Come mi devo muovere per debellarlo? adesso sono in modalità provvisoria con rete.
Ho windows 7 ultimate 32 bit
aiuto virus cripta file
Regole del forum
aiuto virus cripta file
Come mi devo muovere per debellarlo? adesso sono in modalità provvisoria con rete.
Ho windows 7 ultimate 32 bit
Re: aiuto virus cripta file
Re: aiuto virus cripta file
Dopo aver seguito la procedura riportata nell'articolo avvia Windows normalmente ma scollegandolo dalla rete e vedi se ci sono miglioramenti.
Re: aiuto virus cripta file
Ps nel frattempo sto scansionando con malwarebytes
giusto per sapere... è un virus grave?
Ultima modifica di Sem il mar mar 25, 2014 11:55 am, modificato 1 volta in totale.
-
[Claudio]
Re: aiuto virus cripta file
Ho notato in altre occasioni che, spesso, i Rescue CD (Kaspersky, Avira, ecc.) falliscono.
-
[Claudio]
Re: aiuto virus cripta file
Leggi il post che ti ho linkato nel precedente replay (c'è un link - Informazioni su HITMANPRO.KICKSTART - che porta ad un articolo contenente le istruzioni per integrare KICKSTART in una pendrive).Sem ha scritto:si può usare da pennetta? se sì come?
Dipende dal tipo di ransomware.giusto per sapere... è un virus grave?
Una volta terminata l'operazione di bonifica torna qui: sarà necessario eseguire un paio di controlli ulteriori.
Re: aiuto virus cripta file
Come "trasferirlo" su pennetta è spiegato nell'articolo che ti ho linkato precedentemente.
Re: aiuto virus cripta file
Ransomware è un termine composto da Ransom (termine inglese che in italiano è traducibile con riscatto) e ware (abbreviazione di software). In sintesi si tratta di un malware che impedisce il normale accesso ai file e/o al computer chiedendo alla vittima un "riscatto" per ripristinare il normale accesso ai suddetti.[Claudio] ha scritto:Dipende dal tipo di ransomware.
Come già accennato da [Claudio], alcuni sono una bazzecola da rimuovere, altri sono progettati attentamente. In quest'ultimo caso, se non si dispone di un backup aggiornato, si può sperare di recuperare i propri dati solo tramite il pagamento del "riscatto".
Re: aiuto virus cripta file
Ps malwarebytes ha finito il controllo e non ha rilevato nulla
Re: aiuto virus cripta file
Ti riferisci a HitmanPro.Kickstart? Se si, premi 1.Sem ha scritto:dopo averlo messo in pennetta e avviato da usb cosa devo fare? premo 1?
-
[Claudio]
Re: aiuto virus cripta file
Hash, HitmanPro è rilasciato in versione di prova 30 giorni (basta attivare la licenza); Kickstart è una funzionalità integrata (ma è rilasciato anche a parte).hashcat ha scritto:Personalmente preferisco un "normale" rescue disk (HitmanPro fa affidamento sul sistema operativo installato ed è un software commerciale).
HitmanPro permette inoltre il suo l'avvio in "modalità "forzata" (FORCE BREACH MODE); modalità che termina i servizi attivati dal ransomware per consertirne la rimozione.
La funzionalità KICKSTART (cosi come KICKSTART SIDEKICK-ISO) è progettata quasi esclusivamente per la rimozione dei ransomware.
Una annotazione va fatta: HitmanPro (compresa l'esecuzione in "modalità forzata") richiede necessariamente la connessione attiva; KICKSTART su USB e KICKSTART SIDEKICK-ISO, invece no.
Altra considerazione, per chiudere il cerchio: sul ricorso a MALWAREBYTES: in caso di ransomware è preferibile eseguire la funzionalità integrata CHAMELEON.
Ultima modifica di [Claudio] il mar mar 25, 2014 12:46 pm, modificato 1 volta in totale.
Re: aiuto virus cripta file
Mi riferisco a HitmanPro.Kickstart
Re: aiuto virus cripta file
Segui il procedimento mostrato in questo video:Sem ha scritto:l'ho estratto, adesso come faccio a metterlo sulla pennetta? scusate ma non sono molto pratico
Mi riferisco a HitmanPro.Kickstart
-
[Claudio]
Re: aiuto virus cripta file
Sem, abbi pazienzaSem ha scritto:l'ho estratto, adesso come faccio a metterlo sulla pennetta? scusate ma non sono molto pratico
.... ti abbiamo fornito tutto ciò che ti serve (le lo avevo linkato prima) ---->>> guarda qui: http://www.surfright.nl/en/kickstartTi verrà tutto più facile.
P.S.: anticipato da Hash, con il video
Re: aiuto virus cripta file
Re: aiuto virus cripta file
Si.Sem ha scritto:dopo vari tentativi ce l'ho fatta....usb fatta, nel caso la funzione 1 non venisse eseguita faccio la 2?
Re: aiuto virus cripta file
-
[Claudio]
Re: aiuto virus cripta file
Devi cambiare la sequenza di BOOT da Bios ed impostare l'avvio del computer da USB (altrimenti non partirà mai).Sem ha scritto:la scansione da usb non parte....
Guarda quel video, Sem, altrimenti non se ne esce.
E se non ci riesci, fai sapere, e cambiamo approccio.
Re: aiuto virus cripta file
hitmanpro non ha rilevato nulla
-
[Claudio]
Re: aiuto virus cripta file
Dai Sem, tranquillizzati e cambiamo approccio.Sem ha scritto:ho messo da usb ma non parte comunque ....sono preoccupato
Hai detto che il sistema parte in modalità provvisoria, quindi procedi in questo modo:
Scarica: COMBOFIX e salvalo su Pendrive;
A) SCOLLEGA il computer dal rete;
B) avvia il computer in modalità provvisoria;
C) sposta COMBOFIX dalla pendrive al desktop e:
1) tasto destro del mouse sull’icona e scegli ESEGUI COME AMMINISTRATORE;
2) IGNORA eventuali messaggi relativi alla presenza dell'antivirus e/o altro e prosegui;
3) durante la scansione (ci vorrà tempo) NON ESEGUIRE operazioni sul computer;
4) Salva il REPORT rilasciato e allegalo.
Re: aiuto virus cripta file
Il mio suggerimento rimane QUESTO.[Claudio] ha scritto:Dai Sem, tranquillizzati e cambiamo approccio.
-
[Claudio]
Re: aiuto virus cripta file
Hash chehashcat ha scritto:Il mio suggerimento QUESTO.
.... dove vai???? P.S.: andrebbe anche bene ..... ma ..... se non riesce a cambiare la sequenza di boot per avviare da USB ..... ritieni riesca a farlo per avviare da CD???
TENTATIVO DI SEMPLIFICAZIONE
Re: aiuto virus cripta file
[Claudio] ha scritto:Hash che
Nell'inviare il messaggio mi sono mangiato una parola... ora l'ho corretto.
Oltre all'utilizzo di Combofix, ti invito a provare RogueKiller. Dopo averlo eseguito, al completamento della scansione preliminare automatica, clicca sul pulsante Scan e, al termine della scansione, sul pulsante Report, copia il relativo log e postalo sul forum.
Re: aiuto virus cripta file
Combofix.txt
ComboFix 14-03-24.01 - Samuele 25/03/2014 14:18:31.2.1 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.958.685 [GMT 1:00]
Eseguito da: c:\users\Samuele\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
.
.
((((((((((((((((((((((((( Files Creati Da 2014-02-25 al 2014-03-25 )))))))))))))))))))))))))))))))))))
.
.
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Samuele\AppData\Local\temp
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-25 11:53 . 2014-03-25 11:53 -------- d-----w- c:\program files\HitmanPro
2014-03-25 11:53 . 2014-03-25 12:20 -------- d-----w- c:\programdata\HitmanPro
2014-03-25 10:37 . 2014-03-25 12:46 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-25 10:37 . 2014-03-25 10:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-25 10:37 . 2014-03-25 10:37 -------- d-----w- c:\programdata\Malwarebytes
2014-03-25 10:37 . 2014-03-05 08:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-25 10:37 . 2014-03-05 08:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-25 10:37 . 2014-03-05 08:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-24 21:49 . 2014-03-24 21:49 -------- d-----w- c:\users\Samuele\AppData\Roaming\KC Softwares
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\programdata\SupremoRemoteDesktop
2014-03-18 10:18 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-18 10:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-18 10:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-17 11:37 . 2014-03-21 01:53 -------- d-----w- c:\users\Samuele\AppData\Roaming\uTorrent
2014-03-15 01:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-15 01:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-14 23:35 . 2014-03-14 23:35 -------- d-----w- c:\programdata\Canneverbe Limited
2014-03-14 20:16 . 2014-03-14 20:16 -------- d-----w- c:\users\Samuele\AppData\Roaming\Canneverbe Limited
2014-03-14 20:16 . 2014-03-14 20:16 -------- d-----w- c:\program files\CDBurnerXP
2014-03-14 00:09 . 2014-03-14 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2014-03-13 23:54 . 2014-03-13 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 23:54 . 2014-03-13 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-13 23:50 . 2014-03-14 00:11 -------- d-----w- c:\users\Samuele\AppData\Local\Adobe
2014-03-05 00:32 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-05 00:22 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2014-03-05 00:01 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-03-04 02:34 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-03-04 02:24 . 2013-07-03 04:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-03-04 02:24 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-03-04 02:24 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-03-04 02:01 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-04 02:01 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-04 02:01 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-04 02:01 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-04 02:01 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-03-04 02:01 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-04 02:01 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-04 01:48 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-04 01:48 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-04 01:25 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-02-28 01:28 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-28 01:28 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-28 01:22 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-28 01:22 