Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

accesso internet blocccato da malwarebytes

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

accesso internet blocccato da malwarebytes

Postdi middy81 » 18/11/12 21:34

ciao a tutti, chiedo subito scusa se faccio un pò di casino..... da ieri ho riscontrato un problema.... e vi chiedo aiuto....
malwarebytes mi da la seguente notifica

accesso sito potenzialmente nocivo bloccato con successo 176.31.229.25 o 24
porta: xxxxx processo svchost.exe

dopo questa notifica mi si blocca la connessione
cercando una soluzione ho letto di usare combofix e hijackThis
ho seguito tutte le procedure ma il problema sussiste!!!!!
potete aiutarmi? grazie mille


ecco il report di combofix:


ComboFix 12-11-16.02 - Fabrizio 18/11/2012 19:19:41.3.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.2048.1211 [GMT 1:00]
Eseguito da: c:\users\Fabrizio\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\system32\userinit.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-18 al 2012-11-18 )))))))))))))))))))))))))))))))))))
.
.
2012-11-18 18:26 . 2012-11-18 18:26 -------- d-----w- c:\users\Veronica\AppData\Local\temp
2012-11-18 18:26 . 2012-11-18 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-18 18:17 . 2012-11-18 18:17 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DB80EF3-75CB-493A-8AAA-1B731FD64B78}\MpKslf06fbe74.sys
2012-11-17 23:55 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DB80EF3-75CB-493A-8AAA-1B731FD64B78}\mpengine.dll
2012-11-17 09:52 . 2012-11-17 09:53 -------- d-----w- c:\program files\Google
2012-11-17 09:50 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-17 09:48 . 2012-11-17 09:48 388096 ----a-r- c:\users\Fabrizio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-17 09:48 . 2012-11-17 09:48 -------- d-----w- c:\program files\Trend Micro
2012-11-17 09:26 . 2012-11-18 18:52 -------- d-----w- c:\users\Fabrizio\AppData\Local\temp
2012-11-16 21:33 . 2012-11-16 21:53 -------- d-----w- c:\users\Fabrizio\AppData\Local\ServUpdater
2012-11-16 21:33 . 2012-11-16 21:33 -------- d-----w- c:\users\Fabrizio\AppData\Local\PowerOffer
2012-11-16 21:33 . 2012-11-16 21:34 -------- d-----w- c:\users\Fabrizio\AppData\Local\PosService
2012-11-16 10:39 . 2012-11-16 21:33 -------- d-----w- c:\users\Fabrizio\AppData\Local\SoftwareUpdater
2012-11-13 23:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-13 23:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-13 23:03 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-13 23:01 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-13 23:01 . 2012-10-08 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-13 21:19 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-13 21:19 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-13 21:19 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-13 21:19 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-13 21:19 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-13 21:19 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-13 21:19 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-13 21:19 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-13 21:19 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-13 21:19 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:18 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 21:18 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-08 17:06 . 2012-11-08 17:06 -------- d-----w- c:\users\Fabrizio\AppData\Local\adawarebp
2012-11-08 16:00 . 2012-11-08 16:01 -------- d-----w- c:\program files\adawaretb
2012-11-07 22:23 . 2012-11-07 22:26 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\YoWindow
2012-11-01 22:44 . 2012-11-01 22:47 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\GetRightToGo
2012-11-01 20:12 . 2012-11-01 20:12 -------- d-----w- c:\users\Fabrizio\AppData\Local\webkit
2012-11-01 19:59 . 2012-11-01 19:59 -------- d-----w- c:\users\Fabrizio\.thumbnails
2012-11-01 19:55 . 2012-11-01 19:55 -------- d-----w- c:\users\Fabrizio\AppData\Local\fontconfig
2012-11-01 19:55 . 2012-11-01 21:46 -------- d-----w- c:\users\Fabrizio\.gimp-2.8
2012-11-01 19:55 . 2012-11-01 19:55 -------- d-----w- c:\users\Fabrizio\AppData\Local\gegl-0.2
2012-11-01 19:49 . 2012-11-01 19:51 -------- d-----w- c:\program files\GIMP 2
2012-10-27 21:45 . 2012-10-27 21:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2012-10-27 21:45 . 2012-10-27 21:45 -------- d-----w- c:\program files\DVDVideoSoft
2012-10-27 21:42 . 2012-10-27 21:45 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\DVDVideoSoft
2012-10-25 20:18 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-25 20:18 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-25 20:18 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-25 20:18 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-25 20:18 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-21 07:51 . 2012-09-27 14:51 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB20C046-FFC3-4C43-BC7C-BC05FE5B496A}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 17:54 . 2012-06-07 20:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 14:51 . 2012-06-15 20:51 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 18:28 . 2012-10-09 18:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-09 18:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-09 18:56 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 18:56 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57 . 2012-10-09 18:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 16:08 . 2012-10-25 20:19 3584 ----a-w- c:\windows\system32\drivers\it-IT\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-14 18:50 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-14 18:50 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-14 18:50 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-25 19:36 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06 87448 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\Fabrizio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitora avvisi inchiostro - HP Deskjet 3070 B611 series (Rete).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
Ritaglio schermata e avvio di OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\Fabrizio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 MpKslf06fbe74;MpKslf06fbe74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3DB80EF3-75CB-493A-8AAA-1B731FD64B78}\MpKslf06fbe74.sys [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PowerOffer Service;Pos Service;c:\users\Fabrizio\AppData\Local\PosService\Pos.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:51]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:51]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416717577-1936293411-3191922197-1001Core.job
- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 22:24]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416717577-1936293411-3191922197-1001UA.job
- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 22:24]
.
2012-11-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-01 10:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Fabrizio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8DE810C3-CBCC-4894-93E6-A4ACD5475760}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8EFF141D-7A24-4433-9300-D14830634C9E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-18 19:55:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-18 18:55
ComboFix2.txt 2012-11-17 23:50
ComboFix3.txt 2012-11-17 09:34
.
Pre-Run: 278.078.963.712 byte disponibili
Post-Run: 278.019.870.720 byte disponibili
.
- - End Of File - - FED896D8EB2E8770C6C4D91A867606BD
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20

Sponsor
 

Re: accesso internet blocccato da malwarebytes

Postdi Luke57 » 18/11/12 23:43

Ciao, copia e incolla il seguente script in un file di testo:

Codice: Seleziona tutto
Driver::
SoftwareUpd
PowerOffer Service

Folder:
c:\users\Fabrizio\AppData\Local\temp
c:\users\Fabrizio\AppData\Local\ServUpdater
c:\users\Fabrizio\AppData\Local\PowerOffer
c:\users\Fabrizio\AppData\Local\PosService
c:\users\Fabrizio\AppData\Local\SoftwareUpdater

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-

DDS::
TCP: Interfaces\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8DE810C3-CBCC-4894-93E6-A4ACD5475760}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8EFF141D-7A24-4433-9300-D14830634C9E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25



chiamalo obbligatoriamente CFScript.txt e mettilo sul desktop.
con il puntatore del mouse trascinalo sull'icona di combofix; il programma avvierà una nuova scansione; al termine, posta
il nuovo report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: accesso internet blocccato da malwarebytes

Postdi middy81 » 19/11/12 09:47

ciao. ho fatto come hai detto...
posto il nuovo report



ComboFix 12-11-16.02 - Fabrizio 19/11/2012 9:31.4.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.2048.1050 [GMT 1:00]
Eseguito da: c:\users\Fabrizio\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Fabrizio\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
La copia infetta di c:\windows\system32\userinit.exe è stata trovata e disinfettata
ipristinata copia da - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-19 al 2012-11-19 )))))))))))))))))))))))))))))))))))
.
.
2012-11-19 08:38 . 2012-11-19 08:38 -------- d-----w- c:\users\Veronica\AppData\Local\temp
2012-11-19 08:38 . 2012-11-19 08:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-18 21:52 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6804887A-3881-4D70-890D-F3C987D4BA35}\mpengine.dll
2012-11-18 21:10 . 2012-11-18 21:10 -------- d-----w- c:\program files\CCleaner
2012-11-18 20:40 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-17 09:52 . 2012-11-17 09:53 -------- d-----w- c:\program files\Google
2012-11-17 09:26 . 2012-11-19 08:41 -------- d-----w- c:\users\Fabrizio\AppData\Local\temp
2012-11-16 21:33 . 2012-11-16 21:53 -------- d-----w- c:\users\Fabrizio\AppData\Local\ServUpdater
2012-11-16 21:33 . 2012-11-16 21:33 -------- d-----w- c:\users\Fabrizio\AppData\Local\PowerOffer
2012-11-16 21:33 . 2012-11-16 21:34 -------- d-----w- c:\users\Fabrizio\AppData\Local\PosService
2012-11-16 10:39 . 2012-11-16 21:33 -------- d-----w- c:\users\Fabrizio\AppData\Local\SoftwareUpdater
2012-11-13 23:03 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-13 23:03 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-13 23:03 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-13 23:01 . 2012-10-08 07:50 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-11-13 23:01 . 2012-10-08 07:47 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-13 21:19 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-13 21:19 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-13 21:19 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-13 21:19 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-13 21:19 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-13 21:19 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-13 21:19 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-13 21:19 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-13 21:19 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-13 21:19 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-13 21:18 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-13 21:18 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-08 17:06 . 2012-11-08 17:06 -------- d-----w- c:\users\Fabrizio\AppData\Local\adawarebp
2012-11-08 16:00 . 2012-11-08 16:01 -------- d-----w- c:\program files\adawaretb
2012-11-07 22:23 . 2012-11-07 22:26 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\YoWindow
2012-11-01 22:44 . 2012-11-01 22:47 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\GetRightToGo
2012-11-01 20:12 . 2012-11-01 20:12 -------- d-----w- c:\users\Fabrizio\AppData\Local\webkit
2012-11-01 19:59 . 2012-11-01 19:59 -------- d-----w- c:\users\Fabrizio\.thumbnails
2012-11-01 19:55 . 2012-11-01 19:55 -------- d-----w- c:\users\Fabrizio\AppData\Local\fontconfig
2012-11-01 19:55 . 2012-11-01 21:46 -------- d-----w- c:\users\Fabrizio\.gimp-2.8
2012-11-01 19:55 . 2012-11-01 19:55 -------- d-----w- c:\users\Fabrizio\AppData\Local\gegl-0.2
2012-11-01 19:49 . 2012-11-01 19:51 -------- d-----w- c:\program files\GIMP 2
2012-10-27 21:45 . 2012-10-27 21:45 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2012-10-27 21:45 . 2012-10-27 21:45 -------- d-----w- c:\program files\DVDVideoSoft
2012-10-27 21:42 . 2012-10-27 21:45 -------- d-----w- c:\users\Fabrizio\AppData\Roaming\DVDVideoSoft
2012-10-25 20:18 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-10-25 20:18 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-10-25 20:18 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-10-25 20:18 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-25 20:18 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-10-21 07:51 . 2012-09-27 14:51 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB20C046-FFC3-4C43-BC7C-BC05FE5B496A}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 17:54 . 2012-06-07 20:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 14:51 . 2012-06-15 20:51 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 18:28 . 2012-10-09 18:58 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-31 17:18 . 2012-10-09 18:58 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 19:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 17:12 . 2012-10-09 18:56 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 18:56 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57 . 2012-10-09 18:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 16:08 . 2012-10-25 20:19 3584 ----a-w- c:\windows\system32\drivers\it-IT\tsusbflt.sys.mui
2012-08-22 17:16 . 2012-09-14 18:50 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-14 18:50 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-14 18:50 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-25 19:36 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-09-20 20:06 87448 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2012-09-20 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-14 1086760]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-08-08 540056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Fabrizio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitora avvisi inchiostro - HP Deskjet 3070 B611 series (Rete).lnk - c:\windows\system32\RunDll32.exe [2009-7-14 44544]
Ritaglio schermata e avvio di OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:51]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-17 09:51]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416717577-1936293411-3191922197-1001Core.job
- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 22:24]
.
2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416717577-1936293411-3191922197-1001UA.job
- c:\users\Veronica\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-15 22:24]
.
2012-11-18 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-01 10:29]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Fabrizio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8DE810C3-CBCC-4894-93E6-A4ACD5475760}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{8EFF141D-7A24-4433-9300-D14830634C9E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Ora fine scansione: 2012-11-19 09:44:30 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-11-19 08:44
ComboFix2.txt 2012-11-18 18:55
ComboFix3.txt 2012-11-17 23:50
ComboFix4.txt 2012-11-17 09:34
.
Pre-Run: 278.617.161.728 byte disponibili
Post-Run: 278.426.800.128 byte disponibili
.
- - End Of File - - 2F099B2921B44F5A3E0A5DCC56391F01
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20

Re: accesso internet blocccato da malwarebytes

Postdi FrancescoFDAC » 19/11/12 12:28

Mi permetto di intervenire per quei DNS che non se ne vanno via nemmeno con CFScript.

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● termina tutti i programmi aperti
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
allega il log che compare al riavvio

Infine:
HiJackThis: scansione

Scarica HiJackThis: http://www.trendmicro.com/ftp/products/ ... ckThis.msi
● posiziona il file scaricato sul Desktop
● clicca due volte sul file HiJackThis.msi
● clicca sul pulsante Install per avviare l'installazione
● al termine, il programma si avvierà automaticamente
● clicca sul pulsante Do a system scan and save a logfile
● verrà rilasciato un file di testo: allegalo

Note - riguardo al programma:
● non usare il bottone Analyze This in quanto restituisce risultati poco affidabili
non fixare nulla per ora: la maggior parte delle entrate rilevate dal programma sono innocue o addirittura vitali per il sistema
● se riscontrassi problemi (impossibilità di leggere il file Hosts, finestra di Notepad vuota), recati al percorso:
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 32 Bit)
C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 64 Bit)
e clicca con il tasto destro del mouse sul file in questione, scegliendo la voce Esegui come amministratore
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: accesso internet blocccato da malwarebytes

Postdi middy81 » 19/11/12 14:02

fatto.......
ecco il report di adwCleaner

# AdwCleaner v2.008 - Logfile creato il 19/11/2012 alle 13:39:27
# Aggiornamento 17/11/2012 by Xplode
# Sistema Operativo : Windows 7 Starter Service Pack 1 (32 bits)
# Utente : Fabrizio - FABRIZIO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Fabrizio\Downloads\AdwCleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\ChatZum Toolbar
Cartella Eliminato : C:\ProgramData\blekko toolbars

***** [Registro] *****

Chiave Eliminata : HKCU\Software\APN PIP
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Chiave Eliminata : HKCU\Software\PIP
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\Software\PIP
Chiave Eliminata : HKLM\SOFTWARE\Software

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registro Pulito.

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Fabrizio\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

File : C:\Users\Veronica\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [2636 octets] - [19/11/2012 13:38:45]
AdwCleaner[R2].txt - [2696 octets] - [19/11/2012 13:39:12]
AdwCleaner[S1].txt - [2353 octets] - [19/11/2012 13:39:27]

########## EOF - C:\AdwCleaner[S1].txt - [2413 octets] ##########


e questo è quello di HijackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:00:28, on 19/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPNetworkCommunicator.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Startup: Monitora avvisi inchiostro - HP Deskjet 3070 B611 series (Rete).lnk = ?
O4 - Startup: Ritaglio schermata e avvio di OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabrizio\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE810C3-CBCC-4894-93E6-A4ACD5475760}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EFF141D-7A24-4433-9300-D14830634C9E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7229 bytes
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20

Re: accesso internet blocccato da malwarebytes

Postdi FrancescoFDAC » 19/11/12 14:35

Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
● a sinistra, metti la spunta accanto ad ogni singola voce che ti indicherò sotto (non spuntare tutte le voce , solo quelle riportate sotto, mi raccomando)
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su
Queste sono le voci da fixare:

O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - Startup: Monitora avvisi inchiostro - HP Deskjet 3070 B611 series (Rete).lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DE810C3-CBCC-4894-93E6-A4ACD5475760}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EFF141D-7A24-4433-9300-D14830634C9E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EAE486F-CF64-4A19-8DCD-09AF74F60400}: NameServer = 176.31.229.24,176.31.229.25

● se riscontrassi problemi (impossibilità di leggere il file Hosts, finestra di Notepad vuota), recati al percorso:
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 32 Bit)
C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe (per Sistemi Operativi a 64 Bit)
e clicca con il tasto destro del mouse sul file in questione, scegliendo la voce Esegui come amministratore

Disinstalla Ad-Aware Security Add-on, Ad-Aware Browsing Protection e ad Aware.

Se non riscontri problemi, abbiamo finito.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: accesso internet blocccato da malwarebytes

Postdi middy81 » 19/11/12 17:20

sembra che abbiamo risolto!!!!!!!! grazie mille per l'aiuto.....
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20

Re: accesso internet blocccato da malwarebytes

Postdi middy81 » 19/11/12 19:07

confermo la soluzione del problema grazie ancora per l'aiuto!!! :D
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20

Re: accesso internet blocccato da malwarebytes

Postdi FrancescoFDAC » 19/11/12 21:28

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando sul pulsante Yes

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: accesso internet blocccato da malwarebytes

Postdi middy81 » 20/11/12 21:05

fatto!!!! Grazie ancora per l'aiuto!!!!!!!!
middy81
Newbie
 
Post: 6
Iscritto il: 18/11/12 21:20


Torna a Sicurezza e Privacy


Topic correlati a "accesso internet blocccato da malwarebytes":

Internet
Autore: ranger
Forum: Reti, ADSL e wireless
Risposte: 5

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti