Condividi:        

aiuto ho lista hijackthis ma non sò cosa eliminare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 05/02/10 19:43

tanti dubbi e poche certezze se non che il mio pc è molto lento!!!!
grazie infinite

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://search.conduit.com?SearchSource= ... =CT2304564
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} -

C:\Programmi\Search_USA\tbSea0.dll
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -

C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File

comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google

Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File

comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [HP Online Support] C:\WINDOWS\system32\ConSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO

LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI

RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft

Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RVS 2010.lnk = C:\Programmi\Returnil\RVS3\rvsgui.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities

4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google

Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} -

C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer =

213.230.130.222 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer =

10.128.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer =

213.230.130.222 217.200.200.42
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP

Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google -

C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. -

C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software -

C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. -

C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12364 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Sponsor
 

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 05/02/10 20:18

ciao

puoi ripetere la scansione con hijackthis? devi incollarla intera, senza pause
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 05/02/10 22:08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.54.12, on 05/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\CCleaner\CCleaner.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2304564
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O3 - Toolbar: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [HP Online Support] C:\WINDOWS\system32\ConSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: RVS 2010.lnk = C:\Programmi\Returnil\RVS3\rvsgui.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB5264E-D657-4BCF-AC03-801ABA2AAF1C}: NameServer = 213.230.130.222 217.200.200.42
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 05/02/10 22:10

non sò se sono riuscita a non fare pause nel copia incolla ,spero di si.
grazie
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 05/02/10 23:13

hai un'infezione abbastanza rognosa da rimuovere

ora proviamo a rimuoverla con malwarebytes altrimenti agiremo direttamente a mano

nel frattempo Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto (se presente) e premi ''kill process''

C:\WINDOWS\system32\ConSvc.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e dopo esserti disconnesso da internet ed aver chiuso tutti i programmi aperti premi ''fix checked'' :

R3 - URLSearchHook: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - (no file)

O3 - Toolbar: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - (no file)

O4 - HKLM\..\Policies\Explorer\Run: [HP Online Support] C:\WINDOWS\system32\ConSvc.exe

O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)

O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)



Scarica e installa
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 00:11

ops! ho chiuso il pc e riavviandolo mi si è automaticamente cancellato tutto ciò che avevo fatto prima ho riscaricato hijackthis e mi ha ritrovato file che avevo precedentemente tolto...
qui di seguito il nuovo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.05.13, on 06/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Returnil\RVS3\rvsgui.exe
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\IObit\Advanced SystemCare 3\Awc.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 2779 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 03:55

scaricato malwarebytes ,di seguito il log . ma prima causa mia completa demenza ho cancellato con hijackthis tutti i bho in lista..... pensi abbia fatto un danno grave?
grazie x la disponibilità e pazienza



Malwarebytes' Anti-Malware 1.44
Versione del database: 3695
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2010 3.50.49
mbam-log-2010-02-06 (03-50-27).txt

Tipo di scansione: Scansione completa (C:\|H:\|)
Elementi scansionati: 368538
Tempo trascorso: 3 hour(s), 15 minute(s), 53 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 1
Cartelle infette: 3
File infetti: 10

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorNE (Rogue.RegistryDoktor) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

Cartelle infette:
C:\Programmi\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\definitions (Rogue.RegistryDoktor) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RegistryDoktor 4.1 (Rogue.RegistryDoktor) -> No action taken.

File infetti:
C:\Programmi\RegistryDoktor 4.1\Cl.exe (Rogue.Multiple) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\EngineAP.dll (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\FolderPaths.txt (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\ScheduleAP.txt (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\Task.dat (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\unins000.dat (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\unins000.exe (Rogue.RegistryDoktor) -> No action taken.
C:\Programmi\RegistryDoktor 4.1\definitions\200812.cab (Rogue.RegistryDoktor) -> No action taken.
C:\Documents and Settings\All Users\Menu Avvio\Programmi\RegistryDoktor 4.1\Disinstalla Registry Doktor 4.1.lnk (Rogue.RegistryDoktor) -> No action taken.
C:\Win\names.txt (Worm.AutoIT) -> No action taken.
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 04:27

ti allego anche l'ultimo log di hjt
p.s (nel frattempo Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto (se presente) e premi ''kill process''

C:\WINDOWS\system32\ConSvc.exe)

non c'era qst voce :(

puoi dirmi se F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe sia un virus rimosso parzialmente?
grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4.18.14, on 06/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2304564
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmi\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKLM\..\Policies\Explorer\Run: [HP Online Support] C:\WINDOWS\system32\ConSvc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9805 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 06/02/10 10:00

RegistryDoktor e' un rogue e sicuramente ti ha creato il problema

riavvia malwarebytes ed elimina tutto, solo cosi' potrai eliminare l'infezione che vedi in hijackthis


Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 18:14

ciao scusa la mia ignoranza in materia.... come faccio a disattivare l'antivirus? ho AVG
grazie
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 18:17

ce l'ho fatta! sorry
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 20:03

ecco di seguito il log di combo....aspetto tue nuove istruzioni :) grazie
ComboFix 10-02-05.04 - Carolina 06/02/2010 19.34.33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.194 [GMT 1:00]
Eseguito da: c:\documents and settings\Carolina\Documenti\Download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\khq
c:\programmi\Dealio Toolbar
c:\programmi\Dealio Toolbar\FF\chrome.manifest
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\login.js
c:\programmi\Dealio Toolbar\FF\chrome\content\login.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\parser.js
c:\programmi\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\programmi\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\programmi\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\programmi\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\programmi\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\programmi\Dealio Toolbar\FF\chrome\skin\separator.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\target.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\programmi\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\programmi\Dealio Toolbar\FF\components\config.ini
c:\programmi\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\programmi\Dealio Toolbar\FF\components\IFBHOHelperWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\components\IFBHOWidgiToolbar.xpt
c:\programmi\Dealio Toolbar\FF\install.rdf
c:\programmi\Dealio Toolbar\IE\4.0.2\config.ini
c:\programmi\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\programmi\Dealio Toolbar\Res\amazon.gif
c:\programmi\Dealio Toolbar\Res\apple.gif
c:\programmi\Dealio Toolbar\Res\barnes.gif
c:\programmi\Dealio Toolbar\Res\bestbuy.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo.gif
c:\programmi\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\programmi\Dealio Toolbar\Res\ebay.gif
c:\programmi\Dealio Toolbar\Res\icon_settings.gif
c:\programmi\Dealio Toolbar\Res\macys.gif
c:\programmi\Dealio Toolbar\Res\newegg.gif
c:\programmi\Dealio Toolbar\Res\overstock.gif
c:\programmi\Dealio Toolbar\Res\search-button-hover.gif
c:\programmi\Dealio Toolbar\Res\search-button.gif
c:\programmi\Dealio Toolbar\Res\search-chevron-hover.gif
c:\programmi\Dealio Toolbar\Res\search-chevron.gif
c:\programmi\Dealio Toolbar\Res\search_amazon.gif
c:\programmi\Dealio Toolbar\Res\search_dealio.gif
c:\programmi\Dealio Toolbar\Res\search_ebay.gif
c:\programmi\Dealio Toolbar\Res\search_yahoo.gif
c:\programmi\Dealio Toolbar\Res\target.gif
c:\programmi\Dealio Toolbar\Res\walmart.gif
c:\programmi\Dealio Toolbar\Res\widgets.xml
c:\programmi\Dealio Toolbar\SearchSettings.dll
c:\programmi\Dealio Toolbar\SearchSettings.exe
c:\programmi\Dealio Toolbar\SearchSettingsRes409.dll
c:\programmi\Dealio Toolbar\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\chrome.manifest
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\plugin.xul
c:\programmi\Dealio Toolbar\SSFF\chrome\content\protection.js
c:\programmi\Dealio Toolbar\SSFF\chrome\content\utils.js
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\programmi\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\programmi\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearch.xpt
c:\programmi\Dealio Toolbar\SSFF\components\IFBHOSearchHelperEngine.xpt
c:\programmi\Dealio Toolbar\SSFF\components\IFHelperPreferences.xpt
c:\programmi\Dealio Toolbar\SSFF\components\SearchSettingsFF.dll
c:\programmi\Dealio Toolbar\SSFF\components\sscfg.ini
c:\programmi\Dealio Toolbar\SSFF\install.rdf
c:\programmi\Dealio Toolbar\WidgiHelper.exe
c:\windows\system32\MSVolumeRD.dll
c:\windows\system32\oem11.inf
c:\windows\system32\winlogon.bak
H:\khq

.
((((((((((((((((((((((((( Files Creati Da 2010-01-06 al 2010-02-06 )))))))))))))))))))))))))))))))))))
.

2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 23:23 . 2010-02-06 02:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-05 23:03 . 2010-02-05 23:03 -------- d-----w- c:\programmi\Trend Micro
2010-02-05 16:56 . 2010-02-05 16:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-01-13 14:16 28640 ----a-w- c:\windows\system32\drivers\rvsmonn1.sys
2010-02-05 16:45 . 2010-01-13 14:16 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-02-05 16:45 . 2010-01-13 14:16 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-02-05 16:45 . 2010-02-05 16:45 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-05 16:45 . 2010-02-05 21:34 -------- d-----w- C:\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\windows\system32\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\programmi\Returnil
2010-02-05 14:34 . 2010-02-05 14:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-29 14:02 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-29 14:02 . 2008-04-13 18:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-23 19:18 . 2010-02-06 17:00 -------- d-----r- C:\Win
2010-01-19 14:51 . 2010-01-19 14:51 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Smith Micro
2010-01-19 14:44 . 2010-01-19 14:44 -------- d-----w- c:\programmi\Verizon Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\programmi\Novatel Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\windows\Downloaded Installations
2010-01-19 14:42 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-19 14:42 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 18:45 . 2009-09-16 14:57 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Skype
2010-02-05 14:35 . 2010-01-05 02:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-02-04 23:00 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-01-28 16:17 . 2009-09-21 15:33 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Nokia
2010-01-25 16:22 . 2008-04-14 12:00 49102 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 16:22 . 2008-04-14 12:00 348834 ----a-w- c:\windows\system32\perfh010.dat
2010-01-23 14:39 . 2009-11-22 16:28 79488 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 08:30 . 2009-12-28 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-08 07:19 . 2010-02-04 07:25 2066200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2010-01-06 15:17 . 2009-12-17 09:18 -------- d-----w- c:\programmi\Google
2010-01-02 19:37 . 2009-09-16 14:39 71176 -c--a-w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-01 14:12 . 2010-01-01 13:58 -------- d-----w- c:\programmi\StarFisher
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\IObit
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\programmi\IObit
2009-12-29 23:32 . 2009-12-29 23:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-28 17:08 . 2009-12-28 17:01 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-28 14:31 . 2009-12-28 14:22 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 14:31 . 2009-12-28 14:18 117760 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 14:17 . 2009-12-28 14:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:15 . 2009-12-28 14:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-27 01:30 . 2009-12-27 01:30 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Dealio
2009-12-26 20:15 . 2009-12-26 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2009-12-26 20:14 . 2009-12-26 20:14 -------- d-----w- c:\programmi\Application Updater
2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\programmi\YouTube Downloader
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\AVS4YOU
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-12-26 20:01 . 2009-12-14 22:34 -------- d-----w- c:\programmi\AviSynth 2.5
2009-12-26 19:48 . 2009-12-26 19:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVS4YOU
2009-12-26 19:47 . 2009-12-26 19:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-12-23 17:58 . 2009-12-29 23:49 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-12-23 17:58 . 2009-12-29 23:49 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2009-12-21 19:06 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:12 . 2009-09-16 10:50 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-17 00:37 . 2009-12-06 14:05 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVP 2009
2009-12-16 19:32 . 2009-12-16 19:32 766 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-16 19:32 . 2009-12-16 19:32 2550 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F9F64C4780432EA36BC3FE.exe
2009-12-16 19:32 . 2009-12-16 19:32 1518 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_04065E8B24270056FDCAEC.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_986D1997DEEE761AC61E6A.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0444D84993723DEE1E9C73.exe
2009-12-16 19:32 . 2009-12-16 19:32 10134 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F10B5B738A2B59884A72F5.exe
2009-12-16 19:32 . 2009-12-16 19:32 -------- d-----w- c:\programmi\MP3 Player Utilities 4.17
2009-12-16 19:30 . 2009-12-14 22:41 -------- d-----w- c:\programmi\MP3 Player Utilities 3.57
2009-12-16 19:29 . 2009-12-16 19:29 -------- d-----w- c:\programmi\MP3
2009-12-15 23:42 . 2009-12-15 23:42 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\dvdcss
2009-11-21 15:54 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 14:56 . 2009-12-02 23:46 607544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!\YUpdater\yupdater.exe
2009-11-09 18:11 . 2009-11-09 18:11 628706 ----a-w- c:\windows\system32\takefive.exe
2009-10-04 17:19 . 2009-10-04 17:19 7888848 ----a-w- c:\programmi\Firefox Setup 3.5.3.exe
2010-01-05 02:05 . 2010-01-05 02:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2009-09-16 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-04-23 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-11-11 23:07 2166296 ----a-w- c:\programmi\Search_USA\tbSea0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-07-27 1644784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RVS 2010.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\RVS 2010.lnk
backup=c:\windows\pss\RVS 2010.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Carolina^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Carolina\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-12-26 12:48 2335952 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-05 02:04 30192 ----a-w- c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-16 14:35 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-05 02:00 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\Carolina\\Documenti\\vlc-0.8.6i\\vlc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [05/02/2010 17.45.46 45136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 15.38.17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 15.38.21 108552]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [05/02/2010 17.45.51 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [05/02/2010 17.46.00 28640]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 15.38.08 297752]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [22/01/2010 17.52.30 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [05/02/2010 17.45.59 1034696]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/09/2009 11.38.37 193840]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [16/09/2009 16.42.02 951284]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/12/2009 18.07.10 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2010 3.04.30 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/09/2009 16.30.44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/09/2009 16.30.45 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [07/07/2008 12.23.56 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [09/05/2008 11.08.40 174336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 14:34]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2304564
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425} = 10.128.50.1
FF - ProfilePath - c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT23841 ... hSource=13
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Explorer_Run-HP Online Support - c:\windows\system32\ConSvc.exe
AddRemove-RegistryDoktor 2009_is1 - c:\programmi\RegistryDoktor 4.1\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 19:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3280)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\wudfhost.exe
c:\programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
c:\programmi\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2010-02-06 19:53:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-02-06 18:53

Pre-Run: 53.568.970.752 byte disponibili
Post-Run: 53.448.990.720 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 723FDC2AE57E0852BA18A97FB174AFED
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 06/02/10 22:09

Ora apri una pagina del blocco note e copia incolla quanto segue

file::
c:\windows\system32\ConSvc.exe

folder::
c:\programmi\RegistryDoktor


salva la pagina nominandola obligatoriamente in CFScript.txt

a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix

Immagine

lascialo lavorare fino alla fine e riposta il suo log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 06/02/10 23:18

spero di aver fatto tutto esattamente

ComboFix 10-02-06.01 - Carolina 06/02/2010 23.02.02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.201 [GMT 1:00]
Eseguito da: c:\documents and settings\Carolina\Documenti\Download\ComboFix.exe
Opzioni usate :: c:\documents and settings\Carolina\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Resident AV is active


FILE ::
"c:\windows\system32\ConSvc.exe"
.

((((((((((((((((((((((((( Files Creati Da 2010-01-06 al 2010-02-06 )))))))))))))))))))))))))))))))))))
.

2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 23:23 . 2010-02-05 23:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-02-05 23:23 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 23:23 . 2010-02-06 02:48 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-02-05 23:03 . 2010-02-05 23:03 -------- d-----w- c:\programmi\Trend Micro
2010-02-05 16:56 . 2010-02-05 16:56 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-02-05 16:46 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Returnil
2010-02-05 16:46 . 2010-01-13 14:16 28640 ----a-w- c:\windows\system32\drivers\rvsmonn1.sys
2010-02-05 16:45 . 2010-01-13 14:16 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-02-05 16:45 . 2010-01-13 14:16 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-02-05 16:45 . 2010-02-05 16:45 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-05 16:45 . 2010-02-05 21:34 -------- d-----w- C:\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\windows\system32\Returnil
2010-02-05 16:45 . 2010-02-05 16:45 -------- d-----w- c:\programmi\Returnil
2010-02-05 14:34 . 2010-02-05 14:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-29 14:02 . 2008-04-13 18:13 54784 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-01-29 14:02 . 2008-04-13 18:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-01-23 19:18 . 2010-02-06 17:00 -------- d-----r- C:\Win
2010-01-19 14:51 . 2010-01-19 14:51 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Smith Micro
2010-01-19 14:44 . 2010-01-19 14:44 -------- d-----w- c:\programmi\Verizon Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\programmi\Novatel Wireless
2010-01-19 14:43 . 2010-01-19 14:43 -------- d-----w- c:\windows\Downloaded Installations
2010-01-19 14:42 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-01-19 14:42 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 21:55 . 2009-09-16 14:57 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Skype
2010-02-05 14:35 . 2010-01-05 02:00 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-02-04 23:00 . 2009-09-16 14:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2010-01-28 16:17 . 2009-09-21 15:33 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Nokia
2010-01-25 16:22 . 2008-04-14 12:00 49102 ----a-w- c:\windows\system32\perfc010.dat
2010-01-25 16:22 . 2008-04-14 12:00 348834 ----a-w- c:\windows\system32\perfh010.dat
2010-01-23 14:39 . 2009-11-22 16:28 79488 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-11 08:30 . 2009-12-28 17:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-01-08 07:19 . 2010-02-04 07:25 2066200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg8\update\backup\avgcorex.dll
2010-01-06 15:17 . 2009-12-17 09:18 -------- d-----w- c:\programmi\Google
2010-01-02 19:37 . 2009-09-16 14:39 71176 -c--a-w- c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-01 14:12 . 2010-01-01 13:58 -------- d-----w- c:\programmi\StarFisher
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\IObit
2009-12-29 23:49 . 2009-12-29 23:49 -------- d-----w- c:\programmi\IObit
2009-12-29 23:32 . 2009-12-29 23:32 -------- d-----w- c:\programmi\Windows Live Safety Center
2009-12-28 17:08 . 2009-12-28 17:01 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-12-28 14:31 . 2009-12-28 14:22 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-28 14:31 . 2009-12-28 14:18 117760 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-28 14:17 . 2009-12-28 14:17 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-12-28 14:16 . 2009-12-28 14:16 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\SUPERAntiSpyware.com
2009-12-28 14:15 . 2009-12-28 14:15 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-12-27 01:30 . 2009-12-27 01:30 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\Dealio
2009-12-26 20:15 . 2009-12-26 20:15 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2009-12-26 20:14 . 2009-12-26 20:14 -------- d-----w- c:\programmi\Application Updater
2009-12-26 20:11 . 2009-12-26 20:11 -------- d-----w- c:\programmi\YouTube Downloader
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\AVS4YOU
2009-12-26 20:05 . 2009-12-26 19:40 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-12-26 20:01 . 2009-12-14 22:34 -------- d-----w- c:\programmi\AviSynth 2.5
2009-12-26 19:48 . 2009-12-26 19:48 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVS4YOU
2009-12-26 19:47 . 2009-12-26 19:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-12-23 17:58 . 2009-12-29 23:49 52224 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
2009-12-23 17:58 . 2009-12-29 23:49 101376 ----a-w- c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
2009-12-18 13:12 . 2009-09-16 10:50 -------- d-----w- c:\programmi\File comuni\Adobe
2009-12-17 00:37 . 2009-12-06 14:05 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\AVP 2009
2009-12-16 19:32 . 2009-12-16 19:32 766 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_6FEFF9B68218417F98F549.exe
2009-12-16 19:32 . 2009-12-16 19:32 2550 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F9F64C4780432EA36BC3FE.exe
2009-12-16 19:32 . 2009-12-16 19:32 1518 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_04065E8B24270056FDCAEC.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_986D1997DEEE761AC61E6A.exe
2009-12-16 19:32 . 2009-12-16 19:32 1078 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_0444D84993723DEE1E9C73.exe
2009-12-16 19:32 . 2009-12-16 19:32 10134 ----a-r- c:\documents and settings\Carolina\Dati applicazioni\Microsoft\Installer\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}\_F10B5B738A2B59884A72F5.exe
2009-12-16 19:32 . 2009-12-16 19:32 -------- d-----w- c:\programmi\MP3 Player Utilities 4.17
2009-12-16 19:30 . 2009-12-14 22:41 -------- d-----w- c:\programmi\MP3 Player Utilities 3.57
2009-12-16 19:29 . 2009-12-16 19:29 -------- d-----w- c:\programmi\MP3
2009-12-15 23:42 . 2009-12-15 23:42 -------- d-----w- c:\documents and settings\Carolina\Dati applicazioni\dvdcss
2009-11-21 15:54 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-10 14:56 . 2009-12-02 23:46 607544 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Yahoo!\YUpdater\yupdater.exe
2009-11-09 18:11 . 2009-11-09 18:11 628706 ----a-w- c:\windows\system32\takefive.exe
2009-10-04 17:19 . 2009-10-04 17:19 7888848 ----a-w- c:\programmi\Firefox Setup 3.5.3.exe
2010-01-05 02:05 . 2010-01-05 02:05 119808 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2009-09-16 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2009-04-23 . 3316C8A8EC07A9D4C0BE10310809A9E5 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-11-11 23:07 2166296 ----a-w- c:\programmi\Search_USA\tbSea0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:\programmi\Search_USA\tbSea0.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ccleaner"="c:\programmi\CCleaner\CCleaner.exe" [2009-07-27 1644784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"QlbCtrl.exe"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"SoundMAXPnP"="c:\programmi\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"vsc32cnf.exe"="c:\programmi\Roland\VSC32\vsc32cnf.exe" [2000-02-07 36864]
"vscvol.exe"="c:\programmi\Roland\VSC32\vscvol.exe" [2000-02-08 36864]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 14:38 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=vscapi.dll
"WAVE1"=vscapi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^RVS 2010.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\RVS 2010.lnk
backup=c:\windows\pss\RVS 2010.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Carolina^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\Carolina\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 11:08 935288 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 03:08 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2009-12-26 12:48 2335952 ----a-w- c:\programmi\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 07:27 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-01-05 02:04 30192 ----a-w- c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-13 17:14 1695232 ------w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57 153136 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-09-16 14:35 148888 ----a-w- c:\programmi\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-01-05 02:00 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\WinMX\\WinMX.exe"=
"c:\\Documents and Settings\\Carolina\\Documenti\\vlc-0.8.6i\\vlc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [05/02/2010 17.45.46 45136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/09/2009 15.38.17 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [16/09/2009 15.38.21 108552]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [05/02/2010 17.45.51 264128]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [05/02/2010 17.46.00 28640]
R1 SASDIFSV;SASDIFSV;c:\programmi\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16.26.58 9968]
R1 SASKUTIL;SASKUTIL;c:\programmi\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16.26.56 74480]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [16/12/2009 17.38.20 375296]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [16/09/2009 15.38.08 297752]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [22/01/2010 17.52.30 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [05/02/2010 17.45.59 1034696]
R3 Com4QLBEx;Com4QLBEx;c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [16/09/2009 11.38.37 193840]
R3 vsc32;Virtual Sound Canvas 3.2;c:\windows\system32\drivers\vsc.sys [16/09/2009 16.42.02 951284]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [17/12/2009 18.07.10 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [05/01/2010 3.04.30 30192]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [21/09/2009 16.30.44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [21/09/2009 16.30.45 8320]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [07/07/2008 12.23.56 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [09/05/2008 11.08.40 174336]
S3 SASENUM;SASENUM;c:\programmi\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16.27.00 7408]
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-05 14:34]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-12-17 17:06]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2304564
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to AMV Converter... - c:\programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425} = 10.128.50.1
FF - ProfilePath - c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search Powered by Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT23841 ... hSource=13
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Carolina\Dati applicazioni\Mozilla\Firefox\Profiles\ipiql0vu.default\extensions\{31c7d459-9cc3-44f2-9dca-fc11795309b4}\components\RadioWMPCore.dll
FF - component: c:\programmi\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Carolina\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 23:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\programmi\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1924)
c:\windows\system32\WININET.dll
c:\programmi\File comuni\Ahead\Lib\NeroSearchBar.dll
c:\programmi\File comuni\Ahead\Lib\MFC71U.DLL
c:\programmi\File comuni\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-02-06 23:14:27
ComboFix-quarantined-files.txt 2010-02-06 22:14
ComboFix2.txt 2010-02-06 18:53

Pre-Run: 53.229.121.536 byte disponibili
Post-Run: 53.214.539.776 byte disponibili

- - End Of File - - DB883736F809835710354BCCD391C398
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 06/02/10 23:47

scarica http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.


scarica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)


abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

controlla su questi due siti se questo file e' legittimo

http://www.virustotal.com/it/

c:\windows\system32\takefive.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 07/02/10 00:45

come da tuo suggerimento spero di aver fatto correttamente

Il file è già stato analizzato:
MD5: 87d3c907d1379d3e6281af1bc5472540
First received: 2009.11.05 13:19:47 UTC
Data 2010.01.07 11:53:33 UTC [>30D]
Risultati 12/41
Permalink: analisis/5994816eafa94efdeb5b56bc1848496cc25431e2d66d7bc588ed1efde09ddb13-1262865213

File takefive.exe ricevuto il 2010.01.07 11:53:33 (UTC)
Stato corrente: finito
Risultato: 12/41 (29.27%)
Formattato Formattato
Stampa risultati Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.48 2010.01.07 -
AhnLab-V3 5.0.0.2 2010.01.07 -
AntiVir 7.9.1.130 2010.01.07 -
Antiy-AVL 2.0.3.7 2010.01.06 -
Authentium 5.2.0.5 2010.01.07 -
Avast 4.8.1351.0 2010.01.06 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.07 -
CAT-QuickHeal 10.00 2010.01.07 Win32.Packed.Klone.bj.4
ClamAV 0.94.1 2010.01.07 PUA.Script.Packed-3
Comodo 3490 2010.01.06 UnclassifiedMalware
DrWeb 5.0.1.12222 2010.01.07 -
eSafe 7.0.17.0 2010.01.06 -
eTrust-Vet 35.2.7221 2010.01.07 -
F-Prot 4.5.1.85 2010.01.06 -
F-Secure 9.0.15370.0 2010.01.07 -
Fortinet 4.0.14.0 2010.01.07 PossibleThreat
GData 19 2010.01.07 -
Ikarus T3.1.1.79.0 2010.01.07 -
Jiangmin 13.0.900 2010.01.07 TrojanDownloader.Zlob.xcl
K7AntiVirus 7.10.940 2010.01.06 -
Kaspersky 7.0.0.125 2010.01.07 -
McAfee 5853 2010.01.06 -
McAfee+Artemis 5853 2010.01.06 Artemis!87D3C907D137
McAfee-GW-Edition 6.8.5 2010.01.07 Heuristic.BehavesLike.Win32.Spyware.J
Microsoft 1.5302 2010.01.07 -
NOD32 4750 2010.01.07 Win32/Packed.Autoit.Gen
Norman 6.04.03 2010.01.07 -
nProtect 2009.1.8.0 2010.01.07 -
Panda 10.0.2.2 2010.01.06 -
PCTools 7.0.3.5 2010.01.07 -
Prevx 3.0 2010.01.07 Medium Risk Malware
Rising 22.29.03.04 2010.01.07 -
Sophos 4.49.0 2010.01.07 -
Sunbelt 3.2.1858.2 2010.01.07 Trojan.Win32.AutoIt.gen.1 (v)
Symantec 20091.2.0.41 2010.01.07 -
TheHacker 6.5.0.3.138 2010.01.07 Trojan/Autorun.gen
TrendMicro 9.120.0.1004 2010.01.07 -
VBA32 3.12.12.1 2010.01.06 Trojan.Autoit.F
ViRobot 2010.1.7.2126 2010.01.07 -
VirusBuster 5.0.21.0 2010.01.06 -
Informazioni addizionali
File size: 628706 bytes
MD5 : 87d3c907d1379d3e6281af1bc5472540
SHA1 : 474d3185e067a254e9e6ec8c064fb2ecdc1889cc
SHA256: 5994816eafa94efdeb5b56bc1848496cc25431e2d66d7bc588ed1efde09ddb13
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x54D3D
timedatestamp.....: 0x4850E379 (Thu Jun 12 10:51:05 2008)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x65F57 0x66000 6.69 3acda4623a0e3d29e47286c5ce656b86
.rdata 0x67000 0xE534 0xE600 5.02 f5ea2b2f886fbb9eaf7f19883bd5f07b
.data 0x76000 0x16AD8 0x2A00 3.89 85ce1e4957f76b29bd9a747a6ce443cc
.rsrc 0x8D000 0x21368 0x21400 5.33 bd4f582a135c005efee0dbc44e98ece3

( 13 imports )

> advapi32.dll: RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, RegCloseKey, RegQueryValueExW, RegOpenKeyExW
> comctl32.dll: ImageList_DragMove, ImageList_EndDrag, ImageList_DragLeave, ImageList_DragEnter, ImageList_BeginDrag, ImageList_SetDragCursorImage, ImageList_Destroy, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Remove
> comdlg32.dll: GetSaveFileNameW, GetOpenFileNameW
> gdi32.dll: LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, SetTextColor, GetObjectW, SetBkMode, RoundRect, SetBkColor, CloseFigure, SetPixel, EndPath, StrokePath, StrokeAndFillPath, ExtCreatePen, PolyBezierTo, SetViewportOrgEx, Rectangle, CreatePen, CreateSolidBrush, CreateCompatibleBitmap, GetPixel, DeleteDC, GetDIBits, BitBlt, SelectObject, CreateDIBSection, CreateCompatibleDC, CreateFontW, GetDeviceCaps, GetTextFaceW, GetStockObject, CreateDCW, GetTextExtentPoint32W, DeleteObject
> kernel32.dll: UnmapViewOfFile, OpenProcess, CreateFileMappingW, MapViewOfFile, WriteProcessMemory, ReadProcessMemory, CreateFileW, ReadFile, SetFilePointer, SetFileTime, FindResourceW, LoadResource, GetFileAttributesW, LockResource, FindFirstFileW, SizeofResource, FindClose, EnumResourceNamesW, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, OutputDebugStringW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, TerminateProcess, SetSystemPowerState, GetLocalTime, MultiByteToWideChar, WideCharToMultiByte, CompareStringW, InterlockedIncrement, InterlockedDecrement, WriteFile, CreatePipe, GetStdHandle, InterlockedExchange, EnterCriticalSection, TerminateThread, LeaveCriticalSection, DeleteCriticalSection, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetDriveTypeW, QueryPerformanceFrequency, GetVolumeInformationW, SetVolumeLabelW, DeviceIoControl, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, SetFileAttributesW, WritePrivateProfileSectionW, GetShortPathNameW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetEnvironmentVariableW, GetFileSize, SetEnvironmentVariableW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, SetProcessWorkingSetSize, GlobalMemoryStatus, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, CreateProcessW, SetPriorityClass, VirtualAlloc, LoadLibraryExW, GetModuleHandleA, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, RaiseException, GetModuleFileNameA, HeapSize, HeapReAlloc, HeapDestroy, HeapCreate, RtlUnwind, QueryPerformanceCounter, GetModuleHandleW, GetSystemInfo, GetVersionExW, GetCurrentThreadId, Sleep, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, HeapAlloc, GetProcessHeap, HeapFree, CloseHandle, GetCurrentProcess, LoadLibraryA, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, GetConsoleCP, GetConsoleMode, SetHandleCount, GetCurrentDirectoryW, FreeLibrary, InitializeCriticalSection, GetProcAddress, LoadLibraryW, GetStartupInfoW, GetVersionExA, ExitProcess, ExitThread, GetSystemTimeAsFileTime, GetFileType, GetStartupInfoA, SetStdHandle, ResumeThread, FlushFileBuffers, LCMapStringA, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, CompareStringA, GetDiskFreeSpaceW, SetEnvironmentVariableA
> mpr.dll: WNetUseConnectionW, WNetGetConnectionW, WNetAddConnection2W, WNetCancelConnection2W
> ole32.dll: OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, IIDFromString, StringFromIID, CLSIDFromString, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, StringFromCLSID, OleUninitialize
> oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> shell32.dll: DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
> user32.dll: SetWindowLongW, FlashWindow, GetActiveWindow, InflateRect, CharNextW, DrawFocusRect, wsprintfW, DrawTextW, RedrawWindow, FrameRect, DrawFrameControl, FillRect, DrawMenuBar, PtInRect, DestroyMenu, SetMenu, DestroyAcceleratorTable, CreateAcceleratorTableW, GetWindowTextLengthW, SetCursor, GetWindowDC, TranslateAcceleratorW, GetSystemMetrics, IsDialogMessageW, CreateMenu, IsDlgButtonChecked, GetSysColor, DefDlgProcW, ReleaseCapture, SetCapture, SetActiveWindow, FindWindowExW, EnumThreadWindows, LoadImageW, CreateIconFromResourceEx, mouse_event, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, IsZoomed, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, DispatchMessageW, GetDC, GetKeyboardLayoutNameA, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, DestroyWindow, GetMenu, GetClientRect, CopyRect, EndPaint, BeginPaint, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, SendMessageTimeoutW, GetFocus, GetWindowTextW, ScreenToClient, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, GetCaretPos, GetSubMenu, GetMenuStringW, IsCharUpperW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, GetKeyboardLayoutNameW, ClientToScreen, RegisterHotKey, ReleaseDC, SetMenuItemInfoW, GetCursor, PostMessageW, GetWindowRect, MessageBoxW, GetForegroundWindow, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, MessageBoxA, RegisterWindowMessageW, DestroyIcon, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, TranslateMessage, PeekMessageW, WindowFromPoint, SetClipboardData, EmptyClipboard, CountClipboardFormats, SetWindowPos, CopyImage, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, AdjustWindowRectEx, SetRect, CharLowerBuffW, GetMessageW, VkKeyScanA, LockWindowUpdate, UnregisterHotKey, keybd_event, ExitWindowsEx, CharUpperW
> version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
> winmm.dll: waveOutSetVolume, mciSendStringW, timeGetTime
> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 0 exports )
TrID : File type identification
Windows Screen Saver (51.1%)
Win32 Executable Generic (33.2%)
Generic Win/DOS Executable (7.8%)
DOS Executable Generic (7.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 12288:C6SKqT31T6WpJY6V765jKqostkm3ObaajRM1:PxqT31T6WE6I5jKqosOm+bvRM1
Prevx Info: http://info.prevx.com/aboutprogramtext. ... 00A23D86E5
PEiD : -
RDS : NSRL Reference Data Set
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 07/02/10 10:54

sembra tutto a posto, quello che non doveva essere nel pc e' stato eliminato

scarica http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

carica Atfcleaner

http://www.atribune.org/ccount/click.php?id=1

Avvia ATFCleaner.exe con un doppio click

1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning
(se usi opera o firefox,spunta anche le loro sezioni)


Per eliminare i vari Tooll scaricati:
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.


postami un log di hijackthis
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 07/02/10 13:57

ciao ecco l'iltimo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.50.33, on 07/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\Roland\VSC32\vsc32cnf.exe
C:\Programmi\Roland\VSC32\vscvol.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2304564
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:\Programmi\Search_USA\tbSea0.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [vsc32cnf.exe] C:\Programmi\Roland\VSC32\vsc32cnf.exe
O4 - HKLM\..\Run: [vscvol.exe] C:\Programmi\Roland\VSC32\vscvol.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.17\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://micro.moe.hm
O15 - ESC Trusted Zone: http://axxe.trompizgerbo.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33D97FE2-9B2A-4ADA-9CE7-F2F9E1CE2425}: NameServer = 10.128.50.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Returnil Virtual System Core Service (RVSMONBL) - CJSC Returnil Software - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmi\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9361 bytes
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi carito » 07/02/10 14:04

volevo aggiungere il link di pc-facile ai segnalibri ma la funzione non è funzionante :( , non sò se sia un problema di firefox o se invece sia un problema di saturazione , puoi darmi un tuo parere?
grazie infinite per il supporto e la professionalità . Buona domenica :D
carito
Utente Junior
 
Post: 42
Iscritto il: 05/02/10 19:33

Re: aiuto ho lista hijackthis ma non sò cosa eliminare

Postdi shel » 07/02/10 14:14

fixa queste voci da hijackthis

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2304564

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Scarica OTC by OldTimer sul desktop per eliminare i programmi usati nel topic
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp. Riavvia il pc

vai in Disco Locale C: ed elimina la cartella QooBox

elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto ho lista hijackthis ma non sò cosa eliminare":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 64 ospiti