuttosto ci passo un mese nel cercare di capire dove stà il problema, ma con l'aiuto di qualcuno forse posso farcela in poco tempo
 

Fedebirromane

Utente Attivo
453
107
CPU
Intel Core i5-3550
Scheda Madre
MSI B75A-G43
HDD
aviar Blue 500GB 3.5" 7200rpm + 1tb esterno
RAM
G.Skill Ares F3-1600C9D-8GAO 1600MHz 8GB (2x4GB)
GPU
NVIDIA GeForce GTX 670 Phantom
Monitor
HANNspree 25" full hd 1080p
PSU
XFX ProSeries 550W Core Edition
Case
Midi Cooler Master Elite 370 Gaming Nero
OS
Windows 7 Home Premium a 64 bit

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
eccolo

Codice:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:36:29, on 19/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [SpeedUpMyPC] "C:\PROGRA~2\Uniblue\SPEEDU~1\launcher.exe" -d 20000 
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to DVD Converter - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\lissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra 'Tools' menuitem: iMacros V7 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - C:\Program Files (x86)\iOpus\iMacros\iMacrosSidebar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PokerTime - {4E4D7D39-3E81-4A55-976B-092AF0B3F2BD} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Servizio di indicizzazione (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RPC Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9255 bytes
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
qualcuno riesce a dirmi se sono infetto ? :(
 

tecnico24

Utente Èlite
10,706
1,072
Scarica Virit Explorer Lite
Avvia l'installazione
Attiva la versione di prova di 60 gg
Esegui una scansione completa del sistema e aspetta che finisce di rimuovere eventuali malware
Posta il suo rapporto in allegato sul forum


 
Ultima modifica:
  • Mi piace
Reazioni: fan4net

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
ciao, grazie. sto facendo fare una scansione adesso, però non avendo l'accesso a internet non sono riuscito ad aggiornarlo, ho cercato su google per un aggiornamento offline ma non ho trovato niente
 

tecnico24

Utente Èlite
10,706
1,072
Fai anche un controllo dei diritti utente:
Pannello di controllo
Sistema e sicurezza
Strumenti di amministrazione
Criteri di sicurezza locali
Criteri locali
Assegnazione diritti utente

La sequenza è : Administrators; Backup Operators; Everyone; Users;
Altrimenti se è vuoto ricrea tu i codesti valori ripristinando quelli predefiniti.
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
ho già messo tutti i diritti, ho provato anche loggare direttamente come administrator. niente da fare.. comunque questo software è davvero ottimo, peccato che non riesco a fare un aggiornamento.. sul fisso ho fatto l'aggiornamento.. sta facendo la scansione e fino adesso ha trovato 4 file infetti da
Backdoor.Meteorshell.58
Trojan.Win32.Pakes.JKR
Backdoor.Win32.Backdoor.BW
Win32.Kriz.4050

mentre avira e malwarebytes non avevano trovato niente
per il portatile invece ha trovato solo un file nifetto da Trojan.Win32.Generic.BWRU
lascio continuare e ora vado a dormire
domani posto il log.
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
ecco il log del portatile (purtroppo scansione database non aggiornato)
http://www.freefilehosting.net/viritexp

mentre questo è il fisso
http://www.freefilehosting.net/viritexpfisso

nel fisso ho fatto scansionare anche la chiavetta con la quale trasferisco i file sul portatile
e in questa dice che è infetto TDSSKILLER che avevo scaricato per fare una scansione (il quale non mi ha trovato niente di infetto)
poi come si nota dal report mentre la chiavetta è stata scansionata mi ha creato tanti altri file dal nome lunghissimo che non ho la minima idea di che cosa siano
 
Ultima modifica:

tecnico24

Utente Èlite
10,706
1,072
Hai verificato se non ci sono conflitti con altri software?sicuro che non ci sono altri firewall o residui?
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
si ho verificato di tutto.. potrebbe essere che qualche settore del disco dove sono allocati file importanti del sistema si sono danneggiati quando l'ho spento bruscamente? quando metto il cd live di ubuntu mi fa notare che il disco ha molti settori danneggiati
 

tecnico24

Utente Èlite
10,706
1,072
Esegui uno scandisk approfondito del tuo HDD

scan-disk1.jpg
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
ok lo sta facendo domani posto il log.. comuqnue ormai mi da solo fastidio non capire come mai ad un tratto tutti sti problemi.. magari anche se non si può risolvere va bene anche la formattazione, l'importante è scoprire il perchè.. grazie del tempo che stai dedicando
 

fan4net

Nuovo Utente
90
2
CPU
intel core i7 740qm
Scheda Madre
asus
HDD
320GB
RAM
4GB DDR3
GPU
ATI HD 6370M 1GB
Audio
conexat
OS
WIN 7 x64
http://www.freefilehosting.net/scandisk
0 KB in settori danneggiati, non è questo... comunque ci rinuncio eprche mi serve il portatile in sti giorni :cry:
per chiudere il post chiedo un ultima cosa. ho il product key sotto al portatile. posso scaricare windows e poi usare quel codice?
e già che ci sono potrei passare ad un altra versione di windows usando quel codice? o devo per forza installare la stessa versione?
grazie
 

Ci sono discussioni simili a riguardo, dai un'occhiata!

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!

Discussioni Simili