Ho preso un malware, HELP :(

[Ravenheart]

Ho un problema, ogni volta che avvio il pc, Avast mi manda questo doppio avviso:

https://imageshack.com/scaled/large/46/h4o4.jpg

https://imageshack.com/scaled/large/31/k6qp.jpg

Ho provato tutto per liberamene, ho fatto la scansione con Avast e non trova nulla, ho usato ComboFix e ho fatto pure la scansione con Spybot - Search & Destroy ma niente di niente, in pratica non è che ho un virus perchè Avast lo blocca ma ad ogni avvio mi da sempre questo avviso, e "wscript.exe" dentro System32 è un file di Windows, non so più che fare

[k3kk0]

prova a fare la scansione da modalità provvisoria, forse da lì lo becca.

io contro i malware uso malware bytes, mi sembra molto efficace.

[Ravenheart]

Già fatte in modalità provvisoria, provo con sto malware bytes

[Ravenheart]

Ho usato Malwarebytes e mi ha levato il secondo, ma il primo è rimasto

[Ravenheart]

Niente sono ritornati entrambi, ho pure usato il ripristino di window 7 utilizzando quello più vecchio che c'era del 29 ottobre e non ho risolto lo stesso sebbene sto malware l'ho preso dopo quella data

[Crimson Glory]

prova adw cleaner e controlla i collegamenti dei cavi teneri e piccoli. i cavetti.

[gnoppi]

Scaricati da Kaspersky, da Avira e magari anche da altri ancora l'immagine del disco di rescue, lo masterizzi, fai il boot da CD e gli fai fare la scansione di tutto. Usa due/tre tool di produttori diversi, potrebbe essere un rootkit o roba che si autoesegue al boot e non riesci a toglierlo.

Così dovresti riuscire a toglierlo......

Sei vittima di una congiura d Cracker...

[Erlik_khan]

Smonta l'Hdd, sbattilo sul tavolo e poi spruzza sopra un po' di ddt.
Formatta e reinstalla tutto dopo questa operazione.

Ps. gnoppy style

[gnoppi]

Io cambierei direttamente TUTTO il pc, con un bel Alienware nuovo

[†SiL†]

format c:

[Gandy_Hyoga]

Vedi ad andare sui siti cospirazionisti?

[Ravenheart]

Scaricati da Kaspersky, da Avira e magari anche da altri ancora l'immagine del disco di rescue, lo masterizzi, fai il boot da CD e gli fai fare la scansione di tutto. Usa due/tre tool di produttori diversi, potrebbe essere un rootkit o roba che si autoesegue al boot e non riesci a toglierlo.

Così dovresti riuscire a toglierlo......

Sei vittima di una congiura d Cracker...

Ho usato la scansione completa di Avast, Spybot - Search & Destroy, Malwarebytes' Anti-Malware, Malwarebytes' Anti-Rootkit, ComboFix e ho portato il ripristino al 29 ottobre (la data più vecchia possibile), ma null, gli unici che hanno trovato qualcosa sono Spybot e Malwarebytes' Anti-Malware, ma solo cazzatelle. Comunque in pratica non il PC funziona perfettamente, l'unica rottora di cogliono è questo avviso che da ad ogni avvio

[Ravenheart]

Allego il mio log di Combofix:

Spoiler [Mostra]

ComboFix 13-11-04.01 - User 07/11/2013 14:19:13.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.4095.2747 [GMT 1:00]
Eseguito da: d:\roberto\Varie\Programmi e utilitÓ\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2013-10-07 al 2013-11-07 )))))))))))))))))))))))))))))))))))
.
.
2013-11-07 13:23 . 2013-11-07 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-07 13:23 . 2013-11-07 13:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-11-07 11:28 . 2013-11-07 11:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-07 03:48 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D4F2C7-D4A4-4643-BBD3-A82EE7F5426A}\mpengine.dll
2013-11-07 03:25 . 2013-11-07 03:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-07 03:25 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-07 02:57 . 2013-11-07 02:57 409832 ----a-w- c:\windows\system32\drivers\aswsp.sys
2013-11-07 00:16 . 2013-11-07 11:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-06 22:53 . 2013-11-07 03:38 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-11-06 22:52 . 2013-11-07 03:37 -------- d-----w- c:\programdata\Malwarebytes
2013-11-05 23:33 . 2013-11-05 23:33 -------- d-----w- c:\programdata\Electronic Arts
2013-10-26 11:39 . 2013-10-26 11:39 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-10-26 11:39 . 2013-10-26 11:39 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-10-22 23:33 . 2013-10-22 23:33 312744 ----a-w- c:\windows\system32\javaws.exe
2013-10-22 23:33 . 2013-10-22 23:33 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-22 23:33 . 2013-10-22 23:33 189352 ----a-w- c:\windows\system32\javaw.exe
2013-10-22 23:33 . 2013-10-22 23:33 189352 ----a-w- c:\windows\system32\java.exe
2013-10-22 23:33 . 2013-10-22 23:33 -------- d-----w- c:\program files\Java
2013-10-22 23:32 . 2013-10-22 23:32 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-22 23:32 . 2013-10-22 23:32 -------- d-----w- c:\program files (x86)\Java
2013-10-19 19:13 . 2013-10-19 19:13 -------- d-----w- c:\users\User\AppData\Roaming\Amazon
2013-10-19 19:12 . 2013-10-19 19:12 -------- d-----w- c:\users\User\AppData\Local\Program Files
2013-10-16 12:14 . 2013-10-16 12:14 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
2013-10-09 10:19 . 2013-08-29 02:17 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-10-09 10:18 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-09 10:17 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-09 10:17 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 10:17 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 10:17 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 10:17 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 10:17 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 10:17 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-09 10:17 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 02:57 . 2013-06-26 06:45 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-07 02:57 . 2013-06-26 06:45 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-07 02:57 . 2013-06-26 06:45 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-07 02:57 . 2013-06-26 06:45 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-07 02:57 . 2013-06-26 06:45 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-11-07 02:57 . 2013-06-26 06:44 43152 ----a-w- c:\windows\avastSS.scr
2013-10-16 12:12 . 2013-06-26 06:45 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-16 12:12 . 2013-06-26 06:45 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-16 12:12 . 2013-06-26 06:45 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-09 10:21 . 2013-01-11 07:29 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 01:05 . 2013-09-08 22:02 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:05 . 2013-09-08 22:02 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-08-31 00:14 . 2013-08-31 00:14 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-08-31 00:14 . 2013-08-31 00:14 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-08-31 00:14 . 2013-08-31 00:14 142792 ----a-w- c:\windows\system32\atiuxp64.dll
2013-08-31 00:14 . 2013-08-31 00:14 125824 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-08-31 00:13 . 2013-08-31 00:13 97984 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-08-31 00:13 . 2013-08-31 00:13 114488 ----a-w- c:\windows\system32\atiu9p64.dll
2013-08-31 00:13 . 2013-08-31 00:13 1233080 ----a-w- c:\windows\system32\aticfx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 1027544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-08-31 00:13 . 2013-08-31 00:13 9464840 ----a-w- c:\windows\system32\atidxx64.dll
2013-08-31 00:13 . 2013-08-31 00:13 8215992 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-08-31 00:13 . 2013-08-31 00:13 6176008 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-08-31 00:13 . 2013-08-31 00:13 6189416 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-08-31 00:13 . 2013-08-31 00:13 6767240 ----a-w- c:\windows\system32\atiumd6a.dll
2013-08-31 00:13 . 2013-08-31 00:13 7256496 ----a-w- c:\windows\system32\atiumd64.dll
2013-08-31 00:11 . 2013-08-31 00:11 12528640 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-08-30 23:48 . 2013-08-30 23:48 127488 ----a-w- c:\windows\system32\coinst_13.152.dll
2013-08-30 23:48 . 2013-08-30 23:48 229376 ----a-w- c:\windows\system32\clinfo.exe
2013-08-30 23:47 . 2013-08-30 23:47 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-08-30 23:47 . 2013-08-30 23:47 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-08-30 23:47 . 2013-08-30 23:47 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2013-08-30 23:47 . 2013-08-30 23:47 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-08-30 23:47 . 2013-08-30 23:47 28192256 ----a-w- c:\windows\system32\amdocl64.dll
2013-08-30 23:45 . 2013-08-30 23:45 23760896 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-08-30 23:43 . 2013-08-30 23:43 63488 ----a-w- c:\windows\system32\OpenCL.dll
2013-08-30 23:43 . 2013-08-30 23:43 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-08-30 23:35 . 2013-08-30 23:35 25387520 ----a-w- c:\windows\system32\atio6axx.dll
2013-08-30 23:18 . 2013-08-30 23:18 368640 ----a-w- c:\windows\system32\atiapfxx.exe
2013-08-30 23:18 . 2013-08-30 23:18 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2013-08-30 23:18 . 2013-08-30 23:18 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-08-30 23:18 . 2013-08-30 23:18 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2013-08-30 23:18 . 2013-08-30 23:18 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-08-30 23:17 . 2013-08-30 23:17 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2013-08-30 23:14 . 2013-08-30 23:14 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-08-30 23:13 . 2013-08-30 23:13 21400064 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-08-30 22:59 . 2013-08-30 22:59 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-08-30 22:58 . 2013-08-30 22:58 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-08-30 22:58 . 2013-08-30 22:58 571904 ----a-w- c:\windows\system32\atieclxx.exe
2013-08-30 22:57 . 2013-08-30 22:57 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2013-08-30 22:56 . 2013-08-30 22:56 190976 ----a-w- c:\windows\system32\atitmm64.dll
2013-08-30 22:33 . 2013-08-30 22:33 784384 ----a-w- c:\windows\system32\atiadlxx.dll
2013-08-30 22:33 . 2013-08-30 22:33 594944 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-08-30 22:33 . 2013-08-30 22:33 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-08-30 22:32 . 2013-08-30 22:32 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 100352 ----a-w- c:\windows\system32\atig6txx.dll
2013-08-30 22:32 . 2013-08-30 22:32 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-08-30 22:32 . 2013-08-30 22:32 618496 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-08-30 17:58 . 2013-08-30 17:58 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2013-08-30 17:53 . 2013-08-30 17:53 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2013-08-29 01:48 . 2013-10-09 10:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-26 09:13 . 2013-08-26 09:13 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"="" [BU]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-07 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DeviceManager;DeviceManager;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe;c:\program files (x86)\Common Files\DeviceHelper\DeviceManager.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys;c:\windows\SYSNATIVE\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 20:04 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-08 01:05]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 07:39]
.
2013-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 07:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-07 02:57 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.virgilio.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{15828040-1528-4B1F-B4E3-C481325D09D5}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bnmmay9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - ExtSQL: 2013-11-06 19:24; langpack-it@firefox.mozilla.org; c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bnmmay9x.default\extensions\langpack-it@firefox.mozilla.org.xpi
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-11-07 14:25:50
ComboFix-quarantined-files.txt 2013-11-07 13:25
ComboFix2.txt 2013-11-07 12:16
ComboFix3.txt 2013-11-07 04:01
ComboFix4.txt 2013-11-07 02:24
ComboFix5.txt 2013-11-07 13:18
.
Pre-Run: 59.157.045.248 byte disponibili
Post-Run: 58.839.760.896 byte disponibili
.
- - End Of File - - 20AC304DE527F0DE8AF5EAA64A415B5A
A36C5E4F47E84449FF07ED3517B43A31

[phobiA]

hai preso un che...???

[ELASTIKO]

ti sta bene.
che ti si fonda il pc.

[Ravenheart]

Le ho provate tutte non si toglie questo avviso di merda all'avvio, ho usato anche due diversi programmi per i Rootkit ovvero Malwarebytes' Anti-Rootkit e gmer ma nulla

[†SiL†]

Una volta presi un virus che mi bloccava il pc, appena lo accendevo andava su una pagina della guardia di finanza e diceva che avevo materiale pedo pornografico sul pc e che dovevo pagare tipo 200 euro...
Son belle cose.

Raven, non è il forum adatto per chiedere aiuto, soprattutto per te.

[Graz]

uhmmm
sicuramente si ricrea una voce dal registro di sistema che lo fa ricaricare ad ogni avvio
il pc ti funzionerà anche bene ma fossi in te non farei acquisti, digitare codici e dati sensibili iban, paypal, postepay ecc

che OS usi? e che browser?
prova cwshredder, per me era quasi sempre l'ultima spiaggia con windows xp
da quando sono passato a vista (poi seven, ora 8) non ho più preso nulla, nè malware nè virus

se non risolvi boh formatta sul serio

[Ravenheart]

Ho 7 e uso firefox. Per gli acquisti tanto cascano un gran male i soldi della postepay li carico sempre contati. Di media ho sempre meno di 1 €

[Graz]

come minchia hai fatto a prendere qualcosa con seven

[Ravenheart]

Che poi non è che ho preso qualcosa, Avast all'avvio lo blocca sempre quindi in pratica sto malware rompe solo i coglioni penso, non credo faccia danni

[Phantom]

Salva i dati su un supporto esterno, formatta il pc e prima di ripristinare i dati assicurati che siano puliti. Ogni altro sistema di bonifica non garantisce una disinfezione sicura perché non sai come funziona il malware di turno e cosa ha modificato all'interno del sistema operativo.

[gnoppi]

Oppure cercati un tool specifico per quel malware...

[Ravenheart]

Il problema è che non so quale è il malware, tra l'altro ora Avast quando faccio la scanzione mi dice questo:

http://img208.imageshack.us/img208/9673/dkhy.jpg

[None]

C'è gente che vive con 600 virus, un malware cosa vuoi che sia?

[Månehav]

dovresti fare un po' di pulizia nei files temporanei con qualche tool apposito, magari c'e' anche da cancellare qualche linea nel registro, ma se non lo hai mai fatto lascia perdere che rischi di far piu' danno