Olimpo Informatico :: Leggi argomento - Ciao a tutti, mi presento con un quesito esoterico

Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto

FAQ

Cerca

Lista utenti

Gruppi

Registrati

Profilo

Messaggi privati

Ciao a tutti, mi presento con un quesito esoterico

Indice del forum -> Pronto Soccorso Virus

Precedente :: Successivo

Autore

Messaggio

dottorcatrame
Comune mortale

Registrato: 11/11/10 21:41
Messaggi: 2

Inviato: 11 Nov 2010 21:53 Oggetto: Ciao a tutti, mi presento con un quesito esoterico

Ciao a tutti.
Mi presento, anzi, mi faccio conoscere subito con una domanda balzana, forse, per chi è esperto. Ma mi arrovello da tempo con questi quesiti.
Esempio:
L'antivirus rileva un malware o simili in un exe, ma io lo voglio eseguire lo stesso. Disattivo l'antivirus e lo faccio. Poi riattivo l'antivirus e faccio una bella scansione. Lui trova della roba brutta e la mette in quarantena, io svuoto la quarantena. A questo punto, mi chiedo, è tutto a posto? In sostanza, cioè, a pc già infetto, l'antivirus (io uso Avira) ripara tutto per bene, o quel che è fatto ormai è fatto?
Per completezza ho fatto anche una scansione con Combofix, il quale ha trovato il file instrv.exe e lo ha cancellato. Il log non lo capisco, ma se qualcuno di buona volontà volesse dargli un'occhiata, eccolo qui sotto.

Ciaooooooo!!!!!!!!

Citazione:

ComboFix 10-11-11.01 - Administrator 11/11/2010 20:02:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3070.2084 [GMT 1:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\instsrv.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-10-11 al 2010-11-11 )))))))))))))))))))))))))))))))))))
.

2010-11-10 17:56 . 2010-11-10 17:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\skypePM
2010-11-10 17:55 . 2010-11-10 17:55 -------- d-----w- c:\program files\Common Files\Skype
2010-11-10 17:55 . 2010-11-10 19:29 -------- d-----w- c:\users\Administrator\AppData\Roaming\Skype
2010-11-10 17:55 . 2010-11-10 17:55 -------- d-----r- c:\program files\Skype
2010-11-10 17:55 . 2010-11-10 17:55 -------- d-----w- c:\programdata\Skype
2010-11-09 20:24 . 2010-11-09 20:26 -------- d-----w- c:\users\Administrator\AppData\Roaming\vlc
2010-11-09 20:24 . 2010-11-09 20:24 -------- d-----w- c:\program files\VideoLAN
2010-11-09 14:10 . 2010-11-09 18:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-09 14:10 . 2010-11-09 18:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 13:59 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72F8729F-E774-4A60-8D46-8689E186C016}\mpengine.dll
2010-11-08 18:49 . 2003-04-18 18:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-11-04 20:16 . 2010-11-04 20:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Avira
2010-11-04 18:51 . 2010-11-04 18:51 -------- d-----w- c:\program files\SyncToy 2.1
2010-11-02 20:10 . 2010-11-02 20:11 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2010-11-02 20:10 . 2010-11-02 20:10 -------- d-----w- c:\program files\Google
2010-11-01 21:25 . 2010-11-01 21:25 -------- d-----w- c:\users\Administrator\AppData\Local\Installer4632
2010-10-26 22:04 . 2010-10-26 22:04 -------- d-----w- c:\program files\SDExplorer
2010-10-26 21:33 . 2010-10-26 21:33 -------- d-----w- c:\programdata\eMule
2010-10-26 21:33 . 2010-11-09 20:18 -------- d-----w- c:\users\Administrator\AppData\Local\eMule
2010-10-26 21:33 . 2010-10-26 21:33 -------- d-----w- c:\program files\eMule
2010-10-26 21:16 . 2010-10-26 21:16 -------- d-----w- c:\windows\it
2010-10-26 21:15 . 2010-10-26 21:16 -------- d-----w- c:\program files\Windows Live
2010-10-26 21:15 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-26 21:15 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-26 21:15 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-26 21:14 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-26 20:57 . 2010-11-11 18:14 -------- d-----w- c:\users\Administrator\AppData\Local\Windows Live
2010-10-26 20:57 . 2010-10-26 20:57 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-26 20:56 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-26 20:56 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-26 20:56 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-26 20:55 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-26 20:55 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-26 20:55 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-26 20:55 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-26 20:55 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-20 19:55 . 2010-10-20 19:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-20 15:02 . 2010-10-20 15:02 -------- d-----w- c:\program files\Bonjour
2010-10-19 18:06 . 2010-10-19 18:27 -------- d-----w- c:\users\Administrator\AppData\Roaming\VoipCheapCom
2010-10-19 18:05 . 2010-10-19 18:05 -------- d-----w- c:\program files\VoipCheapCom.com
2010-10-19 17:41 . 2010-10-19 17:41 -------- d-----w- c:\programdata\FLEXnet
2010-10-19 17:38 . 2010-10-19 17:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-10-19 17:38 . 2010-11-03 23:00 -------- d-----w- c:\users\Administrator\AppData\Local\Adobe
2010-10-19 17:37 . 2008-04-07 03:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-10-19 17:31 . 2010-10-20 15:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-17 14:12 . 2010-10-17 14:12 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-10-17 07:11 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-17 07:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 20:17 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-11-04 20:17 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-11-04 20:17 . 2009-09-15 03:37 811520 ----a-w- c:\windows\system32\user32.dll
2010-10-19 09:41 . 2010-10-05 19:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-22 14:17 . 2010-09-22 14:17 15488 ----a-w- c:\windows\system32\drivers\rdpdispm.sys
2010-09-22 14:17 . 2010-09-22 14:17 116608 ----a-w- c:\windows\system32\rdpdispd.dll
2010-09-21 12:03 . 2010-09-21 12:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-01 12:22 . 2010-10-05 19:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-01 12:22 . 2010-10-05 19:34 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-21 05:32 . 2010-10-05 19:51 316928 ----a-w- c:\windows\system32\spoolsv.exe
.

