Buongiorno.
L'antivirsu AVG non riesce a risolvere la rimozione di "Patched_c.LYU".
Posso procedere manualmente senza compromettere nulla? Qualcuno può descrivermi la procedura?
Si tratta di un net-book con sistema operativo Window 7.
Grazie per qualsiasi aiuto. :)
halduemilauno
12-07-2012, 07:39
Buongiorno.
L'antivirsu AVG non riesce a risolvere la rimozione di "Patched_c.LYU".
Posso procedere manualmente senza compromettere nulla? Qualcuno può descrivermi la procedura?
Si tratta di un net-book con sistema operativo Window 7.
Grazie per qualsiasi aiuto. :)
Puoi provare con un'altro antivirus come avast. Manualmente pulsante destro elimina.
in rete ho trovato questi passaggi per rimuovere manualmente il trojan che hai citato:
Step 1: Restart the computer to Safe mode with networking by restarting your computer, hit F8 key constantly before Windows launches. Select Safe mode with Networking and hit Enter key.
Step 2: Reset your Internet Explorer.
Run internet Explorer, click Tools,
Select Connections Tab and click to Lan Settings button.
Uncheck “Use a proxy server” box. Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Step3: Press CTRL+ALT+DELETE to open the Windows Task Manager. Then stop all the Trojan horse Patched_c.LYU processes.
Step4: Delete malicious registry entries.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “CertificateRevocation” = ’0′
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = ’0′
Step 5: Delete associated files:
%AllUsersProfile%\Application Data\~
%AllUsersProfile%\Application Data\~r
%AllUsersProfile%\Application Data\.dll
Marvel26
28-08-2012, 13:20
aiuto!!!!!....lo chiedo anchio... il mio pc ,protetto con AVG2011, con win7 è infetto da questo virus e piu precisamente il file Windows\System32\services.exe che non posso cancellare...è fastidiosissimo......a volte mi scombussola le icone sul desktop e mi cambia il numero di licenda del antivirus....
la procedura sopra descritta funziona?? ...c' qualche buon anima che me la traduce in italiano...grazie...
Marvel26
29-08-2012, 17:44
nessuno mi puo aiutare?? :mc: :mc:
Chill-Out
29-08-2012, 18:16
aiuto!!!!!....lo chiedo anchio... il mio pc ,protetto con AVG2011, con win7 è infetto da questo virus e piu precisamente il file Windows\System32\services.exe che non posso cancellare...è fastidiosissimo......a volte mi scombussola le icone sul desktop e mi cambia il numero di licenda del antivirus....
la procedura sopra descritta funziona?? ...c' qualche buon anima che me la traduce in italiano...grazie...
nessuno mi puo aiutare?? :mc: :mc:
Fai girare Combofix esattamente come indicato qui
http://www.hwupgrade.it/forum/showthread.php?t=1984665
al termine allega il log.
Marvel26
30-08-2012, 09:04
ComboFix 12-08-28.03 - Administrator 30/08/2012 8:17.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3327.2382 [GMT 2:00]
Eseguito da: g:\users\Administrator\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
g:\program files\HDD Regenerator\HDD Regenerator.exe
g:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag
g:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\ Check Your PC Performance.url
g:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag on the Web.url
g:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Auslogics Disk Defrag.lnk
g:\programdata\Microsoft\Windows\Start Menu\Programs\Disk Defrag\Uninstall Auslogics Disk Defrag.lnk
g:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sys8787_DataList.bin
g:\users\Administrator\AppData\Roaming\847711875.log
g:\windows\assembly\GAC\Desktop.ini
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\L\00000004.@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\L\1afb2d56
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\L\201d3dde
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\U\00000004.@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\U\00000008.@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\U\000000cb.@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\U\80000000.@
g:\windows\Installer\{ee6881c4-e1f3-a112-876c-42017b0c1e63}\U\80000032.@
g:\windows\system32\cc32100mt.dll
.
La copia infetta di g:\windows\system32\Services.exe è stata trovata e disinfettata
ipristinata copia da - g:\combofix\HarddiskVolumeShadowCopy5_!Windows!winsxs!x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b!services.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-28 al 2012-08-30 )))))))))))))))))))))))))))))))))))
.
.
2012-08-30 06:25 . 2012-08-30 06:27 -------- d-----w- g:\users\Administrator\AppData\Local\temp
2012-08-30 06:25 . 2012-08-30 06:25 -------- d-----w- g:\users\Default\AppData\Local\temp
2012-08-30 06:25 . 2012-08-30 06:25 -------- d-----w- g:\users\Guest\AppData\Local\temp
2012-08-29 07:21 . 2012-08-29 07:21 22 --sha-w- g:\windows\90C7D912BE2316.sys
2012-08-29 07:21 . 2012-08-29 07:21 22 --sha-w- g:\users\Administrator\AppData\Roaming\Windows1569_SettingsRepository.bin
2012-08-29 07:21 . 2012-08-29 07:21 0 ----a-w- g:\users\Administrator\AppData\Local\jv16PT_temp.tmp
2012-08-29 07:21 . 2012-08-29 07:21 -------- d-----w- g:\program files\jv16 PowerTools 2012
2012-08-24 14:10 . 2012-08-24 14:10 -------- d-----w- g:\users\Administrator\AppData\Local\Facebook
2012-08-23 14:01 . 2012-08-26 06:28 -------- d-----w- g:\program files\stinger
2012-08-23 13:50 . 2012-08-23 13:50 -------- d-----w- g:\programdata\IObit
2012-08-23 13:49 . 2012-08-23 13:49 -------- d-----w- g:\users\Administrator\AppData\Roaming\IObit
2012-08-23 13:49 . 2012-08-23 13:49 -------- d-----w- g:\program files\IObit
2012-08-18 12:53 . 2012-08-18 12:53 -------- d-----w- g:\users\Administrator\AppData\Roaming\Nuance
2012-08-18 12:52 . 2012-08-18 12:52 -------- d-----w- g:\users\Administrator\AppData\Roaming\FLEXnet
2012-08-18 12:49 . 2012-08-18 12:49 -------- d-----w- g:\programdata\Nuance
2012-08-18 12:49 . 2012-08-18 12:49 -------- d-----w- g:\program files\Nuance
2012-08-15 05:53 . 2012-08-15 06:29 -------- d-----w- g:\users\Administrator\AppData\Local\libimobiledevice
2012-08-14 13:26 . 2012-08-14 13:26 -------- d-----w- g:\users\Administrator\AppData\Roaming\Malwarebytes
2012-08-14 13:26 . 2012-08-14 13:37 -------- d-----w- g:\programdata\Malwarebytes
2012-08-14 13:26 . 2012-08-14 13:26 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2012-08-14 13:26 . 2012-07-03 11:46 22344 ----a-w- g:\windows\system32\drivers\mbam.sys
2012-08-13 16:06 . 2012-08-13 16:06 -------- d-----w- g:\program files\oovoo
2012-08-11 15:19 . 2012-08-11 15:19 -------- d-----w- g:\users\Administrator\AppData\Roaming\WinAVI
2012-08-11 15:19 . 2012-08-11 15:19 -------- d-----w- g:\users\Administrator\AppData\Local\WinAVI
2012-08-11 15:19 . 2012-08-11 15:19 -------- d-----w- g:\program files\WinAVI
2012-08-04 13:44 . 2012-08-04 13:44 -------- d-----w- g:\program files\Avidemux 2.5
2012-08-04 13:35 . 2012-08-04 13:41 -------- d-----w- g:\program files\VLMC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 08:58 . 2012-04-16 10:56 426184 ----a-w- g:\windows\system32\FlashPlayerApp.exe
2012-08-10 08:58 . 2011-08-11 09:02 70344 ----a-w- g:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-29 11:51 . 2012-06-29 11:51 21840 ----atw- g:\windows\system32\SIntfNT.dll
2012-06-29 11:51 . 2012-06-29 11:51 17212 ----atw- g:\windows\system32\SIntf32.dll
2012-06-29 11:51 . 2012-06-29 11:51 12067 ----atw- g:\windows\system32\SIntf16.dll
2012-06-20 12:26 . 2012-06-20 12:26 3584 ----a-r- g:\users\Administrator\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2012-07-19 09:09 . 2011-08-11 06:37 136672 ----a-w- g:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="g:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- g:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0g:\progra~2\AVG\AVG10\avgchsvx.exe /sync\0g:\progra~2\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SplitCam
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeARM.exe]
2012-07-27 20:51 919008 ----a-w- g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon.exe]
2011-11-01 22:25 59240 ----a-w- g:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgtray.exe]
2012-01-17 18:03 2339168 ----a-w- g:\program files\AVG\AVG10\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLIStart.exe]
2011-07-07 21:38 336384 ----a-w- g:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTLite.exe]
2011-11-10 09:17 3514176 ----a-w- g:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emule.exe]
2010-04-07 13:00 5758976 ----a-w- g:\program files\eMule\emule.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper.exe]
2011-12-08 00:36 421736 ----a-w- g:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched.exe]
2012-01-17 09:07 252296 ----a-w- g:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTTask.exe]
2011-10-24 13:28 421888 ----a-w- g:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched.exe]
2011-11-10 12:02 273528 ----a-w- g:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl.exe]
2011-07-07 09:33 10754664 ------w- g:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\schedhlp.exe]
2010-12-16 22:31 391008 ----a-w- g:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint.exe]
2011-10-07 09:40 1387288 ----a-w- g:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
2003-12-30 23:39 40960 ----a-w- g:\windows\vsnpstd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-11-16 02:47 2564096 ----a-w- g:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
.
