• Registrarse
  • Iniciar sesión


  • Resultados 1 al 9 de 9

    C:\Windows\Installer\...\80000032.@

    Hola , tengo problema con mi computadora y leyendo otros temas me animé a escribir. desde un par de dias mi antivirus free(avira control center) cada 5 minutos dice que tengo estos: W32/Patched.UB en c:\Windows\System32\services.exe ...

    1. #1
      Usuario Avatar de mimal
      Registrado
      ago 2012
      Ubicación
      Italia
      Mensajes
      5

      Malware C:\Windows\Installer\...\80000032.@

      Hola ,
      tengo problema con mi computadora y leyendo otros temas me animé a escribir.
      desde un par de dias mi antivirus free(avira control center) cada 5 minutos dice que tengo estos:
      W32/Patched.UB en c:\Windows\System32\services.exe
      TR/ATRAPS.Gen2 en c:\Windows\Installer\...\80000032.@
      y dice que se denegò el acceso a este fichero .
      Espero puedan ayudarme ,entiendo muy poco de estas cosa
      gracias

    2. #2
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      re: c:\Windows\Installer\...\80000032.@

      Hola mimal Bienvenida a infospyware

      Por favor, realiza lo escrito en esta guía: How do I remove Sirefef (ZeroAccess) trojan? - ESET Knowledgebase

      Nos comentas los resultados trayendo el correspondiente informe.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de mimal
      Registrado
      ago 2012
      Ubicación
      Italia
      Mensajes
      5

      Re: c:\Windows\Installer\...\80000032.@

      hola
      he intentado hacer lo indicado. Descargué las herramientas, ejecuté el primero EZ_SireFix.exe y ok . Luego ejecuté el segundo ESETSirefefremover y dijo como resultado que no hay nada y reinicié el equipo . La tercera herramienta no me hizo hacer todo lo que habìa que hacer .
      El problema sigue

    4. #4
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: C:\Windows\Installer\...\80000032.@

      Hola de nuevo,


      En modo normal


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe para continuar. Es Importante instalar Recovery Console si es solicitado por ComboFix.
      • Cuando termine, generará un registro en C:\ComboFix.txt.
      • *Nota* Mientras ComboFix este trabajando no mover el mouse ya que pararía su proceso.
      • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.


      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de mimal
      Registrado
      ago 2012
      Ubicación
      Italia
      Mensajes
      5

      Re: C:\Windows\Installer\...\80000032.@

      No me deja ir al report c:\combofix.txt , pero se abriò lo siguiente :

      ComboFix 12-08-18.03 - melo 19/08/2012 14.02.48.1.2 - x86
      Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.2039.983 [GMT 2:00]
      Eseguito da: c:\users\melo\Desktop\ComboFix.exe
      AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      c:\users\melo\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
      c:\users\melo\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
      c:\users\melo\AppData\Roaming\OfferBox
      c:\users\melo\AppData\Roaming\OfferBox\config.xml
      c:\users\melo\AppData\Roaming\Remote
      c:\users\melo\AppData\Roaming\Remote\16112011_132259_9673762_skey_16-11-2011__13-23-8_.cab
      c:\users\melo\AppData\Roaming\Remote\ed3_shrd
      c:\users\melo\AppData\Roaming\Remote\knd
      c:\users\melo\AppData\Roaming\Remote\mlji.dat
      c:\users\melo\AppData\Roaming\Remote\mxd1.txt
      c:\users\melo\AppData\Roaming\Remote\nje.dat
      c:\users\melo\AppData\Roaming\Remote\rg.dat
      c:\users\melo\AppData\Roaming\Remote\xnre.dat
      c:\users\melo\Documents\~WRL1790.tmp
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\201d3dde
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
      c:\windows\IsUn0410.exe
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\regtlib.exe
      .
      La copia infetta di c:\windows\system32\Services.exe è stata trovata e disinfettata
      ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
      .
      .
      ((((((((((((((((((((((((( Files Creati Da 2012-07-19 al 2012-08-19 )))))))))))))))))))))))))))))))))))
      .
      .
      2012-08-19 12:21 . 2012-08-19 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-08-18 05:09 . 2012-08-18 05:09 -------- d-----w- c:\program files\Avira
      2012-08-17 06:17 . 2012-08-17 06:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
      2012-08-17 06:08 . 2012-08-17 19:44 -------- d-----w- c:\users\melo\AppData\Roaming\xsecva
      2012-08-16 06:44 . 2012-08-16 06:48 -------- d-----w- C:\354ddcab4829b04d907fd338185d
      2012-08-16 05:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
      2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-07-04 14:02 . 2012-08-16 06:41 2047488 ----a-w- c:\windows\system32\win32k.sys
      2012-06-29 00:09 . 2012-08-16 06:42 1129472 ----a-w- c:\windows\system32\wininet.dll
      2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
      2012-06-05 16:47 . 2012-07-11 11:32 1401856 ----a-w- c:\windows\system32\msxml6.dll
      2012-06-05 16:47 . 2012-07-11 11:32 1248768 ----a-w- c:\windows\system32\msxml3.dll
      2012-06-04 15:26 . 2012-07-11 11:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2012-06-02 22:19 . 2012-06-21 06:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
      2012-06-02 22:19 . 2012-06-21 06:58 45080 ----a-w- c:\windows\system32\wups2.dll
      2012-06-02 22:19 . 2012-06-21 06:57 35864 ----a-w- c:\windows\system32\wups.dll
      2012-06-02 22:19 . 2012-06-21 06:57 577048 ----a-w- c:\windows\system32\wuapi.dll
      2012-06-02 22:19 . 2012-06-21 06:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
      2012-06-02 22:12 . 2012-06-21 06:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
      2012-06-02 22:12 . 2012-06-21 06:57 88576 ----a-w- c:\windows\system32\wudriver.dll
      2012-06-02 13:19 . 2012-06-21 06:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
      2012-06-02 13:12 . 2012-06-21 06:57 33792 ----a-w- c:\windows\system32\wuapp.exe
      2012-06-02 00:04 . 2012-07-11 11:25 278528 ----a-w- c:\windows\system32\schannel.dll
      2012-06-02 00:03 . 2012-07-11 11:25 204288 ----a-w- c:\windows\system32\ncrypt.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Nota* i valori vuoti & legittimi/default non sono visualizzati.
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
      2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
      "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
      "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
      "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
      "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
      "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
      "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-26 197904]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
      2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
      "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "DXM6Patch_981116"=c:\windows\p_981116.exe /Q:A
      .
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contenuto della cartella 'Scheduled Tasks'
      .
      2012-08-19 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2012-03-15 09:01]
      .
      2012-08-19 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 17:30]
      .
      2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      .
      ------- Scansione supplementare -------
      .
      uStart Page = hxxp://www.google.it/
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=all&pf=cmnb
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
      TCP: DhcpNameServer = 192.168.1.1
      Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      FF - ProfilePath - c:\users\melo\AppData\Roaming\Mozilla\Firefox\Profiles\z530wrdb.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxp://freakylinks.info/555
      FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=it_IT&apn_uid=3802ec2e-c57f-40e5-a684-10af56bd15c5&apn_ptnrs=%5EABZ&apn_sauid=BF1BD038-E2F9-43FC-A43B-8451B5636AF1&apn_dtid=%5EYYYYYY%5EYY%5EIT&&q=
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      - - - - CHIAVI ORFANE RIMOSSE - - - -
      .
      Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
      AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
      .
      .
      .
      **************************************************************************
      scansione processi nascosti ...
      .
      scansione entrate autostart nascoste ...
      .
      Scansione files nascosti ...
      .
      Scansione completata con successo
      Files nascosti:
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
      "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      ------------------------ Altri processi in esecuzione ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\sched.exe
      c:\windows\system32\AEADISRV.EXE
      c:\windows\system32\agrsmsvc.exe
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\windows\system32\FsUsbExService.Exe
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\PDF Complete\pdfsvc.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
      c:\program files\Avira\AntiVir Desktop\avshadow.exe
      c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      c:\windows\system32\conime.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
      c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
      c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      c:\program files\Synaptics\SynTP\SynTPHelper.exe
      .
      **************************************************************************
      .
      Ora fine scansione: 2012-08-19 14:43:00 - Il pc è stato riavviato
      ComboFix-quarantined-files.txt 2012-08-19 12:42
      .
      Pre-Run: 53.861.425.152 byte disponibili
      Post-Run: 54.708.092.928 byte disponibili
      .
      - - End Of File - - 8ED1D92078FB96C8D0D4D257E9C8AA8F

      No me deja abrir el broswer de explorer,he tenido que ir a start>guida e supporto tecnico y buscar un collegamento ipertestuale para lograrlo
      no me abre los files word,mp3 y avi

    6. #6
      Usuario Avatar de mimal
      Registrado
      ago 2012
      Ubicación
      Italia
      Mensajes
      5

      Re: C:\Windows\Installer\...\80000032.@

      perdon reinicié y ahora todo parece funcionar !
      no se si es lo mismo de antes per esto es lo que encuentro en c:\combofix.txt ahora que pude abrirlo:

      ComboFix 12-08-18.03 - melo 19/08/2012 14.02.48.1.2 - x86
      Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.2039.983 [GMT 2:00]
      Eseguito da: c:\users\melo\Desktop\ComboFix.exe
      AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      C:\install.exe
      c:\users\melo\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
      c:\users\melo\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
      c:\users\melo\AppData\Roaming\OfferBox
      c:\users\melo\AppData\Roaming\OfferBox\config.xml
      c:\users\melo\AppData\Roaming\Remote
      c:\users\melo\AppData\Roaming\Remote\16112011_132259_9673762_skey_16-11-2011__13-23-8_.cab
      c:\users\melo\AppData\Roaming\Remote\ed3_shrd
      c:\users\melo\AppData\Roaming\Remote\knd
      c:\users\melo\AppData\Roaming\Remote\mlji.dat
      c:\users\melo\AppData\Roaming\Remote\mxd1.txt
      c:\users\melo\AppData\Roaming\Remote\nje.dat
      c:\users\melo\AppData\Roaming\Remote\rg.dat
      c:\users\melo\AppData\Roaming\Remote\xnre.dat
      c:\users\melo\Documents\~WRL1790.tmp
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\201d3dde
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
      c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
      c:\windows\IsUn0410.exe
      c:\windows\system32\URTTemp
      c:\windows\system32\URTTemp\regtlib.exe
      .
      La copia infetta di c:\windows\system32\Services.exe è stata trovata e disinfettata
      ipristinata copia da - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
      .
      .
      ((((((((((((((((((((((((( Files Creati Da 2012-07-19 al 2012-08-19 )))))))))))))))))))))))))))))))))))
      .
      .
      2012-08-19 12:21 . 2012-08-19 12:21 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-08-18 05:09 . 2012-08-18 05:09 -------- d-----w- c:\program files\Avira
      2012-08-17 06:17 . 2012-08-17 06:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
      2012-08-17 06:08 . 2012-08-17 19:44 -------- d-----w- c:\users\melo\AppData\Roaming\xsecva
      2012-08-16 06:44 . 2012-08-16 06:48 -------- d-----w- C:\354ddcab4829b04d907fd338185d
      2012-08-16 05:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
      2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-07-04 14:02 . 2012-08-16 06:41 2047488 ----a-w- c:\windows\system32\win32k.sys
      2012-06-29 00:09 . 2012-08-16 06:42 1129472 ----a-w- c:\windows\system32\wininet.dll
      2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
      2012-06-05 16:47 . 2012-07-11 11:32 1401856 ----a-w- c:\windows\system32\msxml6.dll
      2012-06-05 16:47 . 2012-07-11 11:32 1248768 ----a-w- c:\windows\system32\msxml3.dll
      2012-06-04 15:26 . 2012-07-11 11:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2012-06-02 22:19 . 2012-06-21 06:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
      2012-06-02 22:19 . 2012-06-21 06:58 45080 ----a-w- c:\windows\system32\wups2.dll
      2012-06-02 22:19 . 2012-06-21 06:57 35864 ----a-w- c:\windows\system32\wups.dll
      2012-06-02 22:19 . 2012-06-21 06:57 577048 ----a-w- c:\windows\system32\wuapi.dll
      2012-06-02 22:19 . 2012-06-21 06:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
      2012-06-02 22:12 . 2012-06-21 06:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
      2012-06-02 22:12 . 2012-06-21 06:57 88576 ----a-w- c:\windows\system32\wudriver.dll
      2012-06-02 13:19 . 2012-06-21 06:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
      2012-06-02 13:12 . 2012-06-21 06:57 33792 ----a-w- c:\windows\system32\wuapp.exe
      2012-06-02 00:04 . 2012-07-11 11:25 278528 ----a-w- c:\windows\system32\schannel.dll
      2012-06-02 00:03 . 2012-07-11 11:25 204288 ----a-w- c:\windows\system32\ncrypt.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Nota* i valori vuoti & legittimi/default non sono visualizzati.
      REGEDIT4
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
      .
      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
      2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      .
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
      .
      [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
      "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
      "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
      "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
      "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
      "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
      "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-26 197904]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
      2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
      @="Driver"
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
      "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "DXM6Patch_981116"=c:\windows\p_981116.exe /Q:A
      .
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contenuto della cartella 'Scheduled Tasks'
      .
      2012-08-19 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2012-03-15 09:01]
      .
      2012-08-19 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 17:30]
      .
      2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      .
      ------- Scansione supplementare -------
      .
      uStart Page = hxxp://www.google.it/
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=all&pf=cmnb
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
      TCP: DhcpNameServer = 192.168.1.1
      Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      FF - ProfilePath - c:\users\melo\AppData\Roaming\Mozilla\Firefox\Profiles\z530wrdb.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxp://freakylinks.info/555
      FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=it_IT&apn_uid=3802ec2e-c57f-40e5-a684-10af56bd15c5&apn_ptnrs=%5EABZ&apn_sauid=BF1BD038-E2F9-43FC-A43B-8451B5636AF1&apn_dtid=%5EYYYYYY%5EYY%5EIT&&q=
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      - - - - CHIAVI ORFANE RIMOSSE - - - -
      .
      Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
      HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
      AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
      .
      .
      .
      **************************************************************************
      scansione processi nascosti ...
      .
      scansione entrate autostart nascoste ...
      .
      Scansione files nascosti ...
      .
      Scansione completata con successo
      Files nascosti:
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
      "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      ------------------------ Altri processi in esecuzione ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\sched.exe
      c:\windows\system32\AEADISRV.EXE
      c:\windows\system32\agrsmsvc.exe
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\windows\system32\FsUsbExService.Exe
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\PDF Complete\pdfsvc.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
      c:\program files\Avira\AntiVir Desktop\avshadow.exe
      c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      c:\windows\system32\conime.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
      c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
      c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      c:\program files\Synaptics\SynTP\SynTPHelper.exe
      .
      **************************************************************************
      .
      Ora fine scansione: 2012-08-19 14:43:00 - Il pc è stato riavviato
      ComboFix-quarantined-files.txt 2012-08-19 12:42
      .
      Pre-Run: 53.861.425.152 byte disponibili
      Post-Run: 54.708.092.928 byte disponibili
      .
      - - End Of File - - 8ED1D92078FB96C8D0D4D257E9C8AA8F

    7. #7
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: C:\Windows\Installer\...\80000032.@

      Hola de nuevo,

      1.-Abre el Notepad (Bloc de notas)

      Windows XP
      Ve a Inicio >> Selecciona Ejecutar >> Escribe dentro Notepad
      Windows Vista / Windows 7
      Ve a Inicio >> Todos los programas >> Accesorios >> Selecciona Ejecutar >> Escribe dentro Notepad


      2.-Ahora copie y pegue estos archivos dentro del Notepad.

      Código:
      KillAll::
      
      Folder::
      c:\windows\system32\%APPDATA%
      c:\program files\Ask.com
      
      Registry::
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
      [-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
      [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
      [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
      [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
      [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ApnUpdater"=-
      
      FireFox::
      FF - ProfilePath - c:\users\melo\AppData\Roaming\Mozilla\Firefox\Profiles\z530wrdb.default\
      FF - prefs.js: browser.search.selectedEngine - Ask.com
      FF - prefs.js: browser.startup.homepage - hxxp://freakylinks.info/555
      FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=it_IT&apn_uid=3802ec2e-c57f-40e5-a684-10af56bd15c5&apn_ptnrs=%5EABZ&apn_sauid=BF1BD038-E2F9-43FC-A43B-8451B5636AF1&apn_dtid=%5EYYYYYY%5EYY%5EIT&&q=
      3.- Guarde este archivo con el nombre CFScript.txt dentro del Escritorio.

      4.- Arrastre y suelte el archivo CFScript.txt dentro del archivo ComboFix.exe como muestra la animación debajo. Esto activara ComboFix nuevamente.


      • Reinicie su PC y déjenos el nuevo reporte de ComboFix, comentándonos cómo esta funcionado todo actualmente.


      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    8. #8
      Usuario Avatar de mimal
      Registrado
      ago 2012
      Ubicación
      Italia
      Mensajes
      5

      Re: C:\Windows\Installer\...\80000032.@

      Todo funciona bien gracias :)


      ComboFix 12-08-18.03 - melo 26/08/2012 11.25.37.2.2 - x86
      Microsoft® Windows Vista™ Business 6.0.6002.2.1252.39.1040.18.2039.960 [GMT 2:00]
      Eseguito da: c:\users\melo\Desktop\ComboFix.exe
      Opzioni usate :: c:\users\melo\Desktop\CFScript.txt
      AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
      SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      .
      ((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\program files\Ask.com
      c:\program files\Ask.com\assets\oobe\b.png
      c:\program files\Ask.com\assets\oobe\bl.png
      c:\program files\Ask.com\assets\oobe\br.png
      c:\program files\Ask.com\assets\oobe\l.png
      c:\program files\Ask.com\assets\oobe\pointer.png
      c:\program files\Ask.com\assets\oobe\r.png
      c:\program files\Ask.com\assets\oobe\t.png
      c:\program files\Ask.com\assets\oobe\tl.png
      c:\program files\Ask.com\assets\oobe\tr.png
      c:\program files\Ask.com\AviraBrowserSecurity.exe
      c:\program files\Ask.com\cb_36f8.ico
      c:\program files\Ask.com\cobrand.ico
      c:\program files\Ask.com\config.xml
      c:\program files\Ask.com\favicon.ico
      c:\program files\Ask.com\fv_2de3.ico
      c:\program files\Ask.com\GenericAskToolbar.dll
      c:\program files\Ask.com\mupcfg.xml
      c:\program files\Ask.com\precache.exe
      c:\program files\Ask.com\SaUpdate.exe
      c:\program files\Ask.com\Updater\config.xml
      c:\program files\Ask.com\Updater\Updater.exe
      c:\program files\Ask.com\UpdateTask.exe
      c:\windows\system32\%APPDATA%
      c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
      c:\windows\system32\muzapp.exe
      .
      .
      ((((((((((((((((((((((((( Files Creati Da 2012-07-26 al 2012-08-26 )))))))))))))))))))))))))))))))))))
      .
      .
      2012-08-26 09:41 . 2012-08-26 09:50 -------- d-----w- c:\users\melo\AppData\Local\temp
      2012-08-26 09:41 . 2012-08-26 09:41 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
      2012-08-26 09:41 . 2012-08-26 09:41 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-08-25 12:28 . 2012-08-25 12:28 -------- d-----w- C:\found.000
      2012-08-19 08:21 . 2012-08-19 08:21 -------- d-----w- c:\users\melo\AppData\Local\AskToolbar
      2012-08-18 05:14 . 2012-08-18 05:14 -------- d-----w- c:\users\melo\AppData\Roaming\Avira
      2012-08-18 05:10 . 2012-08-19 08:11 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2012-08-18 05:10 . 2012-08-19 08:11 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2012-08-18 05:10 . 2012-02-03 13:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
      2012-08-18 05:09 . 2012-08-19 08:21 -------- d-----w- c:\programdata\Avira
      2012-08-18 05:09 . 2012-08-18 05:09 -------- d-----w- c:\program files\Avira
      2012-08-17 06:08 . 2012-08-17 19:44 -------- d-----w- c:\users\melo\AppData\Roaming\xsecva
      2012-08-16 06:44 . 2012-08-16 06:48 -------- d-----w- C:\354ddcab4829b04d907fd338185d
      2012-08-16 06:41 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
      2012-08-16 05:34 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
      2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
      2012-06-05 16:47 . 2012-07-11 11:32 1401856 ----a-w- c:\windows\system32\msxml6.dll
      2012-06-05 16:47 . 2012-07-11 11:32 1248768 ----a-w- c:\windows\system32\msxml3.dll
      2012-06-04 15:26 . 2012-07-11 11:25 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
      2012-06-02 22:19 . 2012-06-21 06:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
      2012-06-02 22:19 . 2012-06-21 06:58 45080 ----a-w- c:\windows\system32\wups2.dll
      2012-06-02 22:19 . 2012-06-21 06:57 35864 ----a-w- c:\windows\system32\wups.dll
      2012-06-02 22:19 . 2012-06-21 06:57 577048 ----a-w- c:\windows\system32\wuapi.dll
      2012-06-02 22:19 . 2012-06-21 06:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
      2012-06-02 22:12 . 2012-06-21 06:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
      2012-06-02 22:12 . 2012-06-21 06:57 88576 ----a-w- c:\windows\system32\wudriver.dll
      2012-06-02 13:19 . 2012-06-21 06:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
      2012-06-02 13:12 . 2012-06-21 06:57 33792 ----a-w- c:\windows\system32\wuapp.exe
      2012-06-02 00:04 . 2012-07-11 11:25 278528 ----a-w- c:\windows\system32\schannel.dll
      2012-06-02 00:03 . 2012-07-11 11:25 204288 ----a-w- c:\windows\system32\ncrypt.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Nota* i valori vuoti & legittimi/default non sono visualizzati.
      REGEDIT4
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
      "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-18 178712]
      "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
      "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
      "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
      "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2008-04-21 197904]
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
      "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-04-16 479232]
      "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
      "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
      "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
