Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

mi aiutate con il mio hijeckthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

mi aiutate con il mio hijeckthis

Postdi erpes » 04/10/12 19:28

ciao sono un nuovo utente uno dei tanti con tanti problemi :( :(
premessa: ho letto il regolamento prima di postare il mio problema regolarmente aggiorno tutto con attenzione non clicco d'istinto e difficilmente raccatto virus pero purtroppo come tutti prima o poi ci casco ma penso che il tutto è dovuto in conseguenza al download di un programma free da un sito affidabile... mi sono fidato e tac :mmmh:
venendo al problema ho fbdownlander che non riesco ad disistallare e http://search.findeer.com/ che mi assilla vi posto il mio log file fatto non connesso alla rete con la speranza che mi possiate indicare una strada per uscire da queste fastidiose insidie grazie a tutti e scusatemi
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.25.00, on 04/10/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17114)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Programmi\TOSHIBA\Utilità di zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Programmi\Atheros\ACU.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\POP Peeper\POPPeeper.exe
C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\giovanni\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\Utilità di zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TAccessibility] C:\Programmi\TOSHIBA\Accessibility\TAccessibility.exe Instant
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [ACU] C:\Programmi\Atheros\ACU.exe -nogui
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Programmi\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HP Deskjet 3050A J611 series (NET)] "C:\Programmi\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN18A484CF05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [DataMgr] C:\Documents and Settings\giovanni\Dati applicazioni\DataMgr\datamgr.exe
O4 - HKCU\..\Run: [Protector] wscript.exe "C:\Documents and Settings\giovanni\Dati applicazioni\SDIV 2.0\Prot\prot.vbs" check
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{03CAEF28-283F-4453-8407-DC25DD865611}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{36E81424-70C8-415A-99BF-C589E4362757}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6027DA04-C016-4B35-A4C4-47FF517C79AF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DF90076-F080-4FF4-80B6-A496DB0F0CDD}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{90B398B8-3126-4BBC-84A7-57780C0B22A8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{03CAEF28-283F-4453-8407-DC25DD865611}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{03CAEF28-283F-4453-8407-DC25DD865611}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Servizio di configurazione Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Programmi\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--
End of file - 13752 bytes
erpes
Newbie
 
Post: 4
Iscritto il: 04/10/12 17:25

Sponsor
 

Re: mi aiutate con il mio hijeckthis

Postdi FrancescoFDAC » 05/10/12 13:06

Ciao.

Il tuo PC è "pieno" come un uovo.

Scarica AdwCleaner: http://general-changelog-team.fr/fr/outils/3-adwcleaner
● termina tutti i programmi aperti
● clicca sul pulsante Search
● attendi pazientemente il termine della scansione; chiudi il file di testo che compare
● clicca sul pulsante Delete e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvia automaticamente
allega il log

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce: quando inserisci un dispositivo esterno, dovrai avviarla "manualmente" dalle Risorse del computer
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: mi aiutate con il mio hijeckthis

Postdi erpes » 05/10/12 18:50

adesso faccio combofix
# AdwCleaner v2.003 - Logfile created 10/05/2012 at 19:34:23
# Updated 23/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : giovanni - MAURO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\giovanni\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [6171 octets] - [05/10/2012 14:33:52]
AdwCleaner[S1].txt - [5995 octets] - [05/10/2012 14:35:30]
AdwCleaner[R2].txt - [1037 octets] - [05/10/2012 19:33:45]
AdwCleaner[S2].txt - [878 octets] - [05/10/2012 19:34:23]

########## EOF - C:\AdwCleaner[S2].txt - [937 octets] ##########
erpes
Newbie
 
Post: 4
Iscritto il: 04/10/12 17:25

Re: mi aiutate con il mio hijeckthis

Postdi erpes » 05/10/12 19:39

ComboFix 12-10-04.02 - giovanni 05/10/2012 20.28.51.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2038.1532 [GMT 2:00]
Eseguito da: c:\documents and settings\giovanni\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\unins000.exe
c:\windows\IsUn0410.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-05 al 2012-10-05 )))))))))))))))))))))))))))))))))))
.
.
2012-10-05 10:52 . 2012-10-05 10:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-05 10:52 . 2012-10-05 10:52 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\EmoticoonsToolbar
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\Malwarebytes
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-10-05 10:50 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-10-04 19:35 . 2012-10-04 19:35 -------- d-----w- c:\documents and settings\Administrator
2012-10-04 11:33 . 2012-10-04 11:33 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PowerOffer
2012-10-04 11:33 . 2012-10-04 13:18 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater
2012-10-04 11:33 . 2012-10-04 11:38 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\SDIV 2.0
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\HMN
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\DataMgr
2012-10-04 11:01 . 2012-10-05 10:52 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater
2012-10-04 10:32 . 2012-10-04 11:26 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\mIRC
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\AskToolbar
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\APN
2012-10-03 19:42 . 2012-10-03 19:42 -------- d-----w- c:\programmi\Avira
2012-10-01 07:25 . 2012-10-01 07:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\SUPERAntiSpyware.com
2012-10-01 07:24 . 2012-10-04 11:30 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-10-01 07:24 . 2012-10-01 07:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-09-30 09:38 . 2001-08-30 20:28 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-09-30 09:38 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-09-30 09:37 . 2011-03-30 16:43 538472 ------w- c:\windows\system32\HPDiscoPMa011.dll
2012-09-30 09:37 . 2011-03-16 09:29 462696 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2012-09-30 09:37 . 2011-03-16 09:29 1841000 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-09-30 09:37 . 2011-03-16 09:29 427368 ----a-w- c:\windows\system32\hpinkstsa011.dll
2012-09-30 09:37 . 2011-03-16 09:29 268136 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2012-09-30 09:37 . 2011-03-16 09:29 214888 ----a-w- c:\windows\system32\hpinkcoia011.dll
2012-09-30 09:37 . 2012-09-30 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2012-09-30 09:37 . 2012-09-30 09:37 -------- d-----w- c:\programmi\HP
2012-09-30 09:36 . 2012-09-30 09:36 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-27 19:03 . 2009-04-08 05:02 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:03 . 2009-04-08 05:02 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:03 . 2009-04-08 05:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:03 . 2009-04-08 05:02 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HP Deskjet 3050A J611 series (NET)"="c:\programmi\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
"Protector"="wscript.exe" [2008-05-08 155648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"ITSecMng"="c:\programmi\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-01 210232]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SmoothView"="c:\programmi\TOSHIBA\Utilità di zoom TOSHIBA\SmoothView.exe" [2008-09-10 143360]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-03-19 90112]
"TAccessibility"="c:\programmi\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-02 73728]
"TPSMain"="TPSMain.exe" [2009-03-18 266240]
"ACU"="c:\programmi\Atheros\ACU.exe" [2009-03-06 479320]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\programmi\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-18 417792]
"TUSBSleepChargeSrv"="c:\programmi\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-27 252288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programmi\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^giovanni^Menu Avvio^Programmi^Esecuzione automatica^FedEx Desktop.lnk]
path=c:\documents and settings\giovanni\Menu Avvio\Programmi\Esecuzione automatica\FedEx Desktop.lnk
backup=c:\windows\pss\FedEx Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-14 12:36 136176 ----atw- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
2011-12-16 16:44 218624 ----a-w- c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-10-04 11:28 4780928 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 08:58 24576 ----a-w- c:\windows\system32\ZoomingHook.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [21/08/2008 10.35.22 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 10.14.06 6528]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 1.38.07 116608]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [19/04/2011 17.12.22 9216]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [22/06/2011 16.42.09 48176]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 15.33.12 80000]
R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [26/08/2011 21.26.07 136176]
S2 PowerOffer Service;Pos Service;c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [04/10/2012 13.33.58 169472]
S2 ServUpdater;Serv Updater;c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [04/10/2012 13.33.58 156160]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944]
S2 SoftwareUpd;Software Upd;c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe [04/10/2012 13.01.37 161280]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/04/2009 23.35.10 1684736]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [26/08/2011 21.26.07 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/10/2012 12.52.56 40776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [10/04/2009 23.37.38 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 15.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 15.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 15.33.12 9728]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13.33.30 3064000]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-08-26 19:26]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-08-26 19:26]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171568900-1170023739-2009075220-1006Core.job
- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-20 12:36]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171568900-1170023739-2009075220-1006UA.job
- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-20 12:36]
.
2011-07-06 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-04-10 12:00]
.
2011-07-13 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-04-10 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.fbdownloader.com/?channel=sfit202fbdgy11
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03CAEF28-283F-4453-8407-DC25DD865611}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{36E81424-70C8-415A-99BF-C589E4362757}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{6027DA04-C016-4B35-A4C4-47FF517C79AF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7DF90076-F080-4FF4-80B6-A496DB0F0CDD}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{90B398B8-3126-4BBC-84A7-57780C0B22A8}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0410.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\unins000.exe
AddRemove-fbDownloader - c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\fbDownloader\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-05 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(1408)
c:\programmi\Avira\AntiVir Desktop\avsda.dll
.
Ora fine scansione: 2012-10-05 20:36:55
ComboFix-quarantined-files.txt 2012-10-05 18:36
.
Pre-Run: 37.723.320.320 byte disponibili
Post-Run: 38.367.899.648 byte disponibili
.
- - End Of File - - 3B9B38F7433E2F63BA3303B77790D167
erpes
Newbie
 
Post: 4
Iscritto il: 04/10/12 17:25

Re: mi aiutate con il mio hijeckthis

Postdi Luke57 » 06/10/12 09:01

Ciao, copia e incolla il seguente script in un file di testo:


Driver::
PowerOffer Service
ServUpdater
SoftwareUpd

Folder::
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\All Users\Documenti\AppData\PoApp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]


chiamalo obbligatoriamente CFScript.txt e mettilo sul desktop.
con il puntatore del mouse trascinalo sull'icona di combofix; il programma avvierà una nuova scansione; al termine, posta
il nuovo report.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: mi aiutate con il mio hijeckthis

Postdi erpes » 06/10/12 18:35

fatto come descritto sopra attendo notizie grazie
ComboFix 12-10-04.02 - giovanni 06/10/2012 19.17.07.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2038.1290 [GMT 2:00]
Eseguito da: c:\documents and settings\giovanni\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\giovanni\Desktop\CFScript.txt
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CC9-7C92-0300-000000000000}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Documenti\AppData\PoApp
c:\documents and settings\All Users\Documenti\AppData\PoApp\7z.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\AppLib.Zip.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\kw.sdb
c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\RegHandlerDll.dll
c:\documents and settings\All Users\Documenti\AppData\PoApp\settings\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\7z.dll
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\AppLib.Zip.dll
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallLog
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\Pos.InstallState
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PosService\settings\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\settings\settings.ini
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.InstallState
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_POWEROFFER_SERVICE
-------\Legacy_SERVUPDATER
-------\Legacy_SOFTWAREUPD
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-06 al 2012-10-06 )))))))))))))))))))))))))))))))))))
.
.
2012-10-06 08:37 . 2012-08-29 23:17 6980552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{59CC981B-446B-4C52-96DF-20707F73A201}\mpengine.dll
2012-10-06 08:37 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-06 08:33 . 2012-10-06 08:33 -------- d-----w- c:\programmi\Microsoft Security Client
2012-10-06 08:30 . 2012-10-06 08:30 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Avg2013
2012-10-05 18:51 . 2012-10-05 18:51 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\TuneUp Software
2012-10-05 18:44 . 2012-10-05 18:44 -------- d--h--w- c:\documents and settings\All Users\Dati applicazioni\Common Files
2012-10-05 18:44 . 2012-10-06 08:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MFAData
2012-10-05 18:44 . 2012-10-05 18:44 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\MFAData
2012-10-05 10:52 . 2012-10-05 10:52 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-05 10:52 . 2012-10-05 10:52 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\EmoticoonsToolbar
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\Malwarebytes
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2012-10-05 10:50 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-05 10:50 . 2012-10-05 10:50 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2012-10-04 19:35 . 2012-10-04 19:35 -------- d-----w- c:\documents and settings\Administrator
2012-10-04 11:33 . 2012-10-04 11:33 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\PowerOffer
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\SDIV 2.0
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\HMN
2012-10-04 11:25 . 2012-10-04 11:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\DataMgr
2012-10-04 10:32 . 2012-10-04 11:26 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\mIRC
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\AskToolbar
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\APN
2012-10-01 07:25 . 2012-10-01 07:25 -------- d-----w- c:\documents and settings\giovanni\Dati applicazioni\SUPERAntiSpyware.com
2012-10-01 07:24 . 2012-10-04 11:30 -------- d-----w- c:\programmi\SUPERAntiSpyware
2012-10-01 07:24 . 2012-10-01 07:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2012-09-30 09:38 . 2001-08-30 20:28 6912 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-09-30 09:38 . 2001-08-30 20:28 6912 ----a-w- c:\windows\system32\drivers\serscan.sys
2012-09-30 09:37 . 2011-03-30 16:43 538472 ------w- c:\windows\system32\HPDiscoPMa011.dll
2012-09-30 09:37 . 2011-03-16 09:29 462696 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2012-09-30 09:37 . 2011-03-16 09:29 1841000 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2012-09-30 09:37 . 2011-03-16 09:29 427368 ----a-w- c:\windows\system32\hpinkstsa011.dll
2012-09-30 09:37 . 2011-03-16 09:29 268136 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2012-09-30 09:37 . 2011-03-16 09:29 214888 ----a-w- c:\windows\system32\hpinkcoia011.dll
2012-09-30 09:37 . 2012-09-30 09:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2012-09-30 09:37 . 2012-09-30 09:37 -------- d-----w- c:\programmi\HP
2012-09-30 09:36 . 2012-09-30 09:36 -------- d-----w- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\HP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 23:15 . 2012-08-29 23:15 3782214 ----a-w- C:\chatzum_nt.exe
2012-08-27 19:03 . 2009-04-08 05:02 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:03 . 2009-04-08 05:02 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:03 . 2009-04-08 05:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:03 . 2009-04-08 05:02 17408 ----a-w- c:\windows\system32\corpol.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"HP Deskjet 3050A J611 series (NET)"="c:\programmi\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 1721192]
"Protector"="wscript.exe" [2008-05-08 155648]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-17 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-17 137752]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-12 17531392]
"ITSecMng"="c:\programmi\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2008-12-19 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"CeEKEY"="c:\programmi\TOSHIBA\E-KEY\CeEKey.exe" [2009-03-18 827392]
"TDispVol"="TDispVol.exe" [2009-04-01 210232]
"HWSetup"="c:\programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SmoothView"="c:\programmi\TOSHIBA\Utilità di zoom TOSHIBA\SmoothView.exe" [2008-09-10 143360]
"SVPWUTIL"="c:\programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2009-03-19 90112]
"TAccessibility"="c:\programmi\TOSHIBA\Accessibility\TAccessibility.exe" [2009-02-25 110592]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2009-04-02 73728]
"TPSMain"="TPSMain.exe" [2009-03-18 266240]
"ACU"="c:\programmi\Atheros\ACU.exe" [2009-03-06 479320]
"Apoint"="c:\programmi\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\programmi\Camera Assistant Software for Toshiba\traybar.exe" [2009-03-18 417792]
"TUSBSleepChargeSrv"="c:\programmi\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-03-27 252288]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programmi\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmi\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^giovanni^Menu Avvio^Programmi^Esecuzione automatica^FedEx Desktop.lnk]
path=c:\documents and settings\giovanni\Menu Avvio\Programmi\Esecuzione automatica\FedEx Desktop.lnk
backup=c:\windows\pss\FedEx Desktop.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-14 12:36 136176 ----atw- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-10-04 11:28 4780928 ----a-w- c:\programmi\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zooming]
2005-06-06 08:58 24576 ----a-w- c:\windows\system32\ZoomingHook.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [21/08/2008 10.35.22 28536]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [04/09/2007 10.14.06 6528]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 18.27.02 12880]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 23.55.22 67664]
R2 !SASCORE;SAS Core Service;c:\programmi\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 1.38.07 116608]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [19/04/2011 17.12.22 9216]
R3 cecnuvc;Chicony USB 2.0 Camera VD;c:\windows\system32\drivers\cec_uvc.sys [22/06/2011 16.42.09 48176]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 15.33.12 80000]
S1 MpKslcd0c426e;MpKslcd0c426e;\??\c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{59CC981B-446B-4C52-96DF-20707F73A201}\MpKslcd0c426e.sys --> c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{59CC981B-446B-4C52-96DF-20707F73A201}\MpKslcd0c426e.sys [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [26/08/2011 21.26.07 136176]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/04/2009 23.35.10 1684736]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [26/08/2011 21.26.07 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/10/2012 12.52.56 40776]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [10/04/2009 23.37.38 164864]
S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 15.33.10 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 15.33.12 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 15.33.12 9728]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13.33.30 3064000]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HTTPFILTER
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-08-26 19:26]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-08-26 19:26]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171568900-1170023739-2009075220-1006Core.job
- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-20 12:36]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1171568900-1170023739-2009075220-1006UA.job
- c:\documents and settings\giovanni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-09-20 12:36]
.
2012-10-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2011-07-06 c:\windows\Tasks\Promemoria registrazione 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-04-10 12:00]
.
2011-07-13 c:\windows\Tasks\Promemoria registrazione 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-04-10 12:00]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.fbdownloader.com/?channel=sfit202fbdgy11
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03CAEF28-283F-4453-8407-DC25DD865611}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{36E81424-70C8-415A-99BF-C589E4362757}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{6027DA04-C016-4B35-A4C4-47FF517C79AF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7DF90076-F080-4FF4-80B6-A496DB0F0CDD}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{90B398B8-3126-4BBC-84A7-57780C0B22A8}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-ROC_ROC_NT - c:\programmi\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-06 19:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2580)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\programmi\Windows Desktop Search\deskbar.dll
c:\programmi\Windows Desktop Search\it-it\dbres.dll.mui
c:\programmi\Windows Desktop Search\dbres.dll
c:\programmi\Windows Desktop Search\wordwheel.dll
c:\programmi\Windows Desktop Search\it-it\msnlExtRes.dll.mui
c:\programmi\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\acs.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\TDispVol.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\TPSMain.exe
c:\windows\system32\thpsrv.exe
c:\windows\system32\TPSBattM.exe
c:\programmi\Apoint2K\Apntex.exe
c:\programmi\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Ora fine scansione: 2012-10-06 19:31:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-10-06 17:31
.
Pre-Run: 37.553.184.768 byte disponibili
Post-Run: 37.829.398.528 byte disponibili
.
- - End Of File - - A4AE5B8140E6E9088A42C87CB2433731
erpes
Newbie
 
Post: 4
Iscritto il: 04/10/12 17:25


Torna a Sicurezza e Privacy


Topic correlati a "mi aiutate con il mio hijeckthis":


Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti