Condividi:        

file log hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

file log hijackthis

Postdi carito » 20/02/10 22:10

mi trovo nuovamente a dovervi consultare.
ho messo in analisi sul www.hijackthis il log mi dice sia tutto ok tranne alcun controlli da effettuare ma nulla evidenziato come non sicuro , ma il mio pc è nuovamente molto lento. Help :cry:
grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.52.10, on 20/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\IObit\IObit Security 360\IS360srv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmi\IObit\IObit Security 360\IS360tray.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Programmi\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: RVS 2010.lnk = C:\Programmi\Returnil\RVS3\rvsgui.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IS360service - IObit - C:\Programmi\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10958 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Sponsor
 

Re: file log hijackthis

Postdi shel » 20/02/10 22:36

ciao

il log sembra a posto

prova a fare una scansione con combofix vediamo se c'e' qualcosa di nascosto

disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: file log hijackthis

Postdi carito » 21/02/10 07:10

ciao al primo tentativo combo non mi dava il report ,ho atteso quasi un ora poi l'ho interrotto e riavviato il pc ci sono riuscita in 15 min circa .
ecco il report:

ComboFix 10-02-20.03 - Carolina 21/02/2010 5.44.33.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.125 [GMT 1:00]
Eseguito da: c:\documents and settings\Carolina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\eBay.ico
c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\uninst.exe
c:\windows\system32\SHELLLNK.TLB

.
((((((((((((((((((((((((( Files Creati Da 2010-01-21 al 2010-02-21 )))))))))))))))))))))))))))))))))))
.

2010-02-19 22:35 . 2003-03-19 10:03 544768 ----a-w- c:\windows\system32\msvcr71d.dll
2010-02-19 22:35 . 2006-09-16 18:44 314368 ----a-w- c:\windows\system32\avisynth.dll
2010-02-19 22:35 . 2004-05-26 20:37 719872 ----a-w- c:\windows\system32\devil.dll
2010-02-19 22:35 . 2010-02-20 08:02 -------- d-----w- c:\programmi\Magic Video Converter
2010-02-19 22:34 . 2009-09-18 02:51 -------- d-----w- c:\programmi\Magic Video Converter 8.0.2.18
2010-02-19 21:46 . 2010-02-19 21:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVSMedia
2010-02-19 21:41 . 2007-02-27 18:36 638976 ----a-w- c:\windows\system32\divx.dll
2010-02-19 21:41 . 2007-02-27 18:36 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-19 21:41 . 2007-02-27 18:36 524288 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-19 21:41 . 2007-02-27 18:36 413760 ----a-w- c:\windows\system32\mpg4c32.dll
2010-02-19 21:41 . 2007-02-27 18:36 261632 ----a-w- c:\windows\system32\mcdvd_32.dll
2010-02-19 04:23 . 2010-02-19 04:23 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\McAfee
2010-02-19 00:53 . 2010-02-21 02:28 -------- d-----w- C:\MioLavoro19FEB
2010-02-18 00:07 . 2010-02-20 00:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\VSO
2010-02-18 00:07 . 2010-02-18 00:07 -------- d-----w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\VSO
2010-02-18 00:05 . 2010-02-18 00:05 -------- d-----w- c:\programmi\VSO
2010-02-17 23:16 . 2010-02-17 23:16 -------- d-----w- c:\programmi\File comuni\McAfee
2010-02-17 23:16 . 2010-02-18 16:25 -------- d-----w- c:\programmi\McAfee
2010-02-17 02:33 . 2010-02-19 00:21 -------- d-----w- C:\MioLavoro
2010-02-17 01:05 . 2010-02-18 01:51 -------- d-----w- c:\programmi\WebSite X5 v8 - Evolution
2010-02-17 01:03 . 1997-01-15 23:00 29696 ----a-w- c:\windows\system32\VB5STKIT.DLL
2010-02-17 01:03 . 2009-01-27 10:09 204288 ----a-w- c:\windows\system32\iwpsetup.exe
2010-02-15 21:28 . 2010-02-15 21:31 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\ooVoo Details
2010-02-11 18:57 . 2010-02-11 18:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-11 04:21 . 2010-02-19 04:22 -------- d-----w- c:\programmi\McAfee Security Scan
2010-02-08 19:31 . 2010-02-15 20:15 -------- d-----w- c:\programmi\Unlocker
2010-02-08 18:59 . 2010-02-08 18:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2010-02-08 00:47 . 2010-02-08 00:48 -------- dc-h--w- c:\windows\ie8
2010-02-07 16:56 . 2010-02-07 17:08 -------- d-----w- c:\programmi\eMule
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 23:23 . 2010-02-06 02:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-05 23:03 . 2010-02-05 23:03 -------- d-----w- c:\programmi\Trend Micro
2010-02-05 16:56 . 2010-02-05 16:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-01-13 14:16 28640 ----a-w- c:\windows\system32\drivers\rvsmonn1.sys
2010-02-05 16:45 . 2010-01-13 14:16 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-02-05 16:45 . 2010-01-13 14:16 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-02-05 16:45 . 2010-02-05 16:45 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-05 16:45 . 2010-02-07 04:43 -------- d-----w- C:\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\windows\system32\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\programmi\Returnil
2010-02-05 14:34 . 2010-02-05 14:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-29 14:02 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-29 14:02 . 2008-04-13 18:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-23 19:18 . 2010-02-16 14:37 -------- d-----r- C:\Win

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 04:40 . 2009-09-16 14:57 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Skype
2010-02-20 02:52 . 2009-09-16 14:39 71568 -c--a-w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-19 22:26 . 2009-12-26 19:40 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-02-19 22:26 . 2009-12-26 19:40 -------- d-----w- c:\programmi\AVS4YOU
2010-02-18 06:58 . 2009-12-26 19:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVS4YOU
2010-02-17 23:16 . 2009-11-12 16:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2010-02-16 15:16 . 2009-09-16 10:33 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-09 22:32 . 2009-12-17 09:18 -------- d-----w- c:\programmi\Google
2010-02-08 19:18 . 2009-12-29 23:49 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\IObit
2010-02-08 18:59 . 2009-12-29 23:49 -------- d-----w- c:\programmi\IObit
2010-02-07 13:13 . 2009-09-21 15:49 -------- d-----w- c:\programmi\WinMX
2010-02-05 14:35 . 2010-01-05 02:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-02-04 23:00 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-02-04 17:46 . 2010-02-09 05:07 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-02-04 17:46 . 2010-02-09 05:07 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-28 16:17 . 2009-09-21 15:33 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Nokia
2010-01-25 16:22 . 2008-04-14 12:00 49102 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 16:22 . 2008-04-14 12:00 348834 ----a-w- c:\windows\system32\perfh010.dat
2010-01-23 14:39 . 2009-11-22 16:28 79488 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-21 16:08 . 2010-02-11 14:21 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2010-01-21 16:08 . 2010-02-11 14:21 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2010-01-19 14:51 . 2010-01-19 14:51 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Smith Micro
2010-01-19 14:44 . 2010-01-19 14:44 -------- d-----w- c:\programmi\Verizon Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\programmi\Novatel Wireless
2010-01-11 08:30 . 2009-12-28 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-01 14:12 . 2010-01-01 13:58 -------- d-----w- c:\programmi\StarFisher
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 23:32 . 2009-12-29 23:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-28 17:08 . 2009-12-28 17:01 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-28 14:31 . 2009-12-28 14:22 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 14:31 . 2009-12-28 14:18 117760 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 14:17 . 2009-12-28 14:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:15 . 2009-12-28 14:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-27 01:30 . 2009-12-27 01:30 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Dealio
2009-12-26 20:15 . 2009-12-26 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\programmi\YouTube Downloader
2009-12-26 20:01 . 2009-12-14 22:34 -------- d-----w- c:\programmi\AviSynth 2.5
2009-12-26 19:47 . 2009-12-26 19:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-12-21 19:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:40 . 2009-09-16 10:18 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 19:32 . 2009-12-16 19:32 766 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-16 19:32 . 2009-12-16 19:32 2550 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F9F64C4780432EA36BC3FE.exe
2009-12-16 19:32 . 2009-12-16 19:32 1518 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_04065E8B24270056FDCAEC.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_986D1997DEEE761AC61E6A.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0444D84993723DEE1E9C73.exe
2009-12-16 19:32 . 2009-12-16 19:32 10134 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F10B5B738A2B59884A72F5.exe
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:07 . 2008-04-14 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2008-04-13 18:55 2069760 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:12 . 2008-04-14 12:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:12 . 2008-04-13 19:13 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2001-08-30 23:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2008-04-14 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-13 19:13 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-10-04 17:19 . 2009-10-04 17:19 7888848 ----a-w- c:\programmi\Firefox Setup 3.5.3.exe
2010-01-05 02:05 . 2010-01-05 02:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2009-09-16 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-04-23 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-11-11 23:07 2166296 ----a-w- c:\programmi\Search_USA\tbSea0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"SmartRAM"="c:\programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2009-12-26 2335952]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"IObit Security 360"="c:\programmi\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
McAfee Security Scan Plus.lnk - c:\programmi\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
RVS 2010.lnk - c:\programmi\Returnil\RVS3\rvsgui.exe [2010-1-22 7090256]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Carolina^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Carolina\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-05 02:04 30192 ----a-w- c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-02-26 06:36 177456 ----a-w- c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-16 14:35 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-05 02:00 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\Carolina\\Documenti\\vlc-0.8.6i\\vlc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:*:Disabled:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:*:Disabled:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:*:Disabled:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:*:Disabled:Porta UDP ooVoo 37675

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [05/02/2010 17.45.46 45136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 15.38.17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 15.38.21 108552]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [05/02/2010 17.45.51 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [05/02/2010 17.46.00 28640]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 15.38.08 297752]
R2 IS360service;IS360service;c:\programmi\IObit\IObit Security 360\is360srv.exe [08/02/2010 19.59.21 311568]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [18/02/2010 0.16.11 93320]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [22/01/2010 17.52.30 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [05/02/2010 17.45.59 1034696]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [16/09/2009 16.42.02 951284]
S0 jhxdyus;jhxdyus;c:\windows\system32\drivers\dcns.sys --> c:\windows\system32\drivers\dcns.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/12/2009 18.07.10 135664]
S3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/09/2009 11.38.37 193840]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2010 3.04.30 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13.49.20 227232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/09/2009 16.30.44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/09/2009 16.30.45 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [07/07/2008 12.23.56 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [09/05/2008 11.08.40 174336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
S4 Application Updater;Application Updater;"c:\programmi\Application Updater\ApplicationUpdater.exe" --> c:\programmi\Application Updater\ApplicationUpdater.exe [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 14:34]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
.
.
------- Scansione supplementare -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425} = 10.128.50.1
FF - ProfilePath - c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Casella di ricerca Secure
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT15723 ... hSource=13
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}\components\FFExternalAlert.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

AddRemove-eBay Icon - c:\documents and settings\Carolina\Dati applicazioni\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 05:51
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2544)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmi\Microsoft Office\Office12\1040\GrooveIntlResource.dll
.
Ora fine scansione: 2010-02-21 05:57:29
ComboFix-quarantined-files.txt 2010-02-21 04:57

Pre-Run: 50.276.630.528 byte disponibili
Post-Run: 50.242.560.000 byte disponibili

- - End Of File - - 5C1B4478C36931D8AC4E59AEDDFE8166
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi shel » 21/02/10 11:36

ciao

non riesco a vedere niente a parte le poche eliminazioni che combofix ha fatto

questa cartella la conosci? >>>> C:\Win

fai un po' di pulizia e togli qualche programma inutile all'avvio di windows

fai una deframmentazione del disco e fai pulizia dei file temporanei con ccleaner ) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati. Riavvia

usa anche questo pulitore - avvialo con un doppio click

1.1) seleziona la casella Select All
2.1) clicca sul pulsante Empty selected
3.1) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)


esegui anche questa scansione

Aggiorna il programma : clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.

per ora non rimuovere nul
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: file log hijackthis

Postdi carito » 21/02/10 23:12

ecco il log ho eliminato la cartella win che fra l'altro il 16 malware aveva messo in quarantena

Malwarebytes' Anti-Malware 1.44
Versione del database: 3709
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/02/2010 22.38.32
mbam-log-2010-02-21 (22-38-32).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi scansionati: 384655
Tempo trascorso: 2 hour(s), 24 minute(s), 11 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi shel » 22/02/10 08:57

nemmeno malwarebytes ha trovato niente

hai notato qualche cambiamento? il pc e' sempre lento?
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: file log hijackthis

Postdi -> EleKtrA <- » 22/02/10 12:00

Ciao carito, i report di scansione non hanno evidenziato infezioni, probabilmente il sistema ha solo bisogno di un pò di manutenzione.

Gli unici valori del log di hijackthis che vorrei segnalarti sono questi,
se non hai impostato tu queste chiavi puoi fixarle.
Codice: Seleziona tutto
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1


Sarebbe inoltre opportuno aggiornare AVG alla versione 9.

Come operazioni di manutenzione suggerisco questi step:

Step 1: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
doppio clic per eseguirlo
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 2: aggiornamento dei software
- Scarica e installa l'ultima versione di Adobe Reader
- Scarica e installa l'ultima versione di Java Sun
- Aggiorna Adobe FlashPlayer:
1. Scarica il programma di disinstallazione di FlashPlayer
2. Scarica l'ultima versione di FlashPlayer per IE
3. Scarica l'ultima versione di FlashPlayer per FF
4. Chiudi tutti i browser (IE, Opera, Firefox, Chrome, etc)
5. Esegui il programma di disinstallazione scaricato al punto 1.
6. Esegui il programma di installazione scaricato al punto 2.
7. Esegui il programma di installazione scaricato al punto 3.

Step 3: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Nota
Tutte queste operazioni devono essere eseguite con Returnil in posizione "OFF"
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: file log hijackthis

Postdi carito » 27/02/10 04:09

ciao , rieccomi dopo alcuni giorni di assenza dal pc-
grazie prima di tutto per tutti i consigli , inizierò a fare tutto passo per passo sperando di non combinar casini, data la mia poca esperienza. appena finisco tutti i passaggi ti faccio sapere com'è andata .
grazie ancora ;)
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi carito » 27/02/10 06:10

ok! fatto quasi tutto! ho avuto problemi con l'aggiornamento di adobe mi ha dato 2 volte qst segnalazione:
impossibile aprire la chiave HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpticalComponents\IMAIL.
assicurarsi di disporre dei diritti di accesso sufficenti per tale chiave oppure contattare il personale di supporto.

altro problemino è come faccio a capire se ho impostato io le chiavi che mi hai evidenziato dal file di log?

a proposito ne ho effettuato un altro e se ne sono aggiunte alcune
grazie ancora per la tua pazienza :oops:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5.53.15, on 27/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\IObit\IObit Security 360\IS360srv.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmi\IObit\IObit Security 360\IS360tray.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\IObit\IObit Security 360\is360.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmi\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Programmi\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: RVS 2010.lnk = C:\Programmi\Returnil\RVS3\rvsgui.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IS360service - IObit - C:\Programmi\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11299 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi carito » 27/02/10 06:52

ops! devo aver combinato qualcosa di VERAMENTE sbagliato , sia FF che IE si bloccano e si chiudono se provo ad aprire file video da youtube.
please help me :(
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi carito » 27/02/10 13:20

Altro messaggio di errore:

i segnalibri e la cronologia non potranno funzionare correttamente in quanto un file di firefox risulta utilizzato da un altra applicazione. il problema potrebbe essere causato da un software di sicurezza.

non ho idea di cosa sia successo forse gli aggiornamenti di avg o di flashplayer o quello non andato a buon fine di adobe hanno creato qualche conflitto nel sistema.

volevo migliorare le cose ma le ho peggiorate :(
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi -> EleKtrA <- » 01/03/10 09:34

Ciao carito, non so cosa sia andato storto, le operazione che ti ho elencato sono sicure al 100%.
Probabilmente qualche software per la puliza del registro è andato troppo a fondo :-?

Se la situazione ti sembra peggiorata puoi sempre tornare indietro con un ripristino di sistema.
HOW TO: Ripristinare Windows XP a uno stato precedente
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: file log hijackthis

Postdi carito » 12/03/10 08:20

ciao ho cambiato l'antivirus in avira antivir ma credo di essermi infettata
quì il file di hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.07.13, on 12/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\IObit\IObit Security 360\IS360srv.exe
C:\Programmi\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\IObit\IObit Security 360\IS360tray.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Bywifi\bywifi.exe
C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\IObit\IObit Security 360\is360.exe
C:\Programmi\Skype\Phone\Skype.exe
c:\programmi\avira\antivir desktop\avcenter.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\McAfee Security Scan\2.0.181\McUICnt.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9000/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Programmi\Bywifi\bywifiie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bywifi] C:\Programmi\Bywifi\bywifi.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Programmi\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [bywifi] C:\Programmi\Bywifi\bywifi.exe
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [SmartRAM] "C:\Programmi\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m (User '?')
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray (User '?')
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [SpeedBitVideoAccelerator] C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe (User '?')
O4 - HKUS\S-1-5-21-2052111302-1767777339-1417001333-1003\..\Run: [bywifi] C:\Programmi\Bywifi\bywifi.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IS360service - IObit - C:\Programmi\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14105 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi gahan » 13/03/10 10:27

Ciao carito,

- chiudi tutte le applicazioni
- apri hijackthis
- clicca su "do a system scan only"
- seleziona le seguenti voci e clicca su fix checked

Codice: Seleziona tutto
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll


- Scarica ed installa Malwarebytes dal link sottostante:
http://www.techportal.it/dl/mbam-setup.exe
- disconnettiti da internet
- disattiva il tuo antivirus
- fai una scansione completa
- rimuovi eventuali minacce rilevate cliccando sul pulsante "rimuovi elementi selezionati"
- posta il log risultante dalla scansione
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: file log hijackthis

Postdi carito » 19/03/10 12:08

ciao ho fatto come mi hai detto ma nonostante avessi disattivato l'antivirus (avira aveva l'ombrellino chiuso) durante la scanzione ha rilevato alcuni virus, che credo di aver messo in quarantena o cancellato direttamente .
cmq alla fine il log di malw è risultato pulito te lo loggo.
P.S non funziona più IE non c'è verso! ma FF e Crome si....sono proprio una frana :(

Malwarebytes' Anti-Malware 1.44
Versione del database: 3772
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/03/2010 6.43.56
mbam-log-2010-03-14 (06-43-56).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi scansionati: 390701
Tempo trascorso: 12 hour(s), 46 minute(s), 46 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi gahan » 19/03/10 14:59

Ciao carito,

allora...andiamo con ordine. Ho rivisto l'intero topic e ho notato che hai effettuato controlli anti-malware con differenti software.
La mia domanda è:

attualmente, a parte il non-funzionamente di Internet Explorer, che tipo di problemi ha il tuo sistema?

Inoltre, saresti cosi gentile da dirmi che tipo di problema ha IE?
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: file log hijackthis

Postdi carito » 20/03/10 19:41

ciao :) per quanto rigurda IE mi dà problemi di impossibilità di visualizzare la pagina eseguita la diagnostica mi riporta quanto segue ( il problema si presenta da un paio di settimane più o meno e me ne sono accorta per caso visto che lo uso raramente):
Ultima esecuzione diagnostica: 03/20/10 19:23:27 Diagnostica scheda di rete
Rilevamento percorso di rete

info Utilizzo di connessione Internet domestica
Identificazione scheda di rete

info Connessione di rete: nome=Connessione rete senza fili, periferica=WLAN Broadcom 802.11a/b/g, tipo supporto=LAN, tipo supporto secondario=Senza fili
info Connessione di rete: nome=Connessione alla rete locale (LAN), periferica=Intel(R) 82562GT 10/100 Network Connection, tipo supporto=LAN, tipo supporto secondario=LAN
info Connessione di rete: nome=Nokia E51 USB Modem #3 (OTA), periferica=Agere Systems HDA Modem, tipo supporto=Telefono, tipo supporto secondario=NESSUNO
info Connessione di rete: nome=Verizon Wireless - VZAccess, periferica=Agere Systems HDA Modem, tipo supporto=Telefono, tipo supporto secondario=NESSUNO
info Connessione di rete: nome=Nokia E51 USB Modem #2 (OTA), periferica=Agere Systems HDA Modem, tipo supporto=Telefono, tipo supporto secondario=NESSUNO
info Connessione di rete: nome=tim nokia, periferica=Agere Systems HDA Modem, tipo supporto=Telefono, tipo supporto secondario=NESSUNO
info Connessione di rete: nome=Nokia E51 USB Modem (OTA), periferica=Nokia E51 USB Modem, tipo supporto=Telefono, tipo supporto secondario=NESSUNO
info Sono disponibili connessioni Ethernet e senza fili, l'utente deve scegliere la connessione desiderata
action Richiesto input dell'utente: Selezionare la connessione di rete
info Connessione Ethernet selezionata
Stato scheda di rete


info Stato della connessione di rete: Supporto disconnesso
warn Stato della scheda di rete non corretto
action Ripristino manuale: Riconnettere il cavo di rete
info Cavo di rete collegato
info Stato della connessione di rete: Supporto disconnesso
info Scheda di rete in stato temporaneo. Nuovo tentativo in corso...
info Stato della connessione di rete: Supporto disconnesso
info Scheda di rete in stato temporaneo. Nuovo tentativo in corso...
info Stato della connessione di rete: Supporto disconnesso
info Scheda di rete in stato temporaneo. Nuovo tentativo in corso...
info Stato della connessione di rete: Supporto disconnesso
warn Stato della scheda di rete non corretto
info Reindirizzamento dell'utente al supporto tecnico



Diagnostica HTTP, HTTPS, FTP
Connettività HTTP, HTTPS, FTP

warn FTP (passiva): errore 12029 durante la connessione a ftp.microsoft.com: A connection with the server could not be established
warn FTP (attiva): errore 12029 durante la connessione a ftp.microsoft.com: A connection with the server could not be established
warn HTTPS: errore 12029 durante la connessione a www.microsoft.com: A connection with the server could not be established
warn HTTP: errore 12029 durante la connessione a www.microsoft.com: A connection with the server could not be established
warn HTTPS: errore 12029 durante la connessione a www.passport.net: A connection with the server could not be established
warn HTTP: errore 12029 durante la connessione a www.hotmail.com: A connection with the server could not be established
error Impossibile eseguire una connessione HTTP.
error Impossibile eseguire una connessione HTTPS.
error Impossibile eseguire una connessione FTP.


Il Pc è già di suo abbastanza lento,causa la ram, ma ultimamente si impalla ( al punto che mi tocca farlo ripartire dal tasto di riaccenzione) 'altro giorno addirittura non si avviava neanche provava ad accendersi ma subito si spegneva e non era causa batteria essendo collegato all'alimentattore, da quando ho istallato antivir al posto di VGA ho una segnalazione (scudo rosso)di sicurezza windows che non riconosce la protezione.
come anti malware ho :malwarebytes' e superantispyware ( che uso raramente) faccio quasi tutti i giorni una pulizia con CCleaner ed una con advanced system care.

Oggi ho fatto una scanzione completa con antivir ma non ha rilevato nessuna minaccia , non sò cosa sia il caso di fare se avessi le possibilità economiche sicuramente ne comprerei uno nuovo ma x ora devo cercare di salvaguardare qst :)
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi carito » 21/03/10 09:09

ho inoltre continui segnali di blocco script e quando guardo i film in streaming dopo circa 20 min l'immagine inizia ad andare a scatti e mi tocca riavviare il sistema.
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: file log hijackthis

Postdi carito » 21/03/10 10:40

Ciao questa mattina il pc ha ripetuto gli errori che ti evidenziavo , ho provato a riavviarlo ma si spegneva da solo , sono riuscita ad avviarlo in modalità provvisoria ma non sapendo dove mettere le mani ho provato a riavviarlo normalmente e casualmente ci sono riuscita ...ho eliminato dei file che erano in quarantena su avira e magicamente IE ha ripreso a funzionare.... non sò che dire! :eeh:
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33


Torna a Sicurezza e Privacy


Topic correlati a "file log hijackthis":

pc non scarica file IPK
Autore: carlin
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 108 ospiti