      "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
      "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-6-26 197904]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
      2007-06-08 16:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "aux"=wdmaud.drv
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
      "HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
      "DXM6Patch_981116"=c:\windows\p_981116.exe /Q:A
      .
      S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
      .
      .
      --- Altri Servizi/Drivers In Memoria ---
      .
      *NewlyCreated* - FSUSBEXDISK
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
      .
      Contenuto della cartella 'Scheduled Tasks'
      .
      2012-08-26 c:\windows\Tasks\GlaryInitialize.job
      - c:\program files\Glary Utilities\initialize.exe [2012-03-15 09:01]
      .
      2012-08-25 c:\windows\Tasks\Google Software Updater.job
      - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-22 17:30]
      .
      2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-22 18:49]
      .
      .
      ------- Scansione supplementare -------
      .
      uStart Page = hxxp://www.google.it/
      mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=83&bd=all&pf=cmnb
      IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
      IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
      IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
      IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
      LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
      TCP: DhcpNameServer = 192.168.1.1
      Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
      FF - ProfilePath - c:\users\melo\AppData\Roaming\Mozilla\Firefox\Profiles\z530wrdb.default\
      FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
      FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
      FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
      FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
      FF - user.js: network.cookie.cookieBehavior - 0
      FF - user.js: privacy.clearOnShutdown.cookies - false
      FF - user.js: security.warn_viewing_mixed - false
      FF - user.js: security.warn_viewing_mixed.show_once - false
      FF - user.js: security.warn_submit_insecure - false
      FF - user.js: security.warn_submit_insecure.show_once - false
      .
      - - - - CHIAVI ORFANE RIMOSSE - - - -
      .
      BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
      SafeBoot-Wdf01000.sys
      AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
      .
      .
      .
      **************************************************************************
      .
      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2012-08-26 11:52
      Windows 6.0.6002 Service Pack 2 NTFS
      .
      scansione processi nascosti ...
      .
      scansione entrate autostart nascoste ...
      .
      Scansione files nascosti ...
      .
      Scansione completata con successo
      Files nascosti: 0
      .
      **************************************************************************
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
      "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
      .
      --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      "MSCurrentCountry"=dword:000000b5
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      ------------------------ Altri processi in esecuzione ------------------------
      .
      c:\program files\Avira\AntiVir Desktop\sched.exe
      c:\windows\System32\lpksetup.exe
      c:\windows\system32\AEADISRV.EXE
      c:\windows\system32\agrsmsvc.exe
      c:\program files\Avira\AntiVir Desktop\avguard.exe
      c:\windows\system32\FsUsbExService.Exe
      c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      c:\program files\Common Files\LightScribe\LSSrvc.exe
      c:\program files\PDF Complete\pdfsvc.exe
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
      c:\program files\Avira\AntiVir Desktop\avshadow.exe
      c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
      c:\windows\servicing\TrustedInstaller.exe
      c:\windows\system32\conime.exe
      c:\windows\system32\igfxsrvc.exe
      c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
      c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
      c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
      c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
      c:\program files\Synaptics\SynTP\SynTPHelper.exe
      c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
      c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
      .
      **************************************************************************
      .
      Ora fine scansione: 2012-08-26 11:59:19 - Il pc è stato riavviato
      ComboFix-quarantined-files.txt 2012-08-26 09:59
      ComboFix2.txt 2012-08-19 12:43
      .
      Pre-Run: 53.492.051.968 byte disponibili
      Post-Run: 53.775.003.648 byte disponibili
      .
      - - End Of File - - 4FEBBCCB4C19C8FE3342F9DDDD42878A

    9. #9
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: C:\Windows\Installer\...\80000032.@

      Hola de nuevo,

      Desinstala ComboFix de la siguiente manera:

      Vas a Inicio > Ejecutar y escribes ComboFix /Uninstall como lo muestra la imagen:




      Presiona aceptar. Esto activará el desinstalador de ComboFix y luego de unos segundos verás ComboFix is uninstalled.

      Nos comentas cómo está funcionando todo para ir cerrando.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.