Condividi:        

svchost.exe connessione ad internet bloccata

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

svchost.exe connessione ad internet bloccata

Postdi Tony848 » 07/09/12 23:47

Come da titolo,malwarebytes mi apre una finestrella dove mi dice:

"accesso al sito potenzialmente nocivo bloccato con successo 176.31.229.25"
tipo: in uscita
porta:xxxxx,processo:svchost.exe (ho scritto xxxxx perche' mi cambia il numero di porta di continuo)

e mi blocca la connessione ad internet
Ho scaricato questo tool: Svchost Process Analyzer e vi allego la foto dei risultati....
qualcuno sarebbe cosi' gentile da aiutarmi? Grazie mille :)

PS avevo formattato il pc da 15 giorni circa :cry:

http://www.mediafire.com/view/?vvalrbb9s2gp2sb#
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Sponsor
 

Re: svchost.exe connessione ad internet bloccata

Postdi FrancescoFDAC » 08/09/12 00:50

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce: quando inserisci un dispositivo esterno, dovrai avviarla "manualmente" dalle Risorse del computer
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: svchost.exe connessione ad internet bloccata

Postdi Tony848 » 08/09/12 08:21

Ecco il link con il report di combofix:

http://www.mediafire.com/view/?vlo3fosi72f9s1p

Grazie :)
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Re: svchost.exe connessione ad internet bloccata

Postdi FrancescoFDAC » 08/09/12 10:29

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


File::
c:\users\Tony848\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\Tony848\AppData\Local\PosService\Pos.exe
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Tony848\AppData\Local\ServUpdater\ServiceUpd.exe

Folder::
c:\users\Tony848\AppData\Local\ServUpdater
c:\users\Tony848\AppData\Local\PosService
c:\users\Tony848\AppData\Local\PowerOffer
c:\users\Tony848\AppData\Local\SoftwareUpdater
c:\users\Public\Documents\AppData\PoApp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-

Driver::
ServUpdater
SoftwareUpd
PowerOffer Service


● chiama questo file CFScript.txt, e posizionalo sul Desktop, affianco a ComboFix - se ComboFix non fosse sul Desktop provvedi a spostarlo li-

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: svchost.exe connessione ad internet bloccata

Postdi Tony848 » 08/09/12 11:35

Ecco fatto: :)

ComboFix 12-09-07.03 - Tony848 08/09/2012 12:16:39.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3946.2543 [GMT 2:00]
Eseguito da: c:\users\Tony848\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Tony848\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Public\Documents\AppData\PoApp\PLauncher.exe"
"c:\users\Tony848\AppData\Local\PosService\Pos.exe"
"c:\users\Tony848\AppData\Local\ServUpdater\ServiceUpd.exe"
"c:\users\Tony848\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\users\Tony848\AppData\Local\PosService
c:\users\Tony848\AppData\Local\PosService\7z.dll
c:\users\Tony848\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Tony848\AppData\Local\PosService\Pos.exe
c:\users\Tony848\AppData\Local\PosService\Pos.InstallLog
c:\users\Tony848\AppData\Local\PosService\Pos.InstallState
c:\users\Tony848\AppData\Local\PowerOffer
c:\users\Tony848\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\Tony848\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\Tony848\AppData\Local\PowerOffer\unins000.dat
c:\users\Tony848\AppData\Local\PowerOffer\unins000.exe
c:\users\Tony848\AppData\Local\ServUpdater
c:\users\Tony848\AppData\Local\ServUpdater\7z.dll
c:\users\Tony848\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Tony848\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Tony848\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Tony848\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Tony848\AppData\Local\ServUpdater\settings.ini
c:\users\Tony848\AppData\Local\ServUpdater\settings\settings.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-08 al 2012-09-08 )))))))))))))))))))))))))))))))))))
.
.
2012-09-08 10:22 . 2012-09-08 10:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 06:54 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-08 06:54 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-08 06:54 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-07 11:42 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49C2CBC-F3D0-4305-AC73-07C2C0E74C4F}\mpengine.dll
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\programdata\Recisio
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\program files (x86)\KaraFun Player
2012-08-30 15:28 . 2012-08-30 15:28 -------- d-----w- c:\program files\Yamaha
2012-08-30 14:53 . 2012-08-30 14:53 -------- d-----w- c:\windows\system32\SPReview
2012-08-30 14:52 . 2012-08-30 14:52 -------- d-----w- c:\windows\system32\EventProviders
2012-08-30 14:50 . 2012-08-03 02:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-29 19:58 . 2012-08-29 19:58 -------- d-----w- c:\program files\Defraggler
2012-08-29 19:50 . 2012-08-29 19:50 -------- d-----w- c:\program files (x86)\vanBasco's Karaoke Player
2012-08-29 19:31 . 2012-08-29 19:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-29 09:48 . 2010-11-20 13:27 476160 ----a-w- c:\windows\system32\QAGENTRT.DLL
2012-08-29 09:47 . 2010-11-20 13:26 41472 ----a-w- c:\windows\system32\mimefilt.dll
2012-08-29 09:46 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-08-29 09:45 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-08-29 09:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-08-29 09:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-08-29 09:41 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-08-29 09:41 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-08-29 09:41 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-08-29 06:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-28 18:38 . 2012-08-28 18:38 -------- d-----w- c:\program files\WinRAR
2012-08-28 18:18 . 2012-08-28 18:18 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 18:18 . 2012-08-28 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 18:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:17 . 2012-08-28 18:17 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-28 18:17 . 2012-08-28 18:17 -------- d-----w- c:\program files\7-Zip
2012-08-28 14:54 . 2012-08-28 18:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 14:54 . 2012-09-06 11:21 -------- d-----w- c:\program files (x86)\Java
2012-08-28 13:48 . 2012-08-28 13:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-28 12:28 . 2012-08-28 12:28 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-08-28 12:26 . 2012-08-28 12:26 -------- d-----w- c:\program files (x86)\Bandicam
2012-08-28 12:26 . 2012-08-28 12:26 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-08-28 12:23 . 2012-08-28 12:23 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-08-28 12:22 . 2012-08-28 12:22 -------- d-----w- c:\programdata\Ask
2012-08-28 12:21 . 2012-08-28 12:21 -------- d-----w- c:\program files\CCleaner
2012-08-28 12:20 . 2012-08-28 12:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 12:20 . 2012-08-28 18:24 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\system32\wbem\en-US
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\system32\Wat
2012-08-28 08:37 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-28 08:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-28 08:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-28 08:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-28 08:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-28 08:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-28 08:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-28 08:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-28 08:01 . 2012-08-28 08:01 -------- d-----w- c:\programdata\ATI
2012-08-28 08:00 . 2012-08-28 08:00 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-28 07:58 . 2012-08-28 07:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-08-28 07:58 . 2012-08-28 07:59 -------- d-----w- c:\program files\ATI Technologies
2012-08-28 07:58 . 2012-08-28 07:58 -------- d-----w- c:\program files\ATI
2012-08-28 07:32 . 2012-08-28 07:32 -------- d-----w- C:\AMD
2012-08-28 07:25 . 2012-08-28 07:25 -------- d-----w- c:\program files (x86)\FinalWire
2012-08-28 07:14 . 2012-09-07 18:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-28 07:12 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-28 07:10 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-08-28 07:05 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-08-28 07:04 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-28 07:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-28 07:02 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-28 07:01 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-28 06:58 . 2012-08-28 07:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 06:58 . 2012-08-28 07:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 06:58 . 2012-08-28 06:58 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-28 06:58 . 2012-08-28 06:58 -------- d-----w- c:\windows\system32\Macromed
2012-08-28 06:55 . 2012-08-28 06:59 -------- d-----w- c:\program files (x86)\DriverPlus
2012-08-28 06:53 . 2012-08-28 06:53 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-28 06:51 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-28 06:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-28 06:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-28 06:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-28 06:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-28 06:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-28 06:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-28 06:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-28 06:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-28 06:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-28 06:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-28 06:46 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-28 06:46 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-28 06:43 . 2012-08-28 06:48 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-28 06:43 . 2012-08-28 06:48 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-28 06:43 . 2011-12-16 07:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-28 06:43 . 2012-08-28 06:43 -------- d-----w- c:\programdata\Avira
2012-08-28 06:43 . 2012-08-28 06:43 -------- d-----w- c:\program files (x86)\Avira
2012-08-28 06:40 . 2012-09-06 11:21 -------- d-sh--w- c:\windows\Installer
2012-08-28 06:16 . 2010-04-27 14:57 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-08-27 18:17 . 2012-08-28 06:16 -------- d-----w- c:\program files (x86)\Intel
2012-08-27 18:17 . 2009-12-14 10:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-08-27 18:08 . 2010-07-07 08:43 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-27 18:08 . 2011-07-05 18:55 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-27 18:08 . 2011-07-05 18:55 4745280 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-08-27 18:08 . 2011-07-05 18:55 3617280 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-08-27 18:08 . 2011-07-05 18:55 3952128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-08-27 18:08 . 2012-08-27 18:08 -------- d-----w- c:\program files\Broadcom
2012-08-27 17:58 . 2010-02-01 18:30 622624 ----a-w- c:\windows\system32\drivers\rtl819xp.sys
2012-08-27 17:58 . 2009-09-22 12:00 212992 ----a-w- c:\windows\SysWow64\RtlIhvOid.dll
2012-08-27 17:58 . 2009-03-05 16:54 311296 ----a-w- c:\windows\SysWow64\Rezip.exe
2012-08-27 17:58 . 2012-08-27 17:59 -------- d-----w- c:\program files (x86)\REALTEK Wireless LAN Software
2012-08-27 17:58 . 2012-08-27 17:59 -------- d-----w- c:\windows\system32\RtlGina
2012-08-27 17:56 . 2012-08-27 18:06 -------- d-----w- c:\program files (x86)\Atheros
2012-08-27 17:56 . 2012-08-30 15:29 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-27 17:56 . 2012-08-27 17:56 -------- d-----w- c:\windows\Options
2012-08-27 17:56 . 2011-12-12 17:32 2797056 ----a-w- c:\windows\system32\athrx.sys
2012-08-27 17:56 . 2012-08-27 17:56 -------- d-----w- c:\programdata\Atheros
2012-08-27 17:37 . 2012-08-27 17:10 -------- d-----w- c:\windows\Panther
2012-08-27 17:23 . 2012-08-28 12:30 -------- d-----w- C:\Windows.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 15:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-30 15:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-20 12:58 . 2012-06-20 12:58 16374848 ----a-w- c:\users\Tony848\Firefox Setup 13.0.1.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-08_07.06.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-08 10:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-08 06:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-08 10:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-08 06:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-08 10:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-08 06:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-28 06:15 . 2012-09-08 10:09 24784 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-08 10:09 28456 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-09-08 10:10 91392 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-27 18:02 . 2012-09-08 10:09 6556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2408934494-1309802351-4248149040-1000_UserData.bin
+ 2012-09-08 10:23 . 2012-09-08 10:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-08 06:49 . 2012-09-08 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-08 10:23 . 2012-09-08 10:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-08 06:49 . 2012-09-08 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 10:53 . 2012-09-08 06:59 698570 c:\windows\system32\perfh010.dat
+ 2009-07-14 10:53 . 2012-09-08 10:15 698570 c:\windows\system32\perfh010.dat
- 2009-07-14 02:36 . 2012-09-08 06:59 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-08 10:15 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 10:53 . 2012-09-08 10:15 127764 c:\windows\system32\perfc010.dat
- 2009-07-14 10:53 . 2012-09-08 06:59 127764 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-09-08 10:15 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-08 06:59 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-07 22:52 230648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-08 10:22 230648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-09-02 18:07 7149282 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-08 10:09 7149282 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-08-28 07:32 . 2012-09-08 07:36 6463916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2408934494-1309802351-4248149040-1000-8192.dat
- 2012-08-28 07:32 . 2012-09-07 22:52 6463916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2408934494-1309802351-4248149040-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-28 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-28 1255736]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-28 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Realtek9xp;Realtek9xp;c:\program files (x86)\REALTEK Wireless LAN Software\RtlService.exe [2009-09-01 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 07:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://it.ask.com/?l=dis&o=15383
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}\4594353414C494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8AB282C5-46DB-4D98-8A0A-49FC750128CB}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{90174300-7C07-490E-AFAC-C9C722231C23}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Tony848\AppData\Roaming\Mozilla\Firefox\Profiles\53jj5b4l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Tony848\AppData\Local\PowerOffer\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\REALTEK Wireless LAN Software\RtWlan.exe
.
**************************************************************************
.
Ora fine scansione: 2012-09-08 12:28:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-09-08 10:28
.
Pre-Run: 46.718.439.424 byte disponibili
Post-Run: 46.412.140.544 byte disponibili
.
- - End Of File - - 703C7A77AE0F368C7F15C88461F56ED3
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Re: svchost.exe connessione ad internet bloccata

