Condividi:
Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!
Moderatori: m.paolo, kadosh, Luke57
di franco75 » 05/07/12 16:18
Ciao a tutti apro questo nuovo topic ho il pc di mio fratello che fino a due giorni fa andava bene oggi non va internet sia firefox che IE9 l'antivirus non me lo fa aprire ho fatto girare combofix in modalita provvisoria chi mi da un'occhiata grazie.
- Codice: Seleziona tutto
ComboFix 12-07-05.02 - domenico 05/07/2012 16.05.12.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.2498 [GMT 2:00]
Eseguito da: c:\users\domenico\Desktop\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\domenico\ConMgrPS.dll
c:\users\domenico\DecMPA.dll
c:\users\domenico\ESComm.dll
c:\users\domenico\GetDXVersion.dll
c:\users\domenico\KillProcess2ForPCStudio.dll
c:\users\domenico\lame_enc.dll
c:\users\domenico\PendingFileOperation.dll
c:\users\domenico\PreRunNexp.exe
c:\users\domenico\vformatl.dll
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-05 al 2012-07-05 )))))))))))))))))))))))))))))))))))
.
.
2012-07-05 14:13 . 2012-07-05 14:13 -------- d-----w- c:\users\domenico\AppData\Local\temp
2012-07-05 14:13 . 2012-07-05 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 13:59 . 2012-07-05 13:59 54016 ----a-w- c:\windows\system32\drivers\pptdlfx.sys
2012-07-05 13:51 . 2012-07-05 13:51 -------- d-----w- c:\users\domenico\AppData\Roaming\Malwarebytes
2012-07-05 13:51 . 2012-07-05 13:51 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 13:51 . 2012-07-05 13:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-05 13:51 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 14:04 . 2012-07-04 14:04 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-04 14:04 . 2012-07-04 14:04 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-23 18:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 18:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 18:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 18:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 18:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 18:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 18:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 18:53 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 18:53 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 11:58 . 2012-06-15 11:58 -------- d-----w- c:\users\domenico\AppData\Local\Macromedia
2012-06-15 11:56 . 2012-06-15 11:56 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-15 11:56 . 2011-06-07 12:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-04 14:04 . 2011-05-12 13:26 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-04-15 2515552]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\program files\Softonic_Italia\tbSoft.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
2009-12-31 09:53 2349080 ----a-w- c:\program files\Softonic_Italia\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
2010-04-15 11:33 2515552 ----a-w- c:\program files\ooVoo_Video_Chat\tbooVo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-04-15 2515552]
"{4edd5c14-2d22-4d7a-9748-c975a7fd933b}"= "c:\program files\Softonic_Italia\tbSoft.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E5A1E26F-0D1D-4307-868F-FBD9A374AB54}"= "c:\program files\ooVoo_Video_Chat\tbooVo.dll" [2010-04-15 2515552]
"{4EDD5C14-2D22-4D7A-9748-C975A7FD933B}"= "c:\program files\Softonic_Italia\tbSoft.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}]
.
[HKEY_CLASSES_ROOT\clsid\{4edd5c14-2d22-4d7a-9748-c975a7fd933b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-20 39408]
"ooVoo.exe"="c:\program files\oovoo\oovoo.exe" [2010-10-31 19071672]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-14 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"ConnMonitor"="c:\program files\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
.
c:\users\domenico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - 85118246
*NewlyCreated* - ECACHE
*Deregistered* - 85118246
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-15 11:56]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 19:47]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-20 19:47]
.
2012-07-05 c:\windows\Tasks\User_Feed_Synchronization-{16CEF654-A1D1-4FAF-BCF0-51EAF561E71D}.job
- c:\windows\system32\msfeedssync.exe [2012-06-15 03:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1701838
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=Pavilion&pf=cnnb
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.3
TCP: Interfaces\{4B2C4A68-18F1-4C12-B736-B7E12A60EA31}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\domenico\AppData\Roaming\Mozilla\Firefox\Profiles\ignyx96j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1701838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=58dfa40e00000000000000234e378ae9&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17982&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-AIM_6 - c:\program files\AIM6\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-05 16:13
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-07-05 16:16:59
ComboFix-quarantined-files.txt 2012-07-05 14:16
.
Pre-Run: 147.378.606.080 byte disponibili
Post-Run: 147.701.686.272 byte disponibili
.
- - End Of File - - 72DA01BE16BE2815F064725AFA95A54B
-
franco75
- Utente Senior
-
- Post: 182
- Iscritto il: 28/04/12 12:35
di franco75 » 05/07/12 17:16
Adesso si avvia normale firefox va internet ma si blocca di continuo..
-
franco75
- Utente Senior
-
- Post: 182
- Iscritto il: 28/04/12 12:35
di franco75 » 05/07/12 20:00
Risolto era Norton causa problemi
-
franco75
- Utente Senior
-
- Post: 182
- Iscritto il: 28/04/12 12:35
Torna a Sicurezza e Privacy
Topic correlati a "Pc va solo in modalita provvisoria":
Chi c’è in linea
Visitano il forum: Nessuno e 14 ospiti