R2 gupdate;Servizio Google Update (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;g:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;g:\program files\Skype\Updater\Updater.exe [x]
R3 amdkmdag;amdkmdag;g:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;g:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 CCCP106;110T SPACEC@M;g:\windows\system32\DRIVERS\cccp106.sys [x]
R3 dmvsc;dmvsc;g:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);g:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;g:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;g:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;g:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;g:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;g:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;g:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;g:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;g:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;g:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSEH;AVGIDSEH;g:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;g:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 sptd;sptd;g:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);g:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;g:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;g:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;g:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;g:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 afcdpsrv;Servizio Acronis Nonstop Backup;g:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;g:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;g:\program files\AVG\AVG10\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;g:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
S2 avgwd;AVG WatchDog;g:\program files\AVG\AVG10\avgwdsvc.exe [x]
S2 SSPORT;SSPORT;g:\windows\system32\Drivers\SSPORT.sys [x]
S2 TeamViewer6;TeamViewer 6;g:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S3 afcdp;afcdp;g:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;g:\windows\system32\drivers\AtihdW73.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;g:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;g:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;g:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;g:\windows\system32\DRIVERS\ManyCam.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-24 g:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-543364495-4242703389-1165304086-500Core.job
- g:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 14:10]
.
2012-08-24 g:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-543364495-4242703389-1165304086-500UA.job
- g:\users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-24 14:10]
.
2012-08-14 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 09:28]
.
2012-08-24 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- g:\program files\Google\Update\GoogleUpdate.exe [2012-01-08 09:28]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - g:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{1524E833-A6CC-4AE0-983C-FE102567EAAB}: NameServer = 192.168.1.1
FF - ProfilePath - g:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ylho0beo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.libero.it/
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-HDD Regenerator - g:\program files\HDD Regenerator\HDD Regenerator.exe
AddRemove-FoxTab Video Converter - g:\program files\FoxTabVideoConverter\Uninstall\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,e8,b4,
26,5a,3a,38,02,b3,60,11,3c,e6,d0,8f,db
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:4e,ab,1e,7e,5d,65,cc,01
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,32,d8,36,b8,39,f2,45,82,9f,dc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,32,d8,36,b8,39,f2,45,82,9f,dc,\
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jpegfile"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-543364495-4242703389-1165304086-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Battery]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\DLNASupport]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\MLS]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\NodeCLSIDs]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects]
@DACL=(02 0000)
@="Layout Manager Objects"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Player]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PlayerUpgrade]
@DACL=(02 0000)
"EnableAutoUpgrade"="no"
"PlayerVersion"="12,0,7601,17514"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Plugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\PREFERENCES]
@DACL=(02 0000)
"OEMServiceOverride11"=""
"WMPNSSFirewallPortsOpen"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Setup]
@DACL=(02 0000)
"Install ID"="{9B9C471A-6438-46DF-A3FD-72B8DAD12A7B}"
"MPEG2In"=dword:00000001
"MPEG2AddIn"=dword:00000001
"MPEG2AddInEnable"=dword:00000000
"DolbyIn"=dword:00000001
"DolbyAddIn"=dword:00000001
"DolbyAddInEnable"=dword:00000000
"ResetAutoPlay"="12,0,7601,17514"
"Progress_MaxDialog"=dword:00000009
"Progress_CurrentInstall"=dword:00000000
"Progress_MaxInstall"=dword:00000001
"Progress_CurrentDialog"=dword:00000009
"InstallResult"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\UIPlugins]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Windows\CurrentVersion]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
g:\progra~2\AVG\AVG10\avgchsvx.exe
g:\progra~2\AVG\AVG10\avgrsx.exe
g:\windows\system32\atieclxx.exe
g:\program files\Common Files\Acronis\Schedule2\schedul2.exe
g:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
g:\windows\system32\conhost.exe
g:\program files\Bonjour\mDNSResponder.exe
g:\windows\system32\sppsvc.exe
g:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
g:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
g:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
g:\program files\TeamViewer\Version6\TeamViewer.exe
g:\windows\system32\WUDFHost.exe
g:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2012-08-30 08:30:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-08-30 06:30
.
Pre-Run: 456.191.918.080 byte disponibili
Post-Run: 455.710.928.896 byte disponibili
.
- - End Of File - - 32E6BB4C8D7DF557E0015ECF8E471F34
scusate ma non sapevo come fare a allegare..
Chill-Out
31-08-2012, 11:30
Come allegare un log http://www.hwupgrade.it/forum/showthread.php?t=1751598
dovremmo essere a posto, aggiorna AVG alla versione 2012 e ripeti scansione completa.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.