Postdi FrancescoFDAC » 08/09/12 13:35

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Il problema è risolto, vero?
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: svchost.exe connessione ad internet bloccata

Postdi Tony848 » 08/09/12 16:25

Purtroppo anche dopo aver eseguito alla lettera quello che mi hai consigliato di fare,il problema persiste :cry:
avresti qualche altro suggerimento?grazie mille dell'aiuto :)
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Re: svchost.exe connessione ad internet bloccata

Postdi Luke57 » 08/09/12 17:12

Ciao, sostituisci il testo del file CFScript.txt con quello indicato in neretto:

DDS::
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}\4594353414C494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8AB282C5-46DB-4D98-8A0A-49FC750128CB}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{90174300-7C07-490E-AFAC-C9C722231C23}: NameServer = 176.31.229.24,176.31.229.25


salvalo lasciando il nome CFscript.txt

Trascinalo sull'icona di combofix per una nuova scansione. Controlla poi se il problema persiste.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: svchost.exe connessione ad internet bloccata

Postdi Tony848 » 08/09/12 18:26

niente mannaggia :cry:
cmq vi posto anche questo report:


ComboFix 12-09-08.02 - Tony848 08/09/2012 19:03:07.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3946.2465 [GMT 2:00]
Eseguito da: c:\users\Tony848\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Tony848\Desktop\Cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-08 al 2012-09-08 )))))))))))))))))))))))))))))))))))
.
.
2012-09-08 17:08 . 2012-09-08 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 15:59 . 2012-09-08 15:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49C2CBC-F3D0-4305-AC73-07C2C0E74C4F}\offreg.dll
2012-09-08 06:54 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-08 06:54 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-08 06:54 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-07 11:42 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49C2CBC-F3D0-4305-AC73-07C2C0E74C4F}\mpengine.dll
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\programdata\Recisio
2012-09-02 10:27 . 2012-09-02 10:27 -------- d-----w- c:\program files (x86)\KaraFun Player
2012-08-30 15:28 . 2012-08-30 15:28 -------- d-----w- c:\program files\Yamaha
2012-08-30 14:53 . 2012-08-30 14:53 -------- d-----w- c:\windows\system32\SPReview
2012-08-30 14:52 . 2012-08-30 14:52 -------- d-----w- c:\windows\system32\EventProviders
2012-08-30 14:50 . 2012-08-03 02:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-29 19:58 . 2012-08-29 19:58 -------- d-----w- c:\program files\Defraggler
2012-08-29 19:50 . 2012-08-29 19:50 -------- d-----w- c:\program files (x86)\vanBasco's Karaoke Player
2012-08-29 19:31 . 2012-08-29 19:31 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-29 09:48 . 2010-11-20 13:27 476160 ----a-w- c:\windows\system32\QAGENTRT.DLL
2012-08-29 09:47 . 2010-11-20 13:26 41472 ----a-w- c:\windows\system32\mimefilt.dll
2012-08-29 09:46 . 2010-11-20 13:27 182784 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-08-29 09:45 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-08-29 09:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-08-29 09:45 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-08-29 09:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-08-29 09:41 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-08-29 09:41 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-08-29 09:41 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-08-29 06:19 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-28 18:38 . 2012-08-28 18:38 -------- d-----w- c:\program files\WinRAR
2012-08-28 18:18 . 2012-08-28 18:18 -------- d-----w- c:\programdata\Malwarebytes
2012-08-28 18:18 . 2012-08-28 18:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 18:18 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:17 . 2012-08-28 18:17 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-28 18:17 . 2012-08-28 18:17 -------- d-----w- c:\program files\7-Zip
2012-08-28 14:54 . 2012-08-28 18:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 14:54 . 2012-09-06 11:21 -------- d-----w- c:\program files (x86)\Java
2012-08-28 13:48 . 2012-08-28 13:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-28 12:28 . 2012-08-28 12:28 -------- d-----w- c:\program files (x86)\VirtualDJ
2012-08-28 12:26 . 2012-08-28 12:26 -------- d-----w- c:\program files (x86)\Bandicam
2012-08-28 12:26 . 2012-08-28 12:26 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-08-28 12:23 . 2012-08-28 12:23 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-08-28 12:22 . 2012-08-28 12:22 -------- d-----w- c:\programdata\Ask
2012-08-28 12:21 . 2012-08-28 12:21 -------- d-----w- c:\program files\CCleaner
2012-08-28 12:20 . 2012-08-28 12:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-28 12:20 . 2012-08-28 18:24 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\system32\wbem\en-US
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\SysWow64\Wat
2012-08-28 11:57 . 2012-08-28 11:57 -------- d-----w- c:\windows\system32\Wat
2012-08-28 08:37 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-08-28 08:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-28 08:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-28 08:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-28 08:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-28 08:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-28 08:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-28 08:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-28 08:01 . 2012-08-28 08:01 -------- d-----w- c:\programdata\ATI
2012-08-28 08:00 . 2012-08-28 08:00 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-28 07:58 . 2012-08-28 07:58 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-08-28 07:58 . 2012-08-28 07:59 -------- d-----w- c:\program files\ATI Technologies
2012-08-28 07:58 . 2012-08-28 07:58 -------- d-----w- c:\program files\ATI
2012-08-28 07:32 . 2012-08-28 07:32 -------- d-----w- C:\AMD
2012-08-28 07:25 . 2012-08-28 07:25 -------- d-----w- c:\program files (x86)\FinalWire
2012-08-28 07:14 . 2012-09-07 18:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-08-28 07:12 . 2011-06-16 05:49 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-28 07:10 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-08-28 07:05 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-08-28 07:04 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-08-28 07:03 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-08-28 07:02 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-28 07:01 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-08-28 06:58 . 2012-08-28 07:21 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 06:58 . 2012-08-28 07:21 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 06:58 . 2012-08-28 06:58 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-28 06:58 . 2012-08-28 06:58 -------- d-----w- c:\windows\system32\Macromed
2012-08-28 06:55 . 2012-08-28 06:59 -------- d-----w- c:\program files (x86)\DriverPlus
2012-08-28 06:53 . 2012-08-28 06:53 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-28 06:51 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-28 06:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-28 06:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-28 06:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-28 06:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-28 06:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-28 06:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-28 06:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-28 06:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-28 06:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-28 06:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-28 06:46 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-28 06:46 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-28 06:43 . 2012-08-28 06:48 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-28 06:43 . 2012-08-28 06:48 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-28 06:43 . 2011-12-16 07:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-28 06:43 . 2012-08-28 06:43 -------- d-----w- c:\programdata\Avira
2012-08-28 06:43 . 2012-08-28 06:43 -------- d-----w- c:\program files (x86)\Avira
2012-08-28 06:40 . 2012-09-06 11:21 -------- d-sh--w- c:\windows\Installer
2012-08-28 06:16 . 2010-04-27 14:57 540696 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-08-27 18:17 . 2012-08-28 06:16 -------- d-----w- c:\program files (x86)\Intel
2012-08-27 18:17 . 2009-12-14 10:33 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-08-27 18:08 . 2010-07-07 08:43 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-08-27 18:08 . 2011-07-05 18:55 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-08-27 18:08 . 2011-07-05 18:55 4745280 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-08-27 18:08 . 2011-07-05 18:55 3617280 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-08-27 18:08 . 2011-07-05 18:55 3952128 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-08-27 18:08 . 2012-08-27 18:08 -------- d-----w- c:\program files\Broadcom
2012-08-27 17:58 . 2010-02-01 18:30 622624 ----a-w- c:\windows\system32\drivers\rtl819xp.sys
2012-08-27 17:58 . 2009-09-22 12:00 212992 ----a-w- c:\windows\SysWow64\RtlIhvOid.dll
2012-08-27 17:58 . 2009-03-05 16:54 311296 ----a-w- c:\windows\SysWow64\Rezip.exe
2012-08-27 17:58 . 2012-08-27 17:59 -------- d-----w- c:\program files (x86)\REALTEK Wireless LAN Software
2012-08-27 17:58 . 2012-08-27 17:59 -------- d-----w- c:\windows\system32\RtlGina
2012-08-27 17:56 . 2012-08-27 18:06 -------- d-----w- c:\program files (x86)\Atheros
2012-08-27 17:56 . 2012-08-30 15:29 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-08-27 17:56 . 2012-08-27 17:56 -------- d-----w- c:\windows\Options
2012-08-27 17:56 . 2011-12-12 17:32 2797056 ----a-w- c:\windows\system32\athrx.sys
2012-08-27 17:56 . 2012-08-27 17:56 -------- d-----w- c:\programdata\Atheros
2012-08-27 17:37 . 2012-08-27 17:10 -------- d-----w- c:\windows\Panther
2012-08-27 17:23 . 2012-08-28 12:30 -------- d-----w- C:\Windows.old
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 15:03 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-08-30 15:03 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-20 12:58 . 2012-06-20 12:58 16374848 ----a-w- c:\users\Tony848\Firefox Setup 13.0.1.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-27 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-28 348664]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-28 1255736]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2011-11-01 51016]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-28 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-27 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Realtek9xp;Realtek9xp;c:\program files (x86)\REALTEK Wireless LAN Software\RtlService.exe [2009-09-01 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 07:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://it.ask.com/?l=dis&o=15383
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{337B4268-6FF2-4F87-B75D-E166708622E7}\4594353414C494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8AB282C5-46DB-4D98-8A0A-49FC750128CB}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{90174300-7C07-490E-AFAC-C9C722231C23}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\users\Tony848\AppData\Roaming\Mozilla\Firefox\Profiles\53jj5b4l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Tony848\AppData\Local\PowerOffer\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-09-08 19:11:49
ComboFix-quarantined-files.txt 2012-09-08 17:11
.
Pre-Run: 46.535.970.816 byte disponibili
Post-Run: 48.094.228.480 byte disponibili
.
- - End Of File - - 4D069F54F54156C760E8134C48E26375
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Re: svchost.exe connessione ad internet bloccata

Postdi Luke57 » 08/09/12 21:17

Ciao, infatti di dns malevoli sono sempre lì:
Scarica OTL,
http://oldtimer.geekstogo.com/OTL.exe
salvalo sul desktop,doppio click sulla sua icona.
Metti la spunta su SCAN ALL USERS.
Sotto Extra Registry , seleziona Use SafeList.

Clicca su RUN SCAN
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt),
Allegali.
allegali su
http://wikisend.com/
fornendo il link per poterli vedere
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: svchost.exe connessione ad internet bloccata

Postdi Tony848 » 09/09/12 09:15

Vi allego il report,pero' volevo anche dirvi che ho risolto il problema spuntando la casella "ottieni indirizzo server DNS automaticamente" mentre prima avevo inserito l'ip addres di open DNS e i DNS malevoli li avevano cambiati mettendo i loro,solo che malawarebytes li bloccava.....ora funziona tutto perfettamente

cmq ecco il report:

http://www.mediafire.com/view/?j313f8anuv7o6x8
Tony848
Utente Junior
 
Post: 47
Iscritto il: 20/07/12 09:05

Re: svchost.exe connessione ad internet bloccata

Postdi Luke57 » 09/09/12 09:58

Ciao, ok, chiudo il topic ;)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "svchost.exe connessione ad internet bloccata":


Chi c’è in linea

Visitano il forum: Nessuno e 53 ospiti