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-28 01:22 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-28 01:22 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-28 01:22 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-28 01:22 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-28 01:22 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-28 01:22 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-28 01:22 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-28 01:14 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 02:58 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-25 02:24 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-25 02:24 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-25 02:24 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-25 02:24 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-25 02:24 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-25 02:24 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-25 02:24 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-25 02:24 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-25 02:24 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-25 02:24 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-25 02:24 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-25 02:23 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 13:31 . 2014-02-01 13:31 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-13 689744]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 06:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeAutoActivation]
2010-12-25 09:36 90112 ----a-w- c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-27 37352]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-03-13 440400]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-19 69240]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-19 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-03-13 1017424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 00:17 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13 23:58]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-04 20:50]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-04 20:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-03-25 14:26:52
ComboFix-quarantined-files.txt 2014-03-25 13:26
.
Pre-Run: 46.872.629.248 byte disponibili
Post-Run: 46.750.052.352 byte disponibili
.
- - End Of File - - 1667FBEA05B1E752D959C8F2F7D9E85A
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.958.685 [GMT 1:00]
Eseguito da: c:\users\Samuele\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinRAR\Leggimi.Txt
c:\program files\WinRAR\Leggimi_1a.Txt
c:\program files\WinRAR\Licenza.Txt
c:\program files\WinRAR\Ordin.htm
c:\program files\WinRAR\Ordina.htm
.
.
((((((((((((((((((((((((( Files Creati Da 2014-02-25 al 2014-03-25 )))))))))))))))))))))))))))))))))))
.
.
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Samuele\AppData\Local\temp
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-25 13:24 . 2014-03-25 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-25 11:53 . 2014-03-25 11:53 -------- d-----w- c:\program files\HitmanPro
2014-03-25 11:53 . 2014-03-25 12:20 -------- d-----w- c:\programdata\HitmanPro
2014-03-25 10:37 . 2014-03-25 12:46 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-25 10:37 . 2014-03-25 10:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-03-25 10:37 . 2014-03-25 10:37 -------- d-----w- c:\programdata\Malwarebytes
2014-03-25 10:37 . 2014-03-05 08:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-03-25 10:37 . 2014-03-05 08:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-03-25 10:37 . 2014-03-05 08:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-03-24 21:49 . 2014-03-24 21:49 -------- d-----w- c:\users\Samuele\AppData\Roaming\KC Softwares
2014-03-21 00:52 . 2014-03-21 00:52 -------- d-----w- c:\programdata\SupremoRemoteDesktop
2014-03-18 10:18 . 2014-01-28 02:07 185344 ----a-w- c:\windows\system32\wwansvc.dll
2014-03-18 10:07 . 2014-01-29 02:06 381440 ----a-w- c:\windows\system32\wer.dll
2014-03-18 10:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-03-17 11:37 . 2014-03-21 01:53 -------- d-----w- c:\users\Samuele\AppData\Roaming\uTorrent
2014-03-15 01:20 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-03-15 01:08 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-03-14 23:35 . 2014-03-14 23:35 -------- d-----w- c:\programdata\Canneverbe Limited
2014-03-14 20:16 . 2014-03-14 20:16 -------- d-----w- c:\users\Samuele\AppData\Roaming\Canneverbe Limited
2014-03-14 20:16 . 2014-03-14 20:16 -------- d-----w- c:\program files\CDBurnerXP
2014-03-14 00:09 . 2014-03-14 00:10 -------- d-----w- c:\program files\Common Files\Adobe
2014-03-13 23:54 . 2014-03-13 23:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-13 23:54 . 2014-03-13 23:58 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-13 23:50 . 2014-03-14 00:11 -------- d-----w- c:\users\Samuele\AppData\Local\Adobe
2014-03-05 00:32 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2014-03-05 00:22 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2014-03-05 00:01 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2014-03-04 02:34 . 2013-10-30 02:19 301568 ----a-w- c:\windows\system32\msieftp.dll
2014-03-04 02:24 . 2013-07-03 04:02 36352 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-03-04 02:24 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys
2014-03-04 02:24 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys
2014-03-04 02:01 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-03-04 02:01 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-03-04 02:01 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-03-04 02:01 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-03-04 02:01 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-03-04 02:01 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-03-04 02:01 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-03-04 01:48 . 2013-12-06 02:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-04 01:48 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-04 01:25 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-02-28 01:28 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-28 01:28 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-28 01:22 . 2013-12-04 02:03 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-28 01:22 . 2013-12-04 02:03 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-28 01:22 . 2013-12-04 01:54 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-28 01:22 . 2013-12-04 01:54 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-28 01:22 . 2013-12-04 01:54 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-28 01:22 . 2013-12-04 01:54 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-28 01:22 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-28 01:22 . 2013-12-04 02:03 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-28 01:22 . 2013-12-04 02:02 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-28 01:14 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-02-25 02:58 . 2013-12-21 08:56 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-25 02:24 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-25 02:24 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-25 02:24 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2014-02-25 02:24 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-25 02:24 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2014-02-25 02:24 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2014-02-25 02:24 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2014-02-25 02:24 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2014-02-25 02:24 . 2013-10-01 23:00 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-02-25 02:24 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2014-02-25 02:24 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2014-02-25 02:23 . 2013-09-25 01:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 13:31 . 2014-02-01 13:31 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-03-13 689744]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX125 Series]
2009-09-14 06:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeAutoActivation]
2010-12-25 09:36 90112 ----a-w- c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Startup.exe
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-27 37352]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-03-13 440400]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2013-12-19 69240]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [2009-09-14 153600]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [2009-09-14 121856]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-10 87368]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2013-10-17 23040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-11-19 1343400]
R4 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-03-13 1017424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-16 00:17 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-03-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-13 23:58]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-04 20:50]
.
2014-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-12-04 20:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-03-25 14:26:52
ComboFix-quarantined-files.txt 2014-03-25 13:26
.
Pre-Run: 46.872.629.248 byte disponibili
Post-Run: 46.750.052.352 byte disponibili
.
- - End Of File - - 1667FBEA05B1E752D959C8F2F7D9E85A
A36C5E4F47E84449FF07ED3517B43A31
2014-03-25 13:10:30 . 2014-03-25 13:22:20 5,025 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-03-25 13:06:53 . 2014-03-25 13:18:30 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-03-25 13:04:16 . 2014-03-25 13:18:31 164 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-12-09 10:29:41 . 2010-07-19 19:52:17 5,978 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Ordina.htm.vir
2013-12-09 10:29:41 . 2010-07-19 19:52:17 5,978 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Ordin.htm.vir
2013-12-09 10:29:41 . 2013-12-06 21:39:44 4,019 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Leggimi_1a.Txt.vir
2013-12-09 10:29:41 . 2013-09-05 07:09:25 8,165 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Licenza.Txt.vir
2013-12-09 10:29:41 . 2013-06-20 19:21:25 1,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Leggimi.Txt.vir
2014-03-25 13:06:53 . 2014-03-25 13:18:30 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-03-25 13:04:16 . 2014-03-25 13:18:31 164 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-12-09 10:29:41 . 2010-07-19 19:52:17 5,978 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Ordina.htm.vir
2013-12-09 10:29:41 . 2010-07-19 19:52:17 5,978 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Ordin.htm.vir
2013-12-09 10:29:41 . 2013-12-06 21:39:44 4,019 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Leggimi_1a.Txt.vir
2013-12-09 10:29:41 . 2013-09-05 07:09:25 8,165 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Licenza.Txt.vir
2013-12-09 10:29:41 . 2013-06-20 19:21:25 1,934 ----a-w- C:\Qoobox\Quarantine\C\Program Files\WinRAR\Leggimi.Txt.vir
Re: aiuto virus cripta file
-
- Argomenti simili
- Risposte
- Visite
- Ultimo messaggio
-
- 10 Risposte
- 3282 Visite
-
Ultimo messaggio da Al3x
-
- 1 Risposte
- 2247 Visite
-
Ultimo messaggio da cippico
-
- 0 Risposte
- 1544 Visite
-
Ultimo messaggio da crazy.cat
-
- 0 Risposte
- 3449 Visite
-
Ultimo messaggio da giuseppe 1980
-
- 82 Risposte
- 14608 Visite
-
Ultimo messaggio da tekmanfixer777