------- Sigcheck -------

[-] 2010-11-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
[7] 2009-09-15 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16400_none_cd604238ce73b38f\user32.dll
[7] 2009-09-15 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.20496_none_cd8e8f8de7d4e9b5\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2010-09-22 1448800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-03-23 495708]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\System32\srvany.exe [2003-04-18 8192]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [2010-09-22 15488]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\d8t68hey.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)

.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,14,1e,3c,8d,67,6a,4a,be,21,f2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,14,1e,3c,8d,67,6a,4a,be,21,f2,\

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.avi"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Bitmap"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Google.PhotoViewer.3.0"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PhotoViewer.FileAssoc.Tiff"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3908812422-818013082-4085397513-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2010-11-11 20:10:38
ComboFix-quarantined-files.txt 2010-11-11 19:10

Pre-Run: 3.259.179.008 byte disponibili
Post-Run: 4.013.240.320 byte disponibili

- - End Of File - - 6A2E3552FB33B346200F5E5108B4D0B4

Top

Sante62
Dio maturo

Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

Inviato: 12 Nov 2010 10:46 Oggetto: Re: Ciao a tutti, mi presento con un quesito esoterico

Ciao dottorcatrame e benvenuto Non è detto che l'antivirus installato, qualsiasi sia, ripulisca del tutto il sistema dai virus, anzi capita raramente. Bisogna comunque far passare tool specifici. Fai queste altre scansioni: Segui le indicazioni di questo topic per usare CCleaner Segui le indicazioni di questa discussione per eliminare gli ADS Segui le indicazioni di questa discussione per pulire i file temp eccetera. Segui le istruzioni di questo topicper usare MBAM Segui le indicazioni di questa discussione per fare un log di Hijackthis

Top

dottorcatrame
Comune mortale

Registrato: 11/11/10 21:41
Messaggi: 2

Inviato: 16 Nov 2010 11:59 Oggetto:

Ciao Sante, e bentrovato a te. Grazie per la risposta, proverò tutti i tool che mi hai consigliato. Per inciso, il file eseguito e rilevato come contentente virus, era il famoso mini-KMS Activator... solito dubbio se si tratti davvero di virus o meno.

Top

Sante62
Dio maturo

Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

Inviato: 16 Nov 2010 18:42 Oggetto:

Da una ricerca sommaria che ho fatto non dovrebbe essere un virus vero e proprio.....

Top

Mostra prima i messaggi di:

	Indice del forum -> Pronto Soccorso Virus	Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

Vai a:

Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi