Home News Guide Hardware Download Forum Glossario

Condividi:        

Residui di Trojan da eliminare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Residui di Trojan da eliminare

Postdi markmoon » 22/04/10 01:25

Nod32 mi ha individuato un trojan,lo ha rimosso.Nel frattempo mi sono accorto di processi del taskmanager sospetti,li ho terminati,ma si ripristinavano,portavano quasi tutti alla cartella AppData/temp.Nel frattempo Internet Explorer non funziona a dovere,si apre 1 volta si e 1 no,mi dà problemi con le schede,i link non si aprono.
Poi ho guardato in Msconfig e risultavano 3 processi all'avvio legati a questi trojan,li ho disabilitati.
Ho fatto un Hijackthis e c'erano 3-4 elementi sopetti.Allora ho fatto una scansione Malwarebites e mi ha trovato di ogni.Al riavvio ho rifatto un log Hijackthis ed è tutto pulito.
Ho riguardato Msconfig processi all'avvio e mi risultano seppure disabilitati ancora i 3 processi legati a quello che mi ha eliminato Malwarebites,che mi ha eliminato delle chiavi di registro e dei file di trojan, ma questi si annidano ancora in altre chiavi di registro come vedo da Msconfig.Posto uno screenshot della quarantena di Malwarebites:
http://i44.tinypic.com/2411ee9.jpg
e di Msconfig Avvio:
Immagine
Poi in Appdata/temp ci sono altri file che non mi piacciono.
Ora come procedo? Il pc sembra andare bene,IE è tornato in sè, vorrei eliminare in toto il contenuto della cartella AppData/Temp se si può e poi mi rimangono quelle chiavi di registro in Msconfig.
Avatar utente
markmoon
Utente Senior
 
Post: 437
Iscritto il: 28/04/06 19:03
Top
Sponsor
 

Re: Residui di Trojan da eliminare

Postdi markmoon » 22/04/10 01:29

Si notano in Msconfig e in Malewarebites :
- sshnas21.dll
- start1 legato a 0.49...exe
- YVIBBBHA8C
Avatar utente
markmoon
Utente Senior
 
Post: 437
Iscritto il: 28/04/06 19:03
Top

Re: Residui di Trojan da eliminare

Postdi gahan » 22/04/10 10:21

Ciao Markmoon,

in msconfig rimangono solo le voci di eventuali minacce debellate, ma queste risultanto essere inoffensive.

Ad ogni modo facciamo un controllo completo del tuo sistema e vediamo se effettivamente non è infetto.

Scarica Combofix direttamente sul desktop dal link seguente:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- disconnettiti da internet
- disattiva il tuo antivirus
- esegui ComboFix.exe
- NON installare la RECOVERY CONSOLE
- NON interferire con la scansione del programma
- a scansione ultimata vai in C:\ e copia/incolla, nella tua prossima risposta, il log contentuto nel file
Combofix.txt
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09
Top

Re: Residui di Trojan da eliminare

Postdi markmoon » 22/04/10 12:52

ComboFix 10-04-21.01 - Mark 22/04/2010 13.24.25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2038.1030 [GMT 2:00]
Eseguito da: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1165109239-324502626-4098091233-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3283731831-2129460553-4191347367-500
c:\$recycle.bin\S-1-5-21-4084405118-5062504-1974973415-500
c:\windows\Pkocea.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-22 al 2010-04-22 )))))))))))))))))))))))))))))))))))
.

