Ciao a tutti,
scrivo qua per non aprire un'altra discussione.
Tempo fa ho preso il virus della "polizia di stato". In un qualche modo sono riuscita a togliere la pagina web che si apriva ogni volta e non mi faceva usare il computer, ma dopo aver tolto il virus continua ad uscirmi la stessa finestra di errore:
Impossibile trovare il modulo specificato C/users/nome/7161679.dll
Come devo fare per risolvere?
Grazie a chi riesce a rispondermi.
quella libreria sembra essere poco affidabile prova a fare una scansione con combofix dovrebbe rilevare altre infezioni
scaricalo da qui e mettilo sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt
come usare correttamente combofix
@venelinapeeva
ho diviso la discussione.
La prossima volta non chiedere aiuto all'interno di una discussione aperta da altro utente
grazie.
@menatwork Grazie della tua risposta.
Di seguito il contenuto del file ComboFix...adesso?
ComboFix 13-03-11.01 - atanas 11/03/2013 18:45:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6056.4308 [GMT 1:00]
Eseguito da: c:\users\atanas\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Anti-Virus *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPlyTune.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\9761617.bat
c:\programdata\9761617.pad
c:\programdata\9761617.reg
c:\users\atanas\AppData\Local\unins000.exe
c:\users\atanas\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\runctf.lnk
c:\users\atanas\AppData\Roaming\OfferBox
c:\users\atanas\AppData\Roaming\OfferBox\config.xm l
c:\users\atanas\AppData\Roaming\OfferBox\http_app. offerbox.com\country.sxe
c:\users\atanas\AppData\Roaming\OfferBox\http_app. offerbox.com\history.db
c:\users\atanas\AppData\Roaming\OfferBox\http_app. offerbox.com\profile.sxe
c:\users\atanas\AppData\Roaming\OfferBox\http_app. offerbox.com\update.sxe
c:\users\atanas\AppData\Roaming\OfferBox\http_app. offerbox.com\update.xml
c:\windows\IsUn0410.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-11 al 2013-03-11 )))))))))))))))))))))))))))))))))))
.
.
2013-03-11 18:00 . 2013-03-11 18:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-11 18:00 . 2013-03-11 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-11 17:57 . 2013-03-11 17:57 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD86F1C8-216A-4BA6-B1C0-D1BCB63558A9}\offreg.dll
2013-03-08 19:34 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD86F1C8-216A-4BA6-B1C0-D1BCB63558A9}\mpengine.dll
2013-02-27 19:34 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-22 18:12 . 2013-02-22 18:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-16 14:36 . 2013-02-16 14:39 -------- d-----w- c:\users\atanas\AppData\Roaming\Spyware Terminator
2013-02-16 14:36 . 2013-02-16 15:11 -------- d-----w- c:\programdata\Spyware Terminator
2013-02-16 14:36 . 2013-02-16 15:11 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-02-16 13:53 . 2013-02-16 15:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-02-16 11:56 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-02-16 11:55 . 2013-02-16 11:55 -------- d-----w- c:\windows\ELAMBKUP
2013-02-16 11:55 . 2013-03-10 16:02 -------- d-----w- c:\programdata\Kaspersky Lab
2013-02-16 11:55 . 2013-02-16 11:55 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-02-16 11:55 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-02-16 11:55 . 2013-02-16 13:39 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-02-16 11:51 . 2013-02-16 11:51 -------- d-----w- C:\kleaner.tmp
2013-02-15 07:41 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 07:41 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 07:38 . 2013-01-09 01:05 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-15 07:38 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-02-15 07:38 . 2013-01-09 01:13 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-02-15 07:38 . 2013-01-08 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-15 07:38 . 2013-01-08 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-15 07:38 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-15 07:38 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-14 07:38 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 07:38 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 07:38 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 07:38 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 07:38 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 07:38 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 07:38 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 07:38 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 07:38 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 07:38 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 07:38 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 07:38 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-11 20:20 . 2013-02-11 20:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-10 15:29 . 2013-02-10 15:29 -------- d-----w- c:\program files (x86)\Fotosizer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2013-03-04 09:00 . 2012-08-29 19:20 1316144 ----a-w- c:\windows\system32\dmwu.exe
2013-03-04 08:59 . 2012-08-29 19:20 35328 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-03-04 08:07 . 2010-03-18 07:36 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-03-04 08:07 . 2010-03-18 07:36 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-02 13:28 . 2012-04-20 20:46 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-02 13:28 . 2012-04-20 20:46 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 18:12 . 2012-08-02 08:26 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-02-22 18:12 . 2012-04-22 20:03 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-16 13:39 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-02-15 07:45 . 2012-08-17 20:36 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-14 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-01 10:52 . 2013-01-01 10:53 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll
2013-01-01 10:52 . 2013-01-01 10:53 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2013-01-01 10:52 . 2013-01-01 10:53 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2013-01-01 10:52 . 2013-01-01 10:53 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2013-01-01 10:52 . 2013-01-01 10:53 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2013-01-01 10:52 . 2013-01-01 10:53 121744 ----a-w- c:\windows\system32\SFSS_APO.dll
2013-01-01 10:52 . 2013-01-01 10:53 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2013-01-01 10:52 . 2013-01-01 10:53 78176 ----a-w- c:\windows\system32\SFAPO64.dll
2013-01-01 10:52 . 2013-01-01 10:53 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2013-01-01 10:52 . 2013-01-01 10:53 220512 ----a-w- c:\windows\system32\SFNHK64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1560680 ----a-w- c:\windows\system32\RTSnMg64.cpl
2013-01-01 10:52 . 2013-01-01 10:53 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2013-01-01 10:52 . 2013-01-01 10:53 2905320 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-01-01 10:52 . 2013-01-01 10:53 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2013-01-01 10:52 . 2013-01-01 10:53 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2013-01-01 10:52 . 2013-01-01 10:53 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 1805928 ----a-w- c:\windows\system32\RtkApi64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1245288 ----a-w- c:\windows\system32\RTCOM64.dll
2013-01-01 10:52 . 2013-01-01 10:53 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1474048 ----a-w- c:\windows\system32\RCoRes64.dat
2013-01-01 10:52 . 2013-01-01 10:53 92264 ----a-w- c:\windows\system32\RCoInst64.dll
2013-01-01 10:52 . 2013-01-01 10:53 74072 ----a-w- c:\windows\system32\R4EEG64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 426328 ----a-w- c:\windows\system32\R4EED64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 3308376 ----a-w- c:\windows\system32\R4EEP64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 136024 ----a-w- c:\windows\system32\R4EEL64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 118104 ----a-w- c:\windows\system32\R4EEA64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 2416744 ----a-w- c:\windows\system32\RtPgEx64.dll
2013-01-01 10:52 . 2013-01-01 10:53 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2013-01-01 10:52 . 2013-01-01 10:53 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2013-01-01 10:52 . 2013-01-01 10:53 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2013-01-01 10:52 . 2013-01-01 10:53 334680 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2013-01-01 10:52 . 2013-01-01 10:53 2238296 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2013-01-01 10:52 . 2013-01-01 10:53 341336 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2013-01-01 10:52 . 2013-01-01 10:53 2197264 ----a-w- c:\windows\system32\MaxxAudioEQ.dll
2013-01-01 10:52 . 2013-01-01 10:53 603472 ----a-w- c:\windows\system32\KAAPORT64.dll
2013-01-01 10:52 . 2013-01-01 10:53 2085440 ----a-w- c:\windows\system32\FMAPO64.dll
2013-01-01 10:52 . 2013-01-01 10:53 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2013-01-01 10:52 . 2013-01-01 10:53 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2013-01-01 10:52 . 2013-01-01 10:53 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2013-01-01 10:52 . 2013-01-01 10:53 108960 ----a-w- c:\windows\system32\AERTAR64.dll
2013-01-01 10:45 . 2013-01-01 10:53 1698408 ----a-w- c:\windows\RtlExUpd.dll
2012-12-16 17:11 . 2012-12-22 17:49 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 17:49 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 17:49 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 17:49 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-06-24 15:27 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
La seconda parte....
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:28 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"JustVoip"="c:\program files (x86)\JustVoip.com\JustVoip\justvoip.exe" [2013-03-08 19176760]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-02-16 3318784]
"eMuleAutoStart"="c:\program files (x86)\eMule\emule.exe" [2006-09-14 5001216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NeroFilterCheck"="c:\windows\SysWOW64\NeroCheck.e xe" [2001-07-09 155648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-02-16 356376]
"PosService"="c:\users\Public\Documents\AppData\Po App\PLauncher.exe" [2011-12-16 218624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\atanas\AppData\Local\PosService\P os.exe [2012-04-03 169472]
R2 ServUpdater;Serv Updater;c:\users\atanas\AppData\Local\ServUpdater\ ServiceUpd.exe [2011-12-16 156160]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R2 SoftwareUpd;Software Upd;c:\users\atanas\AppData\Local\SoftwareUpdater\ SoftwareUpdService.exe [2012-04-23 161280]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe [2012-06-23 2745870]
R3 AMPPALP;Protocollo Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2012-04-22 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys [2011-05-04 25960]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-07 283200]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-02-16 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 31016]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IBUpdaterService;IBUpdaterService;c:\windows\syste m32\dmwu.exe [2013-03-04 1316144]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-29 188760]
S3 AMPPAL;Scheda virtuale Intel(R) Centrino(R) Bluetooth 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.s ys [2011-03-08 274944]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-11-09 31088]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\ iBtFltCoex.sys [2011-03-22 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
Terza e ultima parte .....
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-06 19:11 1630672 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.152\Inst aller\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-20 13:28]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 16:01]
.
2013-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-25 16:01]
.
2013-03-11 c:\windows\Tasks\NeroLiveEpgUpdate-atanas-PC_atanas.job
- c:\program files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-01-01 11895400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{15069DBC-44D7-4FA8-9252-A089DA70883D}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{43606A67-EFAC-427B-8927-B2370DB591D3}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{43606A67-EFAC-427B-8927-B2370DB591D3}\4556C65636F6D6D27333935353437373: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E02088E9-47F0-4D18-918A-941C271634D4}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{EDC2FC5A-94DF-4026-9136-86692EE91AEE}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\atanas\AppData\Roaming\Mozilla\Firefox\Pr ofiles\np4utfqv.default\
FF - prefs.js: browser.startup.homepage - google.bg
FF - ExtSQL: 2013-02-16 14:39; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-02-16 14:39; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-02-16 14:39; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF - ExtSQL: 2013-03-08 20:10; {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}; c:\program files\Web Assistant\Firefox
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
BHO-{DB26DEC7-5D32-4608-BB28-ED22fAE7647A} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Sheep - c:\windows\IsUn0410.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\atanas\AppData\Local\unins000.exe
AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUt il64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-03-11 19:20:23
ComboFix-quarantined-files.txt 2013-03-11 18:20
.
Pre-Run: 259.567.034.368 byte disponibili
Post-Run: 260.023.054.336 byte disponibili
.
- - End Of File - - 7D73EB04479F79CA4C09285CC6F795A6
l'infezione era ancora attiva, combofix l'ha eliminata
ripuliamo per bene il pc c'e' ancora qualcosa da togliere, se non ti serve rimuovi
McAfee Security Scan
apri il blocco note e copia questo script
Salva il file nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txtfile::
c:\users\atanas\AppData\Local\PosService\Pos.exe
c:\users\atanas\AppData\Local\ServUpdater\ServiceU pd.exe
c:\users\atanas\AppData\Local\SoftwareUpdater\Soft wareUpdService.exe
c:\users\Public\Documents\AppData\PoApp\PLauncher. exe
folder::
c:\users\atanas\AppData\Local\PosService
c:\users\atanas\AppData\Local\ServUpdater
c:\users\atanas\AppData\Local\SoftwareUpdater
c:\users\Public\Documents\AppData\PoApp
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"PosService"=-
driver::
PowerOffer Service
ServUpdater
SoftwareUpd
Adesso trascina il file CFScript.txt su combofix.exe
Riavvia il pc se ti viene richiesto dal programma.
Riavvia e posta il contenuto del file C:\ComboFix.txt
scarica TDSS killer sul desktop
doppio clic sull'eseguibile per avviare l'applicazione.In change parameters metti la spunta su "detect tdlfs file system" e "verify file digital signature"
Clicca su start scan.
Se un file infetto viene trovato,l'azione di default sarà cure,clicca su continua.
Se un file sospetto viene trovato,l'azione di default sarà skip,clicca su continua.
Se ti viene chiesto di riavviare il pc completa il processo.Clicca su riavvia ora.
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Allega il report che si trova in C in questa forma "TDSSKiller.[Date]_[Time]_log.txt"
Scarica OTL e salvalo sul desktop
Metti la spunta su SCAN ALL USERS.
Sotto output, metti la spunta su minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check e Purity Check.
Clicca su RUN SCAN
Lascia fare la scansione senza interferire.
Al termine della scansione trovi due log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
@menatwork
Ho fatto il CFScript di seguito il log:
log combofix.txt
Poi ho tolto McAfee
Ho installato TDSS e ho fatto la scansione, di seguito il report:
tdss.txt
PS=cosa intendevi con "Allega il report che si trova in C in questa forma "TDSSKiller.[Date]_[Time]_log.txt"" ?
Ho installato OTl e ho fatto la scansione, di seguito i report:
OTL.Txt
e
Extras.Txt
vai nel pannello di controllo e rimuovi java e reinstallalo pulito
disattiva il ripristino
riavvia
riattiva il ripristino
scarica ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)
Correzione errori File di Registro
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI
apri otl e clicca su ''cleanup'' rimuoverai combofix e otl
fammi sapere se e' tutto a posto
Scusa menatwork se ti rispondo solo adesso...sono stata un po' impegnata ultimamente.
Tutto ok ...
Mi sai consigliare qualcosa per la protezione del computer per evitare altri episodi del genere...parlo di antivirus, malware ecc..?
Grazie mille dell'aiuto e della pazienza!!!
Permessi di invio
Rispondi quotando