Condividi:        

www.searchnu.com/414

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

www.searchnu.com/414

Postdi ertux » 07/12/12 00:42

Buonasera a tutti, scaricando un programma freeware di conversione video ho beccato questo virus(credo sia un virus). Su internet explorer e google chrome mi è comparsa come pagina iniziale quella indicata nel titolo. sul primo sono riuscito a reimpostare una diversa pagina ma non sul secondo. Sapete dirmi quali problematiche comporta questo visur e se è particolarmente pericoloso? e soprattutto...come posso eliminarlo?? il mio sistema operativo è windows 7. Rioport di seguito i risultati di combofix:
ComboFix 12-12-04.01 - User 06/12/2012 23:27:12.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2048.1128 [GMT 1:00]
Eseguito da: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-06 al 2012-12-06 )))))))))))))))))))))))))))))))))))
.
.
2012-12-06 22:41 . 2012-12-06 22:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-06 22:25 . 2012-12-06 22:25 -------- d-----w- c:\program files\Trend Micro
2012-12-06 22:04 . 2012-12-06 22:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B69A174D-EB14-44E6-AB27-9F6473669EF8}\offreg.dll
2012-12-06 16:07 . 2012-12-06 16:07 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2012-12-06 16:07 . 2012-12-06 16:07 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2012-12-06 16:07 . 2012-12-06 16:07 110080 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2012-12-06 16:07 . 2012-12-06 16:07 -------- d-----w- C:\sh4ldr
2012-12-06 16:07 . 2012-12-06 16:07 -------- d-----w- c:\program files\Enigma Software Group
2012-12-06 16:05 . 2012-12-06 16:07 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-06 16:05 . 2012-12-06 16:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-12-06 16:04 . 2012-12-06 16:04 -------- d-----w- c:\program files\RegUtility
2012-12-06 10:20 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-06 10:20 . 2012-12-06 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-05 18:14 . 2012-12-05 18:15 -------- d-----w- c:\users\User\AppData\Roaming\FreeVideoConverter
2012-12-05 18:14 . 2012-12-06 10:03 -------- d-----w- c:\programdata\boost_interprocess
2012-12-05 18:14 . 2012-12-05 18:14 -------- d-----w- c:\program files\Searchqu Toolbar
2012-12-05 18:13 . 2012-12-05 18:14 -------- d-----w- c:\program files\Free Video Converter
2012-12-02 13:33 . 2012-12-02 13:34 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-15 23:02 . 2012-11-15 23:02 -------- dc----w- c:\windows\system32\DRVSTORE
2012-11-15 23:02 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-15 13:22 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 13:22 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-11 23:32 . 2012-11-11 23:35 -------- d-----w- c:\users\User\AppData\Roaming\Probit Software
2012-11-11 23:29 . 2012-11-11 23:36 -------- d-----w- c:\program files\Probit Software
2012-11-06 23:46 . 2012-11-06 23:47 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 11:24 . 2012-10-03 13:39 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-10-09 08:17 . 2012-04-05 08:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 08:17 . 2012-01-24 19:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 22:20 . 2012-10-31 19:24 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-02 22:20 . 2012-10-31 19:23 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-09-14 18:28 . 2012-10-09 22:36 2048 ----a-w- c:\windows\system32\tzres.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
2012-10-17 17:54 89288 ----a-w- c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}"= "c:\progra~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll" [2012-10-17 89288]
.
[HKEY_CLASSES_ROOT\clsid\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2011-07-19 32955440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Security]
2011-01-31 16:52 623520 ----a-w- c:\program files\USB Disk Security\USBGuard.exe
.
R1 MpKsl1bb41c46;MpKsl1bb41c46;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F76178B-0DA8-479A-AC15-C2CFBC113B4F}\MpKsl1bb41c46.sys [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 Bluetooth Low Energy Service;Bluetooth Low Energy Service;c:\program files\Motorola\Bluetooth\LEsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys [x]
S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:17]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 12:00]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-23 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TaskTray - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-12-06 23:44:07
ComboFix-quarantined-files.txt 2012-12-06 22:44
.
Pre-Run: 26.188.554.240 byte disponibili
Post-Run: 25.765.048.320 byte disponibili
.
- - End Of File - - 473C50E378377D28B0270E16DA794ADB

Ho effettuato una scansione anche con hijackthis (se volete riporto i risultati anche di questa) e, inizialmente, con antimalware bytes (con quest'ultimo senza risolvere nulla ovviamente).

Help me please!
ertux
Newbie
 
Post: 6
Iscritto il: 10/11/10 00:48

Sponsor
 

Re: www.searchnu.com/414

Postdi FrancescoFDAC » 07/12/12 21:56

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● termina tutti i programmi aperti
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
allega il log che compare al riavvio

Reimposta i valori originali dei Browser

Per reimpostare Internet Explorer:

● apri il Pannello di controllo
● clicca sull'icona Opzioni Internet
● individua ed apri il tab Avanzate
● clicca, in basso, sul pulsante Reimposta...
● conferma cliccando su Reimposta

Per reimpostare Mozilla Firefox:

● clicca sul pulsante Start
● clicca su Esegui e digita: firefox -safe-mode
● clicca su Ok
● si aprirà una finestra di Firefox; metti il segno di spunta alle seguenti voci:
Ripristina le barre degli strumenti e i controlli
Ripristina le preferenza predefinite di Firefox
Ripristina i motori di ricerca predefiniti
Disattiva tutti i Componenti aggiuntivi

● clicca Applica le modifiche e riavvia

Per reimpostare Opera:

● avvia il Browser in questione
● nella barra degli indirizzi, digita il comando opera:about e premi il pulsante Invio: verrà così visualizzato il percorso dove trovare il file operaprefs.ini (Preferenze)
● cancella il file in questione e riavvia il sistema

Per reimpostare Safari:
● avvia il Browser in questione
● nella barra degli strumenti, clicca il pulsante del Menù delle impostazioni generali (la rotellina ingranaggio)
● clicca la voce Reinizializza Safari: seleziona tutte le voci e conferma il reset cliccando il pulsante Ripristina per portare il browser alle impostazioni iniziali

Riavvia il sistema e vedi se funziona Internet.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sistemi Operativi Windows


Topic correlati a "www.searchnu.com/414":


Chi c’è in linea

Visitano il forum: Nessuno e 62 ospiti