Condividi:        

fileLog HijackThis quali chiavi devo eliminare???

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

fileLog HijackThis quali chiavi devo eliminare???

Postdi superalive » 15/02/10 20:09

Salve a tutti, devo avere qualche malware sul mio pc che mi fa aprire pagine di IE in continuazione, ho usato un paio di software AntiSpyware ma nulla da fare....vi posto il mio filelog di Hijackthis, se qualcuno può aiutarmi a capire cosa eliminare gliene sarei molto grato.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.47.19, on 15/02/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Users\francesco\AppData\Local\Temp\win32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\FRANCE~1\AppData\Local\Temp\Ypw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\francesco\AppData\Local\Temp\Ypv.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Wvugake] rundll32.exe "C:\Users\francesco\AppData\Local\NlenCPXT.dll",Startup
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\francesco\AppData\Local\Temp\Ypv.exe
O4 - HKCU\..\Run: [Vgiruyudikugo] rundll32.exe "C:\Users\francesco\AppData\Local\upihejozugitixe.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\francesco\AppData\Local\Temp\by9ydsm.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\francesco\AppData\Local\Temp\win32.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2603F927-D8B3-46C1-A75C-808DE192B240}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14122 bytes
superalive
Newbie
 
Post: 5
Iscritto il: 15/02/10 20:03

Sponsor
 

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 15/02/10 20:21

Ciao superalive, a giudicare dal log di hijackthis il pc non è messo bene.

Iniziamo con delle scansioni mirate e poi vedremo come proseguire.

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Tasto destro sull'exe, esegui come amministratore
Lascia lavorare il programma senza interferire
Posta il rapporto C:\ComboFix.txt nel Topic inserendo il log nel tag "code". (CLICCA)

Scarica Malwarebytes, installa il programma ed aggiorna le firme.
Nella scheda scansione, seleziona "scansione completa"
Posta il rapporto nel Topic inserendo il log nel tag "code". (CLICCA)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi superalive » 16/02/10 20:01

Questo è il log di Combofix:


Codice: Seleziona tutto
ComboFix 10-02-12.01 - francesco 16/02/2010  15.15.43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.39.1040.18.1022.405 [GMT 0:00]
Eseguito da: c:\users\francesco\Desktop\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1090462188-3503719785-2046123063-500
c:\$recycle.bin\S-1-5-21-1237716951-498465524-1114640178-500
c:\$recycle.bin\S-1-5-21-212075340-2918650367-1347589959-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Condizioni generali.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Riservatezza.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
c:\users\FRANCE~1\FAVORI~1\Videos.url
c:\users\francesco\AppData\Local\NlenCPXT.dll
c:\users\francesco\AppData\Local\rfmnzcu.dat
c:\users\francesco\AppData\Local\rfmnzcu_nav.dat
c:\users\francesco\AppData\Local\rfmnzcu_navps.dat
c:\users\francesco\AppData\Local\upihejozugitixe.dll
c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\francesco\AppData\Roaming\sdra64.exe
c:\users\francesco\Favorites\Videos.url
c:\windows\msvrc20.dll
c:\windows\system32\stacsv.exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-01-16 al 2010-02-16  )))))))))))))))))))))))))))))))))))
.

2010-02-16 15:33 . 2010-02-16 15:33   --------   d-----w-   c:\users\francesco\AppData\Local\temp
2010-02-16 15:33 . 2010-02-16 15:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-15 18:30 . 2010-02-15 18:30   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 17:37 . 2010-02-15 17:37   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-14 22:27 . 2010-02-14 22:27   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-14 22:14 . 2010-02-14 22:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-14 22:14 . 2010-02-14 22:14   --------   d-----w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com
2010-02-14 22:04 . 2010-02-14 22:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-14 20:40 . 2010-02-16 15:06   120   ----a-w-   c:\users\francesco\AppData\Local\Ifafuwone.dat
2010-02-14 20:40 . 2010-02-16 00:02   0   ----a-w-   c:\users\francesco\AppData\Local\Wbesili.bin
2010-02-14 20:40 . 2010-02-14 20:40   --------   d-----w-   c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}
2010-02-14 20:37 . 2010-02-14 20:50   --------   d-sh--w-   c:\users\francesco\AppData\Roaming\lowsec
2010-01-30 17:18 . 2010-01-30 17:18   --------   d-----w-   c:\program files\Common Files\Skype
2010-01-18 15:53 . 2010-01-18 15:53   --------   d-----w-   c:\programdata\McAfee

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 13:04 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Steam
2010-02-15 17:43 . 2007-03-30 03:38   --------   d-----w-   c:\program files\Google
2010-02-15 17:41 . 2007-03-14 01:08   --------   d-----w-   c:\program files\DivX
2010-02-15 00:53 . 2008-07-21 19:11   --------   d-----w-   c:\users\francesco\AppData\Roaming\Skype
2010-02-15 00:05 . 2008-07-21 19:13   --------   d-----w-   c:\users\francesco\AppData\Roaming\skypePM
2010-02-14 22:35 . 2010-02-14 22:35   52224   ----a-w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-14 22:35 . 2010-02-14 22:35   117760   ----a-w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-09 23:47 . 2010-02-09 23:47   509552   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb794C.tmp.exe
2010-02-06 19:37 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Common Files\Steam
2010-01-30 17:18 . 2008-07-21 19:08   --------   d-----r-   c:\program files\Skype
2010-01-30 17:16 . 2008-07-21 19:08   --------   d-----w-   c:\programdata\Skype
2010-01-24 16:47 . 2006-11-06 01:52   739418   ----a-w-   c:\windows\system32\perfh010.dat
2010-01-24 16:47 . 2006-11-06 01:52   137000   ----a-w-   c:\windows\system32\perfc010.dat
2010-01-21 05:12 . 2008-03-29 13:21   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-01-20 00:56 . 2008-03-29 13:21   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-01-19 23:05 . 2010-01-16 15:53   --------   d-----w-   c:\program files\McAfee Security Scan
2010-01-16 18:51 . 2010-01-16 18:51   --------   d-----w-   c:\programdata\Sports Interactive
2010-01-16 18:48 . 2007-03-11 21:31   --------   d-----w-   c:\users\francesco\AppData\Roaming\Sports Interactive
2010-01-16 18:21 . 2010-01-16 18:17   --------   d--h--w-   c:\program files\Zero G Registry
2010-01-16 18:17 . 2007-03-11 21:13   --------   d-----w-   c:\program files\Sports Interactive
2010-01-16 18:11 . 2010-01-16 17:51   --------   d-----w-   c:\users\francesco\AppData\Roaming\DAEMON Tools Lite
2010-01-16 17:54 . 2010-01-16 17:51   --------   d-----w-   c:\program files\DAEMON Tools Lite
2010-01-16 17:53 . 2008-05-12 20:22   691696   ----a-w-   c:\windows\system32\drivers\sptd.sys
2010-01-16 17:51 . 2010-01-16 17:50   --------   d-----w-   c:\programdata\DAEMON Tools Lite
2010-01-16 15:53 . 2010-01-16 15:53   --------   d-----w-   c:\programdata\McAfee Security Scan
2010-01-16 14:34 . 2009-06-27 11:56   --------   d-----w-   c:\program files\Live-Player
2010-01-14 11:12 . 2009-10-06 00:48   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-12 12:17 . 2010-01-12 12:17   --------   d-----w-   c:\program files\Skype(2)
2010-01-09 13:02 . 2010-01-09 13:01   --------   d-----w-   c:\program files\Skype(1)
2009-12-20 11:15 . 2009-12-20 11:15   407304   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-07 17:02 . 2009-09-01 18:58   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-11-29 21:51 . 2009-11-29 21:51   484976   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb3A69.tmp.exe
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-16 1217808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-11 1006264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36   73728   ----a-w-   c:\windows\System32\VESWinlogon.dll



e questo quello di MalwareBytes:


Codice: Seleziona tutto
Malwarebytes' Anti-Malware 1.44
Versione del database: 3746
Windows 6.0.6000
Internet Explorer 7.0.6000.16757

16/02/2010 18.55.56
mbam-log-2010-02-16 (18-55-45).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 329766
Tempo trascorso: 2 hour(s), 12 minute(s), 3 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 3
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Users\francesco\AppData\Roaming\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Users\francesco\AppData\Roaming\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Users\francesco\AppData\Roaming\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.

File infetti:
C:\Qoobox\Quarantine\C\Users\francesco\AppData\Local\NlenCPXT.dll.vir (Trojan.Hiloti) -> No action taken.
C:\Qoobox\Quarantine\C\Users\francesco\AppData\Local\upihejozugitixe.dll.vir (Trojan.Hiloti) -> No action taken.
C:\Qoobox\Quarantine\C\Users\francesco\AppData\Roaming\sdra64.exe.vir (Malware.Packer.Gen) -> No action taken.
C:\Users\francesco\AppData\Roaming\RegistrySmart\Registry Backups\2007-10-25_01-30-42.reg (Rogue.RegistrySmart) -> No action taken.




posso procedere all'eliminiazione delle minacce rilevate con MalwareBytes?
superalive
Newbie
 
Post: 5
Iscritto il: 15/02/10 20:03

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 17/02/10 12:30

Ciao superalive, il rapporto di Combofix non è completo, dovresti riallegarlo per il controllo.
Rimuovi quanto trovato da Malwarebytes ed allega anche un nuovo log di hijackthis.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi superalive » 17/02/10 17:23

scusami...ecco il log di combofix

Codice: Seleziona tutto
ComboFix 10-02-12.01 - francesco 16/02/2010  15.15.43.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.39.1040.18.1022.405 [GMT 0:00]
Eseguito da: c:\users\francesco\Desktop\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1090462188-3503719785-2046123063-500
c:\$recycle.bin\S-1-5-21-1237716951-498465524-1114640178-500
c:\$recycle.bin\S-1-5-21-212075340-2918650367-1347589959-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Condizioni generali.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Riservatezza.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\MessengerSkinner\Website.url
c:\users\FRANCE~1\FAVORI~1\Videos.url
c:\users\francesco\AppData\Local\NlenCPXT.dll
c:\users\francesco\AppData\Local\rfmnzcu.dat
c:\users\francesco\AppData\Local\rfmnzcu_nav.dat
c:\users\francesco\AppData\Local\rfmnzcu_navps.dat
c:\users\francesco\AppData\Local\upihejozugitixe.dll
c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\francesco\AppData\Roaming\sdra64.exe
c:\users\francesco\Favorites\Videos.url
c:\windows\msvrc20.dll
c:\windows\system32\stacsv.exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-01-16 al 2010-02-16  )))))))))))))))))))))))))))))))))))
.

2010-02-16 15:33 . 2010-02-16 15:33   --------   d-----w-   c:\users\francesco\AppData\Local\temp
2010-02-16 15:33 . 2010-02-16 15:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-15 18:30 . 2010-02-15 18:30   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 17:37 . 2010-02-15 17:37   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-14 22:27 . 2010-02-14 22:27   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-14 22:14 . 2010-02-14 22:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-14 22:14 . 2010-02-14 22:14   --------   d-----w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com
2010-02-14 22:04 . 2010-02-14 22:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-14 20:40 . 2010-02-16 15:06   120   ----a-w-   c:\users\francesco\AppData\Local\Ifafuwone.dat
2010-02-14 20:40 . 2010-02-16 00:02   0   ----a-w-   c:\users\francesco\AppData\Local\Wbesili.bin
2010-02-14 20:40 . 2010-02-14 20:40   --------   d-----w-   c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}
2010-02-14 20:37 . 2010-02-14 20:50   --------   d-sh--w-   c:\users\francesco\AppData\Roaming\lowsec
2010-01-30 17:18 . 2010-01-30 17:18   --------   d-----w-   c:\program files\Common Files\Skype
2010-01-18 15:53 . 2010-01-18 15:53   --------   d-----w-   c:\programdata\McAfee

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-16 13:04 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Steam
2010-02-15 17:43 . 2007-03-30 03:38   --------   d-----w-   c:\program files\Google
2010-02-15 17:41 . 2007-03-14 01:08   --------   d-----w-   c:\program files\DivX
2010-02-15 00:53 . 2008-07-21 19:11   --------   d-----w-   c:\users\francesco\AppData\Roaming\Skype
2010-02-15 00:05 . 2008-07-21 19:13   --------   d-----w-   c:\users\francesco\AppData\Roaming\skypePM
2010-02-14 22:35 . 2010-02-14 22:35   52224   ----a-w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-14 22:35 . 2010-02-14 22:35   117760   ----a-w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-09 23:47 . 2010-02-09 23:47   509552   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb794C.tmp.exe
2010-02-06 19:37 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Common Files\Steam
2010-01-30 17:18 . 2008-07-21 19:08   --------   d-----r-   c:\program files\Skype
2010-01-30 17:16 . 2008-07-21 19:08   --------   d-----w-   c:\programdata\Skype
2010-01-24 16:47 . 2006-11-06 01:52   739418   ----a-w-   c:\windows\system32\perfh010.dat
2010-01-24 16:47 . 2006-11-06 01:52   137000   ----a-w-   c:\windows\system32\perfc010.dat
2010-01-21 05:12 . 2008-03-29 13:21   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-01-20 00:56 . 2008-03-29 13:21   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-01-19 23:05 . 2010-01-16 15:53   --------   d-----w-   c:\program files\McAfee Security Scan
2010-01-16 18:51 . 2010-01-16 18:51   --------   d-----w-   c:\programdata\Sports Interactive
2010-01-16 18:48 . 2007-03-11 21:31   --------   d-----w-   c:\users\francesco\AppData\Roaming\Sports Interactive
2010-01-16 18:21 . 2010-01-16 18:17   --------   d--h--w-   c:\program files\Zero G Registry
2010-01-16 18:17 . 2007-03-11 21:13   --------   d-----w-   c:\program files\Sports Interactive
2010-01-16 18:11 . 2010-01-16 17:51   --------   d-----w-   c:\users\francesco\AppData\Roaming\DAEMON Tools Lite
2010-01-16 17:54 . 2010-01-16 17:51   --------   d-----w-   c:\program files\DAEMON Tools Lite
2010-01-16 17:53 . 2008-05-12 20:22   691696   ----a-w-   c:\windows\system32\drivers\sptd.sys
2010-01-16 17:51 . 2010-01-16 17:50   --------   d-----w-   c:\programdata\DAEMON Tools Lite
2010-01-16 15:53 . 2010-01-16 15:53   --------   d-----w-   c:\programdata\McAfee Security Scan
2010-01-16 14:34 . 2009-06-27 11:56   --------   d-----w-   c:\program files\Live-Player
2010-01-14 11:12 . 2009-10-06 00:48   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-12 12:17 . 2010-01-12 12:17   --------   d-----w-   c:\program files\Skype(2)
2010-01-09 13:02 . 2010-01-09 13:01   --------   d-----w-   c:\program files\Skype(1)
2009-12-20 11:15 . 2009-12-20 11:15   407304   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-07 17:02 . 2009-09-01 18:58   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-11-29 21:51 . 2009-11-29 21:51   484976   ----a-w-   c:\programdata\Google\Google Toolbar\Update\gtb3A69.tmp.exe
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-16 1217808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-11 1006264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36   73728   ----a-w-   c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^francesco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13   267048   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44   3883856   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27   9117696   ----a-w-   c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40   155648   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2006-11-14 09:46   411768   ----a-w-   c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/09/2009 18.58.46 108289]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [26/02/2008 21.08.50 29183504]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\System32\drivers\R5U870FLx86.sys [31/03/2007 23.25.13 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\System32\drivers\R5U870FUx86.sys [31/03/2007 23.25.13 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [06/12/2006 18.59.41 30976]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [31/03/2007 23.24.49 227328]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [12/05/2008 20.22.00 691696]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/02/2010 0.08.32 135664]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/11/2009 2.02.08 54632]
S3 fsssvc;Servizio Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [02/11/2006 10.32.13 1083520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S3 SS1018mdm;Sony Ericsson Mobile Device Full USB Driver;c:\windows\System32\drivers\SS1018mdm.sys [16/10/2008 9.25.58 58536]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [16/03/2007 17.43.47 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [23/12/2006 14.29.07 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [23/12/2006 14.29.07 1089536]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - IDSvix86
*Deregistered* - SYMTDI
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:08]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:08]

2010-02-16 c:\windows\Tasks\User_Feed_Synchronization-{8AD6917D-B02B-4C9C-B45F-F967EBEB104A}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {2603F927-D8B3-46C1-A75C-808DE192B240} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\users\francesco\AppData\Roaming\Mozilla\Firefox\Profiles\m1hws5xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\francesco\Program Files\DNA\plugins\npbtdna.dll
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-Wvugake - c:\users\francesco\AppData\Local\NlenCPXT.dll
HKCU-Run-Vgiruyudikugo - c:\users\francesco\AppData\Local\upihejozugitixe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 15:33
Windows 6.0.6000  NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\FRANCE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-02-16  15:41:16
ComboFix-quarantined-files.txt  2010-02-16 15:41

Pre-Run: 15.726.567.424 byte disponibili
Post-Run: 18.735.644.672 byte disponibili

- - End Of File - - BFFCC9AD3025CD7ACC96B5A12C70BC24


e quello di hijackthis:

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.47.19, on 15/02/2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Users\francesco\AppData\Local\Temp\win32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\FRANCE~1\AppData\Local\Temp\Ypw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\francesco\AppData\Local\Temp\Ypv.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Wvugake] rundll32.exe "C:\Users\francesco\AppData\Local\NlenCPXT.dll",Startup
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\francesco\AppData\Local\Temp\Ypv.exe
O4 - HKCU\..\Run: [Vgiruyudikugo] rundll32.exe "C:\Users\francesco\AppData\Local\upihejozugitixe.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uishf9wuifwuh387fh3wufinhjfdwefe] C:\Users\francesco\AppData\Local\Temp\by9ydsm.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\Users\francesco\AppData\Local\Temp\win32.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2603F927-D8B3-46C1-A75C-808DE192B240}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14122 bytes
superalive
Newbie
 
Post: 5
Iscritto il: 15/02/10 20:03

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 17/02/10 17:39

Ciao superalive, intanto che controllo il rapporto di combofix,
dovresti allegare un log aggiornato di hijackthis, perchè l'ultimo postato è quello vecchio.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.47.19, on 15/02/2010
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi superalive » 17/02/10 18:22

eccolo:

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.21.27, on 17/02/2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Aggiungi sito di supporto RSS a VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2603F927-D8B3-46C1-A75C-808DE192B240}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12808 bytes
superalive
Newbie
 
Post: 5
Iscritto il: 15/02/10 20:03

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 17/02/10 19:11

Bene, ora per concludere segui questi Step in ordine.

Step 1:Eliminazione dei file sospetti
Apri un file di testo sul Desktop
Start > esegui, digita: notepad.exe e poi clicca Ok)
Incolla il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente
con il nome CFScript
Codice: Seleziona tutto
Killall::
File::
c:\users\francesco\AppData\Local\Ifafuwone.dat
c:\users\francesco\AppData\Local\Wbesili.bin
c:\programdata\Google\Google Toolbar\Update\gtb794C.tmp.exe
c:\programdata\Google\Google Toolbar\Update\gtb3A69.tmp.exe
Folder::
C:\WINDOWS\temp
C:\WINDOWS\Tasks
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}

Col mouse trascina il file CFScript.txt sull'icona rossa di combofix
Immagine
lascia lavorare il programma
finito verrà creato un nuovo log combofix.txt, postalo.

Step 2: Rimozione completa dei prodotti Symantec
Scarica Norton_Removal_tool per Windows Vista
Tasto destro sull'exe, segui le indicazioni a video e riavvia.

Step 3: Fix delle voci inutili in avvio automatico
Con tutte le applicazioni chiuse e disconnesso da internet
Tasto destro su Hijackthis esegui come amministratore
Clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

Codice: Seleziona tutto
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Step 4: Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
tasto destro su TFC, avvia come amministratore
Clicca su "star", al termine della scansione ti chiederà il riavvio, dai ok.

Step 5: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
Tasto destro, esegui come ammonistratore
clicca su "CleanUP" > "Yes" > "Yes"
Riavvia.

Step 6: Aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 7: Ottimizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi superalive » 17/02/10 21:20

ho completato il punto 1, il nuovo log è:

Codice: Seleziona tutto
ComboFix 10-02-12.01 - francesco 17/02/2010  18.54.29.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.39.1040.18.1022.380 [GMT 0:00]
Eseguito da: c:\users\francesco\Desktop\Downloads\ComboFix.exe
Opzioni usate :: c:\users\francesco\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Google\Google Toolbar\Update\gtb3A69.tmp.exe"
"c:\programdata\Google\Google Toolbar\Update\gtb794C.tmp.exe"
"c:\users\francesco\AppData\Local\Ifafuwone.dat"
"c:\users\francesco\AppData\Local\Wbesili.bin"
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Google\Google Toolbar\Update\gtb3A69.tmp.exe
c:\programdata\Google\Google Toolbar\Update\gtb794C.tmp.exe
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}\chrome.manifest
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}\chrome\content\_cfg.js
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}\chrome\content\overlay.xul
c:\users\francesco\AppData\Local\{42D5B8AC-9392-441D-A0B7-F7A141BCA702}\install.rdf
c:\users\francesco\AppData\Local\Ifafuwone.dat
c:\users\francesco\AppData\Local\Wbesili.bin

.
(((((((((((((((((((((((((   Files Creati Da 2010-01-17 al 2010-02-17  )))))))))))))))))))))))))))))))))))
.

2010-02-17 19:11 . 2010-02-17 19:14   --------   d-----w-   c:\users\francesco\AppData\Local\temp
2010-02-17 19:11 . 2010-02-17 19:11   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-02-17 19:11 . 2010-02-17 19:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-02-16 15:46 . 2010-02-16 15:46   --------   d-----w-   c:\users\francesco\AppData\Roaming\Malwarebytes
2010-02-16 15:46 . 2010-01-07 16:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-16 15:46 . 2010-02-16 18:53   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-16 15:46 . 2010-02-16 15:46   --------   d-----w-   c:\programdata\Malwarebytes
2010-02-16 15:46 . 2010-01-07 16:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 18:30 . 2010-02-15 18:30   --------   d-----w-   c:\program files\Trend Micro
2010-02-15 17:37 . 2010-02-15 17:37   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-14 22:27 . 2010-02-14 22:27   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-02-14 22:14 . 2010-02-14 22:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-02-14 22:14 . 2010-02-14 22:14   --------   d-----w-   c:\users\francesco\AppData\Roaming\SUPERAntiSpyware.com
2010-02-14 22:04 . 2010-02-14 22:04   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-14 20:37 . 2010-02-14 20:50   --------   d-sh--w-   c:\users\francesco\AppData\Roaming\lowsec
2010-01-30 17:18 . 2010-01-30 17:18   --------   d-----w-   c:\program files\Common Files\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 13:59 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Steam
2010-02-15 17:43 . 2007-03-30 03:38   --------   d-----w-   c:\program files\Google
2010-02-15 17:41 . 2007-03-14 01:08   --------   d-----w-   c:\program files\DivX
2010-02-15 00:53 . 2008-07-21 19:11   --------   d-----w-   c:\users\francesco\AppData\Roaming\Skype
2010-02-15 00:05 . 2008-07-21 19:13   --------   d-----w-   c:\users\francesco\AppData\Roaming\skypePM
2010-02-06 19:37 . 2010-01-16 18:20   --------   d-----w-   c:\program files\Common Files\Steam
2010-01-30 17:18 . 2008-07-21 19:08   --------   d-----r-   c:\program files\Skype
2010-01-30 17:16 . 2008-07-21 19:08   --------   d-----w-   c:\programdata\Skype
2010-01-24 16:47 . 2006-11-06 01:52   739418   ----a-w-   c:\windows\system32\perfh010.dat
2010-01-24 16:47 . 2006-11-06 01:52   137000   ----a-w-   c:\windows\system32\perfc010.dat
2010-01-21 05:12 . 2008-03-29 13:21   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-01-20 00:56 . 2008-03-29 13:21   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-01-19 23:05 . 2010-01-16 15:53   --------   d-----w-   c:\program files\McAfee Security Scan
2010-01-18 15:53 . 2010-01-18 15:53   --------   d-----w-   c:\programdata\McAfee
2010-01-16 18:51 . 2010-01-16 18:51   --------   d-----w-   c:\programdata\Sports Interactive
2010-01-16 18:48 . 2007-03-11 21:31   --------   d-----w-   c:\users\francesco\AppData\Roaming\Sports Interactive
2010-01-16 18:21 . 2010-01-16 18:17   --------   d--h--w-   c:\program files\Zero G Registry
2010-01-16 18:17 . 2007-03-11 21:13   --------   d-----w-   c:\program files\Sports Interactive
2010-01-16 18:11 . 2010-01-16 17:51   --------   d-----w-   c:\users\francesco\AppData\Roaming\DAEMON Tools Lite
2010-01-16 17:54 . 2010-01-16 17:51   --------   d-----w-   c:\program files\DAEMON Tools Lite
2010-01-16 17:53 . 2008-05-12 20:22   691696   ----a-w-   c:\windows\system32\drivers\sptd.sys
2010-01-16 17:51 . 2010-01-16 17:50   --------   d-----w-   c:\programdata\DAEMON Tools Lite
2010-01-16 15:53 . 2010-01-16 15:53   --------   d-----w-   c:\programdata\McAfee Security Scan
2010-01-16 14:34 . 2009-06-27 11:56   --------   d-----w-   c:\program files\Live-Player
2010-01-14 11:12 . 2009-10-06 00:48   181120   ------w-   c:\windows\system32\MpSigStub.exe
2010-01-12 12:17 . 2010-01-12 12:17   --------   d-----w-   c:\program files\Skype(2)
2010-01-09 13:02 . 2010-01-09 13:01   --------   d-----w-   c:\program files\Skype(1)
2009-12-07 17:02 . 2009-09-01 18:58   56816   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2007-12-11 00:38 . 2007-12-08 19:39   2048   --sha-w-   c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Steam"="c:\program files\Steam\Steam.exe" [2010-01-16 1217808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-04-11 1006264]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-11 118784]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-11-24 09:36   73728   ----a-w-   c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^francesco^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13   267048   ----a-w-   c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44   3883856   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2008-04-17 23:27   9117696   ----a-w-   c:\program files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40   155648   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11   25623336   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2006-11-14 09:46   411768   ----a-w-   c:\program files\Sony\VAIO Camera Utility\VCUServe.exe

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 7.56.04 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 7.56.02 74480]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\System32\drivers\R5U870FLx86.sys [31/03/2007 23.25.13 72704]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\System32\drivers\R5U870FUx86.sys [31/03/2007 23.25.13 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [06/12/2006 18.59.41 30976]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [11/11/2009 2.02.08 54632]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [02/11/2006 10.32.13 1083520]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 7.56.06 7408]
S3 SS1018mdm;Sony Ericsson Mobile Device Full USB Driver;c:\windows\System32\drivers\SS1018mdm.sys [16/10/2008 9.25.58 58536]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - IDSvix86
*Deregistered* - SYMTDI
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:08]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 00:08]

2010-02-17 c:\windows\Tasks\User_Feed_Synchronization-{8AD6917D-B02B-4C9C-B45F-F967EBEB104A}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Aggiungi sito di supporto RSS a VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {2603F927-D8B3-46C1-A75C-808DE192B240} = 194.168.4.100,194.168.8.100
FF - ProfilePath - c:\users\francesco\AppData\Roaming\Mozilla\Firefox\Profiles\m1hws5xl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\francesco\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\SigmaTel\C-Major Audio\WDM\STacSV.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\windows\system32\conime.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\lpremove.exe
c:\windows\system32\lpksetup.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-17  19:29:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2010-02-17 19:29
ComboFix2.txt  2010-02-16 15:41

Pre-Run: 18.012.585.984 byte disponibili
Post-Run: 17.982.132.224 byte disponibili

- - End Of File - - 1120900C10C11EAED298949DEBEB8FF4
superalive
Newbie
 
Post: 5
Iscritto il: 15/02/10 20:03

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 19/02/10 17:13

Bene, appena hai tempo segui anche gli altri passaggi. ;)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi robby17 » 19/02/10 17:19

ciao anche iLogfile of Trend Micro HijackThis v2.0.2 :?: :oops:
Scan saved at 17.16.10, on 19/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\pctspk.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\Explorer.exe
C:\WINDOWS\system32\csrcs.exe
C:\Programmi\Eset\nod32kui.exe
C:\windows\system32\dslagent.exe
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Windows Live\Toolbar\wltuser.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Roby\IMPOST~1\Temp\Rar$EX01.360\HijackThis.exe
C:\windows\system32\cmd.exe
C:\windows\system32\net.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/results.aspx?q={searchTerms}&mkt=it-IT&FORM=MICI05
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Programmi\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Programmi\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [csrcs] C:\windows\system32\csrcs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Programmi\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\windows\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fd90ebbc8609411da280c6aa519ab805
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fd90ebbc8609411da280c6aa519ab805
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9916740812
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d3217a0d64aec1a5.spaces.live ... nPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\windows\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11360 byteso ho bisogno di fare analizzare il mio log.si aprono strane pagine,e il pc è molto lento..grazie in anticipo
robby17
Utente Senior
 
Post: 144
Iscritto il: 06/01/06 23:06
Località: rimini

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 19/02/10 17:44

Ciao robby17 , sarebbe stato meglio aprire una nuova discussione per evitare accavallamenti di procedure. ;)

Nel tuo caso la soluzione migliore è passare un tool che andrà ad eliminare un pò di problemi.

Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer.

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Tasto destro sull'exe, esegui come amministratore
Non installare la recovery console
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

Scarica Malwarebytes, installa il programma ed aggiorna le firme.
Nella scheda scansione, seleziona "scansione completa"
Allega il rapporto.

Postare i rapporti nel Topic inserendoli nel tag "code". (CLICCA)
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi robby17 » 19/02/10 20:59

ciao incollo il log.non so se ho fatto bene come hai detto tu.per il momennto grazie ComboFix 10-02-18.09 - Roby 19/02/2010 20.25.31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.261 [GMT 1:00]
Eseguito da: c:\documents and settings\Roby\Desktop\ComboFix.exe
AV: Sistema Antivirus NOD32 2.51 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active


ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Roby\Documenti\ZbThumbnail.info
c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\uaisk.dat
c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\uaisk_nav.dat
c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\uaisk_navps.dat
c:\documents and settings\Roby\Impostazioni locali\Temporary Internet Files\lsn_6FBA808F-2580-48c3-8C6B-C08BBB800B8E.xml
c:\windows\EventSystem.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\VB6KO.DLL
c:\windows\system32\winlogon.bak
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_Boonty Games
-------\Service_SSHNAS


((((((((((((((((((((((((( Files Creati Da 2010-01-19 al 2010-02-19 )))))))))))))))))))))))))))))))))))
.

2010-02-12 22:08 . 2010-02-12 22:08 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\Uniblue
2010-02-09 17:21 . 2010-02-10 14:12 -------- d-----w- c:\windows\system32\NtmsData
2010-02-02 08:51 . 2010-02-02 08:51 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2010-02-02 08:48 . 2010-02-02 08:54 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-02-02 08:48 . 2010-02-02 08:48 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Symantec
2010-02-02 08:47 . 2010-02-02 08:47 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-01-31 15:28 . 2010-01-31 15:30 745472 ----a-w- c:\windows\system32\cftu.exe
2010-01-30 14:40 . 2010-01-30 14:40 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\CyberLink
2010-01-30 14:39 . 2010-01-30 14:39 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-01-30 09:14 . 1998-07-21 23:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2010-01-30 09:04 . 2007-01-08 21:17 27168 ------w- c:\windows\system32\msxml3a.dll
2010-01-30 09:03 . 2010-01-31 12:51 -------- d-----w- c:\programmi\CyberLink
2010-01-29 22:12 . 2010-02-15 16:07 -------- d-----w- c:\programmi\uTorrent
2010-01-27 15:18 . 2010-01-27 15:21 -------- dc----w- c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\Temp
2010-01-27 15:18 . 2010-01-27 15:18 -------- dc----w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-19 19:52 . 2008-09-12 14:22 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\uTorrent
2010-02-19 19:25 . 2008-08-25 15:22 -------- d-----w- c:\programmi\ESET
2010-02-19 17:44 . 2008-08-25 15:22 274432 ----a-w- c:\windows\system32\imon.dll
2010-02-19 17:44 . 2008-08-25 15:22 502368 ----a-w- c:\windows\system32\drivers\amon.sys
2010-02-18 16:16 . 2008-09-09 21:00 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-02-07 16:16 . 2008-08-29 10:29 -------- d-----w- c:\programmi\Google
2010-02-01 18:47 . 2008-08-25 16:49 -------- d-----w- c:\programmi\Nero
2010-02-01 18:47 . 2008-08-25 16:49 -------- d-----w- c:\programmi\File comuni\Nero
2010-02-01 17:59 . 2009-09-10 11:44 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2010-01-31 12:51 . 2008-08-27 15:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-01-30 13:52 . 2009-09-26 17:20 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Nero
2010-01-23 19:12 . 2009-09-03 23:05 331472 -c--a-w- c:\documents and settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
2010-01-23 09:13 . 2009-07-28 18:56 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-19 14:43 . 2008-08-25 16:59 -------- d-----w- c:\programmi\File comuni\Adobe
2010-01-11 15:35 . 2009-09-26 20:26 -------- d-----w- c:\programmi\AskTBar
2010-01-11 13:30 . 2009-03-02 17:15 -------- d-----w- c:\programmi\Ferrero
2010-01-06 22:22 . 2010-01-06 21:32 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\Samsung
2010-01-06 21:41 . 2010-01-06 21:41 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\Multimedia Player
2010-01-06 21:37 . 2008-10-26 21:13 -------- dc----w- c:\documents and settings\Roby\Dati applicazioni\PC Suite
2010-01-06 21:37 . 2009-09-10 11:38 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2010-01-06 21:32 . 2009-10-01 09:36 -------- d-----w- c:\programmi\File comuni\PCSuite
2010-01-06 21:31 . 2010-01-06 21:22 -------- d-----w- c:\programmi\Samsung
2010-01-06 21:21 . 2009-09-28 20:31 -------- dc----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2010-01-06 21:21 . 2010-01-06 21:22 56982041 -c--a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe
2009-12-31 16:50 . 2004-08-19 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:06 . 2004-08-19 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2008-08-22 19:28 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-19 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 15:54 . 2004-08-19 12:00 84230 ----a-w- c:\windows\system32\perfc010.dat
2009-12-09 15:54 . 2004-08-19 12:00 490694 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 10:07 . 2004-08-19 15:34 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:07 . 2004-08-19 12:00 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2004-08-19 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2004-08-19 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2004-08-19 15:39 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-19 15:39 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-19 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-19 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-19 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-02-14 319280]
"S60 PC Suite Tray"="c:\programmi\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-06 699392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\programmi\Eset\nod32kui.exe" [2010-02-19 921600]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Samsung.PCSync"="c:\programmi\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\^.rnd]
path=\.rnd

[HKLM\~\startupfolder\^default.pls]
path=\default.pls
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveSearchNotification
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uaisk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-10-01 10:57 111936 ----a-w- c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:14 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-03 14:20 133104 -c--atw- c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 12:06 290088 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-06-23 09:37 745472 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 17:16 2331936 ----a-w- c:\programmi\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-09-04 04:01 2524416 ----a-w- c:\windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-10 04:43 136600 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-02 20:52 68856 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 17:20 866584 ----a-w- c:\programmi\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"gusvc"=3 (0x3)
"Boonty Games"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"WZCSVC"=2 (0x2)
"wscsvc"=2 (0x2)
"UPS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"GSICONEXE"=GSICON.EXE
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 13.00.00 14336]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [28/07/2009 19.55.29 54752]
S2 gafwload;IPM Datacom USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [07/09/2009 13.50.41 26985]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [06/01/2010 22.23.02 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [06/01/2010 22.23.07 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [06/01/2010 22.23.10 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [06/01/2010 22.23.09 12288]
S4 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [03/11/2006 18.19.58 13592]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'

2008-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2009-09-27 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2008-08-25 17:27]

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Roby\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 14:20]

2009-06-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-04-08 c:\windows\Tasks\User_Feed_Synchronization-{AA26A7D2-0FC2-4353-828D-95A69A3C1CFC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2009-06-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-08 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZJman000
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fd90ebbc8609411da280c6aa519ab805
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fd90ebbc8609411da280c6aa519ab805
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Roby\Dati applicazioni\Mozilla\Firefox\Profiles\mwugk6wf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-HijackThis - c:\docume~1\Roby\IMPOST~1\Temp\Rar$EX01.360\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 20:46
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="6866F693348501E94D73DE5A6479E4111EE33ABE5E7413915EEE1BE03F2DC709905F2A32FDD4A09694F8737E5665AE0116ABD142BCBD26BD0A1857D7E28E153F3FE55AE7D2173114FB66FD3D93AF2E5A2B885B505B282F7E1D2131BD5EF339CB53F82A709F26444D6338A635D53FCF7DDF172A8FE94712C7DADFC55EF13DB1D8724C9DDA53508F40709F7D5E62EE20DCF9A175F61923D5A1C96014D8DFBF9F2482C7208BE3D6ED7F0D0174FE7C8ED200042C5AD620B9A6273660809E7044467E3186FDBA496FDCB065F361B4ED60BF814B6A55CFBAF8540B2ED2D478FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D14078EDD5E5BE2F6E667FEBC9E127BECC74C6F6FE10020052B92035C4772735A6AA6B0827191DB623E3BABA682A870FE219AF1B9EA9F3DBCCFD28331593C031DFE1FADB72FB584AA1A2158251111E5D91AE5F7527BD29A41E442F8ACF202E69BBFF94E2938F4E71F553803FE18F4B91EC3D664B2442C9F7FC0F835F4BC69C57ECE7376CC4C2B9047F9833E15900776CFB0569B4B96D4759821E50FA604AF8A26AF9F100B52CBC6DEF55AA4BE990E6829D72188FE6A068AE1A4CA60D2B62665244B650441525A9DD5196952467364209412C798A3581010E6CD3D897C6AAFC83EEC7FC33F7870684F9AB1676706F6F3B41FB0BC85A2D5FCE205276B1BD5C46B70467B424C173BBFA2120508D65A4AFBDB2111EAE22A4E8CC815456E9CD4F1C7E66A3E769FA17DFE5C7E8A5E3A9CF216141F791D6F76863BBD2DAA7B5F68591F08D27C5D67B18AC5BABFC09629211BE2198149D0D1329B4C9A613C0237B32CF366DBC176C3844C79B11DF460B45D8248DC983407A5AC42C46D2935F4EC7E330C4F456D444A7AC04269BE4DF1DC6A7A6F8216C44679D7C0EFF760A1CA3D354C74BFB3314E0398F80BBB32BE021986684462905697CF4B72DBAF44E3FD5767E67A6AB095236C081906BAE7974FD193C7788A811B0920C1485ABDF9B20CDF4907B237A6734EF6165C25A737F419679727033AC8962DD51BC380008916FAEDB1C574BEE77A6707320EA17B58CDA5A83C2899E528A118CF587CA9085CEC4D8D1FCE595027AD83F6731178E06967BADED0813D36C56A64DF221EF41B4368913F2EE2426FFD623E1310596838EBDE27C1C47D2C88AD70AE4FC1E74333F18FD377A4D4D051E8C5B89B6771F49344A3BB802FF8EB6C4B8899D7282DB97DFDBA279D6A8F6DE0C6D41647F8F4683DBB794C3D4BE7C6A7F2DA4AA7E654C4DAE418A20D8A0DC1BCDDE2FCBD69964E2D80F6B10D74CFC9B0DAE5EAE335D99162052A6118B65DBEB655179A1C039BF595258A487AAECB45B59D79A9216C4C11DCA1468080BF271657BA6B9D7432DC"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\imon.dll
c:\programmi\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2848)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\programmi\Samsung\Samsung PC Studio 7\phonebrowser.dll
c:\programmi\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programmi\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Eset\nod32krn.exe
c:\windows\system32\oodag.exe
c:\windows\system32\pctspk.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-19 20:58:54 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-19 19:58

Pre-Run: 10.097.106.944 byte disponibili
Post-Run: 10.173.075.456 byte disponibili

- - End Of File - - 02055548FE951E100F906A88BE4C7637
robby17
Utente Senior
 
Post: 144
Iscritto il: 06/01/06 23:06
Località: rimini

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 19/02/10 21:16

Bene, ora esegui anche Malwarebytes
Ricorda di allegare il rapporto.

Prima della scansione esegui questa operazione:
Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer.

Allega anche un nuovo log di hijackthis, questa volta ricorda di estrarlo e collocarlo in una cartella in programmi,
è importante se vuoi salvare il backup.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi robby17 » 19/02/10 22:05

ok questo è il log di mawarebytes

Malwarebytes' Anti-Malware 1.44
Versione del database: 3763
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/02/2010 21.28.50
mbam-log-2010-02-19 (21-28-50).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 123436
Tempo trascorso: 16 minute(s), 20 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 21
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\Roby\Documenti\downloads\ZwinkySetup2.3.50.45.ZJman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
robby17
Utente Senior
 
Post: 144
Iscritto il: 06/01/06 23:06
Località: rimini

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi robby17 » 19/02/10 22:51

ok,ho fatto scansione spy Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22.55.09, on 19/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\LEXPPS.EXE
C:\windows\Explorer.EXE
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\pctspk.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Samsung\Samsung PC Studio 7\PCSuite.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\wscntfy.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [S60 PC Suite Tray] "C:\Programmi\Samsung\Samsung PC Studio 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Programmi\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?fd90ebbc8609411da280c6aa519ab805
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?fd90ebbc8609411da280c6aa519ab805
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9916740812
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-d3217a0d64aec1a5.spaces.live ... nPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\windows\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\windows\system32\pctspk.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7359 bytes
bot,e ora allego il log di hijack ciao e grazie.. :)
robby17
Utente Senior
 
Post: 144
Iscritto il: 06/01/06 23:06
Località: rimini

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi -> EleKtrA <- » 20/02/10 12:49

Ciao robby17, l'infezione è stata eliminata, ora possiamo disinstallare combofix
ed eseguire una manutenzione del sistema.

Step 1: Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Step 2: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 3: aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 4: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Malwarebytes puoi tenerlo per future scansioni, ricordandoti di aggiornare le firme.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: fileLog HijackThis quali chiavi devo eliminare???

Postdi robby17 » 20/02/10 14:06

ti ringrazio moltissimo per il moment..ciao :D
robby17
Utente Senior
 
Post: 144
Iscritto il: 06/01/06 23:06
Località: rimini


Torna a Sicurezza e Privacy


Topic correlati a "fileLog HijackThis quali chiavi devo eliminare???":


Chi c’è in linea

Visitano il forum: Nessuno e 54 ospiti

cron