2010-04-22 11:29 . 2010-04-22 11:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 16:39 . 2009-05-13 13:51 -------- d-----w- c:\program files\Photoshop CS4
2010-04-19 15:53 . 2010-04-20 07:47 -------- d-----w- c:\users\Mark\AppData\Local\Adobe
2010-04-15 19:04 . 2010-04-15 19:01 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-04-15 19:04 . 2010-04-15 19:04 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-04-15 19:04 . 2010-04-15 19:04 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-15 19:04 . 2010-04-15 19:04 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-04-15 19:03 . 2010-04-15 19:03 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-04-15 19:03 . 2010-04-15 19:03 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-15 19:03 . 2010-04-15 19:03 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-15 19:03 . 2010-04-15 19:03 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-15 19:01 . 2010-04-15 19:01 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-04-15 16:28 . 2010-04-15 19:04 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-15 16:14 . 2010-04-15 19:01 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-15 16:10 . 2010-04-15 19:04 -------- d-----w- c:\programdata\DivX
2010-04-13 18:30 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-13 18:30 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-13 18:30 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-13 18:29 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-13 18:29 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-13 18:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-13 18:29 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-13 18:29 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-13 18:29 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-13 18:29 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-13 18:29 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-03-30 17:53 . 2010-02-23 06:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-03-30 17:52 . 2010-02-23 04:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-30 17:52 . 2010-02-23 06:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-03-30 17:52 . 2010-02-23 06:33 71680 ----a-w- c:\windows\system32\iesetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-22 10:29 . 2009-12-31 13:21 2815 ----a-w- c:\windows\bthservsdp.dat
2010-04-22 07:22 . 2009-12-31 19:49 -------- d-----w- c:\program files\JDownloader
2010-04-21 23:02 . 2009-12-31 17:51 -------- d-----w- c:\users\Mark\AppData\Roaming\LimeWire
2010-04-21 20:58 . 2009-12-31 15:11 -------- d-----w- c:\program files\CCleaner
2010-04-21 08:53 . 2006-11-06 01:52 662846 ----a-w- c:\windows\system32\perfh010.dat
2010-04-21 08:53 . 2006-11-06 01:52 120326 ----a-w- c:\windows\system32\perfc010.dat
2010-04-20 23:35 . 2009-12-31 14:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-15 19:04 . 2009-12-31 17:46 -------- d-----w- c:\program files\DivX
2010-04-13 19:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-13 18:49 . 2010-01-25 13:19 -------- d-----w- c:\programdata\Microsoft Help
2010-04-12 22:59 . 2010-02-12 20:37 -------- d-----w- c:\program files\Replay Media Catcher
2010-04-12 22:05 . 2010-02-12 20:39 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-04-12 22:05 . 2010-02-12 20:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-04-08 21:49 . 2009-12-31 15:49 -------- d-----w- c:\program files\Common Files\eBay
2010-04-08 19:30 . 2009-12-31 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 19:27 . 2009-12-31 15:21 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 18:05 . 2010-02-19 09:54 -------- d-----w- c:\program files\Google
2010-03-29 22:46 . 2009-12-31 15:20 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-12-31 15:20 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 21:21 . 2010-03-11 21:20 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-10 18:00 . 2010-03-11 21:20 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-02 19:40 . 2010-03-02 16:34 -------- d-----w- c:\program files\TeamViewer
2010-03-02 16:34 . 2010-03-02 16:24 -------- d-----w- c:\users\Mark\AppData\Roaming\TeamViewer
2010-03-02 16:24 . 2010-03-02 16:24 -------- d-----w- c:\program files\QS
2010-03-01 23:34 . 2010-03-01 22:54 -------- d-----w- c:\program files\ESET
2010-02-24 11:39 . 2009-12-31 11:49 112584 ----a-w- c:\users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-12-31 16:14 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-10 10:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 10:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 10:05 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 11:24 . 2009-12-31 18:50 38784 ----a-w- c:\users\Mark\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-18 11:24 . 2009-12-31 18:50 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-10 17:13 . 2009-12-31 17:17 165376 ----a-w- c:\windows\system32\unrar.dll
2010-01-25 12:00 . 2010-02-24 10:46 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 10:46 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 10:46 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 10:46 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 10:46 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 10:46 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 10:46 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 10:46 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 10:46 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 10:47 2048 ----a-w- c:\windows\system32\tzres.dll
.

------- Sigcheck -------

[-] 2010-01-01 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Hotkey CD Eject"="c:\program files\Hotkey CD Eject\cdeject.exe" [2003-02-21 597504]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 4423680]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 438272]
"NDSTray.exe"="NDSTray.exe" [BU]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-03 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-03 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-03 133912]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2007-03-23 12:41 538744 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
2009-09-22 19:09 156672 ----a-w- c:\program files\Replay Media Catcher\FLVSrvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nitro PDF Printer Monitor]
2008-02-01 14:38 210208 ----a-w- c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-04-03 14:52 509496 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-02-19 14:00 571024 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0f,06,42,f0,f3,8a,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1818783399-2505984025-1408226993-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\NitroPDF5\bepldr.exe [2007-11-15 151552]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-27 27488]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 09:54]

2010-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-19 09:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?IT
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
MSConfigStartUp-start 1 - c:\users\Mark\AppData\Local\Temp\0.49530362378716686.exe
MSConfigStartUp-YVIBBBHA8C - c:\users\Mark\AppData\Local\Temp\Pr1.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-22 13:30
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{CFE9A1C8-0A2E-4536-84EE-B392E735E807}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.474.0"
"UniqueId"="000468A14B8C45B7"
"ScannerBuild"=dword:000018d4
"ScannerVersionId"=dword:00001292
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000005

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-04-22 13:33:22
ComboFix-quarantined-files.txt 2010-04-22 11:33

Pre-Run: 56.547.459.072 byte disponibili
Post-Run: 56.777.662.464 byte disponibili

- - End Of File - - 9E4393013762EFB89219D47C2DBFB7CE



Grazie Gahan,quelle 3 chiavi famose sono state rimosse,poi in Appdata/Local/temp mi ha fatto una bella pulizia,ma quelle chiavi di registro bloccate di Nod32 cosa significano?mi ritrovo delle icone di programmi senza l'immagine,poca cosa va beh,provo a riavviare o reinstallerò i programmi,con cambia icona non succede niente.
Poi volevo sapere se tutto il contenuto della cartella Appdata/local/temp può essere rimosso manualmente senza problemi visto che sono file temporanei e se posso rimuovere la cartella C:Combofix e Qoobox,o sarebbe bene tenere l'eseguibile di Combofix per il futuro.
Avatar utente
markmoon
Utente Senior
 
Post: 437
Iscritto il: 28/04/06 19:03
Top

Re: Residui di Trojan da eliminare

Postdi gahan » 22/04/10 16:53

Ciao Mark,

le chiavi di registro dove figura la voce NOD32 potrebbe dipendere da qualche chiave precedentemente cancellata e spostata in quarantena da NOD e individuata dalla scansione di Combofix (in ogni caso inoffensiva).

Per quanto riguarda la cartella "Appdata/local/temp" meglio far eliminare i files obsoleti da software ad HOC quali CCleaner.

Infine cancella tutto ciò che riguarda Combofix (cartelle e setup).
Se dovesse servirti nuovamente, lo riscarichi :)
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09
Top

Re: Residui di Trojan da eliminare

Postdi markmoon » 22/04/10 17:25

gahan ha scritto:Ciao Mark,

le chiavi di registro dove figura la voce NOD32 potrebbe dipendere da qualche chiave precedentemente cancellata e spostata in quarantena da NOD e individuata dalla scansione di Combofix (in ogni caso inoffensiva).

Per quanto riguarda la cartella "Appdata/local/temp" meglio far eliminare i files obsoleti da software ad HOC quali CCleaner.

Infine cancella tutto ciò che riguarda Combofix (cartelle e setup).
Se dovesse servirti nuovamente, lo riscarichi :)


Ti chiedo un'ultima cosa CCleaner lo utilizzo regolarmente,ma non raggiuge quella cartella temporanea o sbaglio?
grazie ancora,mi hai salvato :)anche se Malwarebites ha fatto il grosso del lavoro! ormai sono abituato a questi problemi e a formattare,ma questi trojan rompono proprio le scatole,possibile che non abbiano niente di meglio da fare che creare qualcosa per distruggere?! :evil:
Avatar utente
markmoon
Utente Senior
 
Post: 437
Iscritto il: 28/04/06 19:03
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Residui di Trojan da eliminare":

Eliminare PIN in W11
Autore: Tony2 		Forum: Sistemi Operativi Windows
Risposte: 2
PER ELIMINARE COLONNE
Autore: giorgioa 		Forum: Applicazioni Office Windows
Risposte: 9
excel vba eliminare celle apparentemente vuote
Autore: ANTONIO1105 		Forum: Applicazioni Office Windows
Risposte: 3
eliminare pulsanti
Autore: raimea 		Forum: Applicazioni Office Windows
Risposte: 3
Eliminare file da Onedrive ma no dal pc
Autore: lukarello7 		Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti