Condividi:        

Problemi con HiJackThis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: Problemi con HiJackThis

Postdi nonsonoio » 17/05/12 13:40

Codice: Seleziona tutto
ComboFix 12-05-17.02 - Angelo 17/05/2012  14:42:48.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.3894.2461 [GMT 2:00]
Eseguito da: c:\users\Angelo\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Angelo\AppData\Local\unins000.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-04-17 al 2012-05-17  )))))))))))))))))))))))))))))))))))
.
.
2012-05-17 12:49 . 2012-05-17 12:49   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-16 21:50 . 2012-03-06 23:04   337240   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-05-16 21:50 . 2012-03-06 23:01   24408   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-05-16 21:50 . 2012-03-06 23:04   819032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-05-16 21:50 . 2012-03-06 23:02   53080   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-05-16 21:50 . 2012-03-06 23:01   59224   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-05-16 21:50 . 2012-03-06 23:01   69976   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-05-16 21:49 . 2012-03-06 23:15   41184   ----a-w-   c:\windows\avastSS.scr
2012-05-16 21:49 . 2012-03-06 23:15   201352   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-05-15 10:40 . 2012-04-18 01:03   8917360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB5A99C-31A8-4267-BE84-C0E54E1FCF1D}\mpengine.dll
2012-05-14 23:19 . 2012-05-15 10:33   --------   d-----w-   c:\users\Angelo\AppData\Local\ServUpdater
2012-05-14 23:19 . 2012-05-14 23:19   --------   d-----w-   c:\users\Angelo\AppData\Local\PosService
2012-05-14 23:19 . 2012-05-14 23:19   --------   d-----w-   c:\users\Angelo\AppData\Local\PowerOffer
2012-05-14 22:08 . 2012-05-14 22:08   --------   d-----w-   c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar
2012-05-14 22:08 . 2012-05-14 23:19   --------   d-----w-   c:\users\Angelo\AppData\Local\SoftwareUpdater
2012-05-14 22:08 . 2012-05-14 22:08   --------   d-----w-   c:\program files (x86)\MyPcCleaner
2012-05-14 13:47 . 2012-05-14 13:47   --------   d-----w-   c:\windows\it
2012-05-14 13:46 . 2012-05-14 13:46   --------   d-----w-   c:\program files\Windows Live
2012-05-14 13:44 . 2012-05-14 13:44   89944   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\DSETUP.dll
2012-05-14 13:44 . 2012-05-14 13:44   537432   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\DXSETUP.exe
2012-05-14 13:44 . 2012-05-14 13:44   1801048   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\dsetup32.dll
2012-05-10 14:42 . 2012-05-10 14:42   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-05-10 14:42 . 2012-05-10 14:42   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-05-08 23:27 . 2012-04-02 05:24   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:27 . 2012-04-02 04:40   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:27 . 2012-03-03 06:29   1541120   ----a-w-   c:\windows\system32\DWrite.dll
2012-05-08 23:27 . 2012-03-03 06:29   320512   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-05-08 23:27 . 2012-03-03 06:29   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-05-08 23:27 . 2012-03-03 06:29   1837568   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-05-08 23:27 . 2012-03-03 06:29   902656   ----a-w-   c:\windows\system32\d2d1.dll
2012-05-08 23:27 . 2012-03-03 05:40   1074176   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-05-08 23:27 . 2012-03-03 05:40   1170944   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2012-05-08 23:27 . 2012-03-03 05:40   739840   ----a-w-   c:\windows\SysWow64\d2d1.dll
2012-05-08 23:27 . 2012-03-03 05:40   218624   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2012-05-08 23:27 . 2012-03-03 05:40   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2012-05-08 23:26 . 2012-04-02 05:34   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-08 23:26 . 2012-04-02 04:46   3958128   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 23:26 . 2012-04-02 04:46   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 23:26 . 2012-04-02 03:01   3143680   ----a-w-   c:\windows\system32\win32k.sys
2012-05-08 23:26 . 2012-03-17 07:55   75632   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-08 23:26 . 2012-03-30 11:09   1895280   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-07 14:23 . 2012-05-07 14:23   --------   d-----w-   c:\program files\CCleaner
2012-05-07 13:55 . 2012-05-07 13:55   --------   d-----w-   C:\PFiles
2012-05-07 11:01 . 2012-05-07 11:01   --------   d-----w-   c:\windows\SysWow64\drivers\AVG
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files\iPod
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files\iTunes
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-17 12:50 . 2012-05-17 12:50   69000   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB5A99C-31A8-4267-BE84-C0E54E1FCF1D}\offreg.dll
2012-04-04 13:56 . 2012-02-14 13:05   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-08 16:50 . 2012-03-08 16:50   49016   ----a-w-   c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37   302448   ----a-w-   c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2012-02-14 12:35   258520   ----a-w-   c:\windows\system32\aswBoot.exe
2012-03-04 15:02 . 2010-07-17 12:46   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-13 00:04   22896   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-13 00:04   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-13 00:04   80896   ----a-w-   c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-13 00:04   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-13 00:04   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-13 00:04   158720   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-13 00:04   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-02-28 06:35 . 2012-04-12 17:44   1197568   ----a-w-   c:\windows\system32\wininet.dll
2012-02-28 06:33 . 2012-04-12 17:44   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2012-02-28 05:40 . 2012-04-12 17:44   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-02-28 05:38 . 2012-04-12 17:44   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-02-28 05:17 . 2012-04-12 17:44   482816   ----a-w-   c:\windows\system32\html.iec
2012-02-28 04:35 . 2012-04-12 17:44   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-28 04:31 . 2012-04-12 17:44   386048   ----a-w-   c:\windows\SysWow64\html.iec
2012-02-28 03:57 . 2012-04-12 17:44   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2012-01-26 11:33   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27   1330480   ----a-w-   c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-12-13 922976]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 PowerOffer Service;Pos Service;c:\users\Angelo\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
R2 ServUpdater;Serv Updater;c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SoftwareUpd;Software Upd;c:\users\Angelo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 09:36   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-812556908-344851224-43242478-1000Core.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:56]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-812556908-344851224-43242478-1000UA.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:56]
.
2012-05-16 c:\windows\Tasks\HPCeeScheduleForAngelo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-04-28 c:\windows\Tasks\HPCeeScheduleForOBE$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15   135408   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 193.70.152.15 212.52.97.15
TCP: Interfaces\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C564C8BE-A6D6-4728-AA07-45B00153C2D1}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Angelo\AppData\Local\unins000.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-05-17  14:51:44
ComboFix-quarantined-files.txt  2012-05-17 12:51
.
Pre-Run: 245.544.235.008 byte disponibili
Post-Run: 245.340.151.808 byte disponibili
.
- - End Of File - - 3719A19884F30BA52B92ADF8715CBB95
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Sponsor
 

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 17/05/12 13:58

Disinstalla MyPcCleaner. (lo sostituiamo più avanti)

Script personalizzato di ComboFix

Avviso: non eseguire ComboFix di tua iniziativa; questo tool non è un giocattolo e non è adatto ad un uso quotidiano.

Apri il Block Note: Start> Tutti i programmi> Accessori> Blocco note
● all'interno del nuovo documento di testo, copia ed incolla le seguenti righe:


File::
c:\users\Angelo\AppData\Local\PosService\Pos.exe
c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.exe

Folder::
c:\users\Angelo\AppData\Local\ServUpdater
c:\users\Angelo\AppData\Local\PosService
c:\users\Angelo\AppData\Local\PowerOffer
c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar
c:\windows\SysWow64\drivers\AVG
c:\program files (x86)\SweetIM
c:\program files (x86)\Common Files\Spigot
c:\users\Public\Documents\AppData\PoApp

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"PosService"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

Driver::
PowerOffer Service
ServUpdater


● chiama questo file CFScript.txt, e posizionalo sul Desktop

Molto importante! Disabilita temporaneamente il tuo antivirus e firewall prima di seguire la procedura indicata. Potrebbero infatti interferire con ComboFix o rimuovere alcuni dei suoi file incorporati che possono portare a risultati imprevedibili.
Facendo riferimento all'immagine presente qui sotto, trascina con il puntatore del mouse CFScript.txt sull'icona di ComboFix
ComboFix ora eseguirà una scansione del tuo sistema. Una volta terminata, potrebbe riavviare automaticamente il sistema: in caso contrario, procedi tu manualmente.
A questo punto, il programma produrrà un Report. Copia ed incolla il log nel tuo prossimo post.

Immagine

Nota - riguardo alla procedura:
● non toccare assolutamente il mouse e la tastiera durante la scansione: potrebbe interrompersi
N.B :
● se viene visualizzato l'errore: Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione, dovrai semplicemente riavviare il sistema e ripetere lo Script
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problemi con HiJackThis

Postdi nonsonoio » 17/05/12 14:28

Codice: Seleziona tutto
ComboFix 12-05-17.02 - Angelo 17/05/2012  15:35:05.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.39.1040.18.3894.2301 [GMT 2:00]
Eseguito da: c:\users\Angelo\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Angelo\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Angelo\AppData\Local\PosService\Pos.exe"
"c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.exe"
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\config.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini
c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml
c:\program files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml
c:\program files (x86)\SweetIM
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
c:\users\Angelo\AppData\Local\PosService
c:\users\Angelo\AppData\Local\PosService\7z.dll
c:\users\Angelo\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Angelo\AppData\Local\PosService\Pos.exe
c:\users\Angelo\AppData\Local\PosService\Pos.InstallLog
c:\users\Angelo\AppData\Local\PosService\Pos.InstallState
c:\users\Angelo\AppData\Local\PosService\settings.ini
c:\users\Angelo\AppData\Local\PosService\settings\settings.ini
c:\users\Angelo\AppData\Local\PowerOffer
c:\users\Angelo\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\Angelo\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\Angelo\AppData\Local\ServUpdater
c:\users\Angelo\AppData\Local\ServUpdater\7z.dll
c:\users\Angelo\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Angelo\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Angelo\AppData\Local\ServUpdater\settings.ini
c:\users\Angelo\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar
c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar\Interop.SHDocVw.DLL
c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar\SearchToolbar.dll
c:\users\Angelo\AppData\Roaming\EmoticoonsToolbar\SearchToolbar.InstallState
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\windows\SysWow64\drivers\AVG
c:\windows\SysWow64\drivers\AVG\iavifw.avm
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-04-17 al 2012-05-17  )))))))))))))))))))))))))))))))))))
.
.
2012-05-17 13:41 . 2012-05-17 13:41   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-05-16 21:50 . 2012-03-06 23:04   337240   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-05-16 21:50 . 2012-03-06 23:01   24408   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-05-16 21:50 . 2012-03-06 23:04   819032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-05-16 21:50 . 2012-03-06 23:02   53080   ----a-w-   c:\windows\system32\drivers\aswRdr2.sys
2012-05-16 21:50 . 2012-03-06 23:01   59224   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-05-16 21:50 . 2012-03-06 23:01   69976   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2012-05-16 21:49 . 2012-03-06 23:15   41184   ----a-w-   c:\windows\avastSS.scr
2012-05-16 21:49 . 2012-03-06 23:15   201352   ----a-w-   c:\windows\SysWow64\aswBoot.exe
2012-05-15 10:40 . 2012-04-18 01:03   8917360   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DB5A99C-31A8-4267-BE84-C0E54E1FCF1D}\mpengine.dll
2012-05-14 22:08 . 2012-05-14 23:19   --------   d-----w-   c:\users\Angelo\AppData\Local\SoftwareUpdater
2012-05-14 13:47 . 2012-05-14 13:47   --------   d-----w-   c:\windows\it
2012-05-14 13:46 . 2012-05-14 13:46   --------   d-----w-   c:\program files\Windows Live
2012-05-14 13:44 . 2012-05-14 13:44   89944   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\DSETUP.dll
2012-05-14 13:44 . 2012-05-14 13:44   537432   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\DXSETUP.exe
2012-05-14 13:44 . 2012-05-14 13:44   1801048   ----a-w-   c:\program files (x86)\Common Files\Windows Live\.cache\b6283ec91cd31d703\dsetup32.dll
2012-05-10 14:42 . 2012-05-10 14:42   --------   d-----w-   c:\program files\Microsoft Silverlight
2012-05-10 14:42 . 2012-05-10 14:42   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-05-08 23:27 . 2012-04-02 05:24   1367552   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:27 . 2012-04-02 04:40   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:27 . 2012-03-03 06:29   1541120   ----a-w-   c:\windows\system32\DWrite.dll
2012-05-08 23:27 . 2012-03-03 06:29   320512   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-05-08 23:27 . 2012-03-03 06:29   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-05-08 23:27 . 2012-03-03 06:29   1837568   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-05-08 23:27 . 2012-03-03 06:29   902656   ----a-w-   c:\windows\system32\d2d1.dll
2012-05-08 23:27 . 2012-03-03 05:40   1074176   ----a-w-   c:\windows\SysWow64\DWrite.dll
2012-05-08 23:27 . 2012-03-03 05:40   1170944   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2012-05-08 23:27 . 2012-03-03 05:40   739840   ----a-w-   c:\windows\SysWow64\d2d1.dll
2012-05-08 23:27 . 2012-03-03 05:40   218624   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2012-05-08 23:27 . 2012-03-03 05:40   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2012-05-08 23:26 . 2012-04-02 05:34   5504880   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-05-08 23:26 . 2012-04-02 04:46   3958128   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 23:26 . 2012-04-02 04:46   3902320   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 23:26 . 2012-04-02 03:01   3143680   ----a-w-   c:\windows\system32\win32k.sys
2012-05-08 23:26 . 2012-03-17 07:55   75632   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-05-08 23:26 . 2012-03-30 11:09   1895280   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-05-07 14:23 . 2012-05-07 14:23   --------   d-----w-   c:\program files\CCleaner
2012-05-07 13:55 . 2012-05-07 13:55   --------   d-----w-   C:\PFiles
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files\iPod
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files\iTunes
2012-04-24 12:30 . 2012-04-24 12:30   --------   d-----w-   c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 13:56 . 2012-02-14 13:05   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-03-08 16:50 . 2012-03-08 16:50   49016   ----a-w-   c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37   302448   ----a-w-   c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2012-02-14 12:35   258520   ----a-w-   c:\windows\system32\aswBoot.exe
2012-03-04 15:02 . 2010-07-17 12:46   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-13 00:04   22896   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-13 00:04   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-13 00:04   80896   ----a-w-   c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-13 00:04   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-13 00:04   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-13 00:04   158720   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-13 00:04   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-02-28 06:35 . 2012-04-12 17:44   1197568   ----a-w-   c:\windows\system32\wininet.dll
2012-02-28 06:33 . 2012-04-12 17:44   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2012-02-28 05:40 . 2012-04-12 17:44   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-02-28 05:38 . 2012-04-12 17:44   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-02-28 05:17 . 2012-04-12 17:44   482816   ----a-w-   c:\windows\system32\html.iec
2012-02-28 04:35 . 2012-04-12 17:44   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-28 04:31 . 2012-04-12 17:44   386048   ----a-w-   c:\windows\SysWow64\html.iec
2012-02-28 03:57 . 2012-04-12 17:44   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2012-01-26 11:33   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-05-17_12.49.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-17 13:41 . 2012-05-17 13:41   14197              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-05-16 22:58 . 2012-05-16 22:58   14197              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-05-17 12:16   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 13:42   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 13:42   65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 12:16   65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 12:16   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-17 13:42   16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-17 10:30 . 2012-05-17 12:59   58468              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-17 12:59   40408              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-25 20:10 . 2012-05-17 12:17   12020              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-812556908-344851224-43242478-1000_UserData.bin
+ 2011-11-25 20:10 . 2012-05-17 12:59   12020              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-812556908-344851224-43242478-1000_UserData.bin
- 2011-11-25 19:54 . 2012-05-17 12:16   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-25 19:54 . 2012-05-17 13:43   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-25 19:54 . 2012-05-17 13:43   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-25 19:54 . 2012-05-17 12:16   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-25 19:54 . 2012-05-17 13:43   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-25 19:54 . 2012-05-17 12:16   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-25 19:54 . 2012-05-17 13:43   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-25 19:54 . 2012-05-17 12:16   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-25 19:54 . 2012-05-17 12:16   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-25 19:54 . 2012-05-17 13:43   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-17 13:41 . 2012-05-17 13:41   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-17 12:15 . 2012-05-17 12:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-17 13:41 . 2012-05-17 13:41   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-17 12:15 . 2012-05-17 12:15   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-05-17 13:41   243344              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-16 22:58   243344              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-18 14:38 . 2012-05-16 13:47   1519136              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-18 14:38 . 2012-05-17 13:41   1519136              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2012-05-17 12:29   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-17 13:11   10223616              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-09 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-17 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SoftwareUpd;Software Upd;c:\users\Angelo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 09:36   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-812556908-344851224-43242478-1000Core.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:56]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-812556908-344851224-43242478-1000UA.job
- c:\users\Angelo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 19:56]
.
2012-05-16 c:\windows\Tasks\HPCeeScheduleForAngelo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2012-04-28 c:\windows\Tasks\HPCeeScheduleForOBE$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15   135408   ----a-w-   c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"combofix"="c:\combofix\CF7974.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.findeer.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 193.70.152.15 212.52.97.15
TCP: Interfaces\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{C564C8BE-A6D6-4728-AA07-45B00153C2D1}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Ora fine scansione: 2012-05-17  15:46:40 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-05-17 13:46
ComboFix2.txt  2012-05-17 12:51
.
Pre-Run: 245.403.840.512 byte disponibili
Post-Run: 244.938.936.320 byte disponibili
.
- - End Of File - - 22D7B1F4581F461A91A48E7E26EA6458
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 17/05/12 15:56

Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

allega un log di hijackthis.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problemi con HiJackThis

Postdi gahan » 17/05/12 17:02

Spostato in Sicurezza e Privacy
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: Problemi con HiJackThis

Postdi nonsonoio » 17/05/12 18:54

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:12:23, on 17/05/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Users\Angelo\Desktop\HiJackThis-2.0.4.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C564C8BE-A6D6-4728-AA07-45B00153C2D1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Angelo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12052 bytes
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 18/05/12 12:29

Esegui la procedura descritta, rigorosamente nel suo ordine, al fine di:
guadagnare spazio su disco
ottimizzare le prestazioni del sistema
mantenere il corretto funzionamento di Windows

Ottimizzazione - post rimozione malware

Il mio consiglio è quello di stampare questa procedura, perché tornerà senz'altro utile in futuro, a te ed ai tuoi conoscenti: condividila pure con loro, non ha controindicazioni di alcun genere ed andrebbe eseguita dopo aver rimosso tutte le infezione presenti nel sistema.
Queste operazioni infatti, andrebbero eseguite almeno una volta al mese (per utilizzatori di Computer assidui il tempo è ridotto a due settimane, eccetto per lo Scandisk, punto 13. della procedura).

Tieni presente che la maggior parte delle chiavi di registro corrotte e danneggiate non si possono ripristinare e riparare correttamente, e l'installazione e la disinstallazione continua dei programmi può causare crash di sistema e fastidiose schermate blu.

Una formattazione consente di ottenere dei massimi benefici, in termini di velocità, stabilità e prestazioni: questa procedura si avvicina maggiormente ai risultati ottenuti tramite una formattazione del disco fisso.

1. Rimuovi le voci di avvio non necessarie

Questa procedura è puramente facoltativa: questi sono programmi che si avviano quando accendi il computer, ma puoi eseguirli una volta caricato il sistema operativo.
Togliendo questi software dall'esecuzione automatica, l'avvio sarà più veloce ed il computer funzionerà meglio.

Avvia HiJackThis e:
● clicca sul pulsante Do a system scan only/Scan
metti la spunta accanto ad ogni singola voce indicata sotto
● spuntate le voci, termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul pulsante Fix checked; potrebbe comparire un'ulteriore finestra durante il fix delle voci: clicca su
Queste sono le voci da fixare:

O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

Nota: per lanciare HiJackThis su Windows Vista e Windows 7, clicca con il tasto destro del mouse sulla icona di HiJackThis (rappresentata da un omino vestito di rosso con una lente di ingrandimento, nota il file eseguibile in grassetto sotto) e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

Il percorso da seguire per trovare l'eseguibile del programma è: Start/ Computer/ Programmi/ Trend Micro/ HiJackThis/ HiJackThis.exe

******************************

2. Disinstalla i programmi inutilizzati, e tutte le Toolbar

Procedura per Windows XP:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Installazione applicazioni
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Rimuovi: partirà la procedura di disinstallazione

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● apri il Pannello di controllo
● clicca su Programmi, e su Programmi e funzionalità
● seleziona il programma da disinstallare, e clicca sul tasto Cambia/Disinstalla: partirà la procedura di disinstallazione

******************************

3. Disinstalla dal Pannello di controllo, in particolare, le seguenti applicazioni:
Adobe Flash Player
Adobe Reader
Java (tutte le versioni installate)

Scarica ed installa, dai siti proposti, le versioni aggiornate dei programmi appena disinstallati:
Adobe Flash Player: http://get.adobe.com/it/flashplayer
Adobe Reader : http://get.adobe.com/it/reader
Java: http://java.com/it/download/index.jsp

Note - riguardo alla procedura:
non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce
● alternativamente ad Abobe Reader, software pesante e soprattutto soggetto a vulnerabilità sfruttabili dai malware presenti nella rete per infettare il sistema, puoi scaricare il veloce e leggerissimo Sumatra PDF Reader, che nulla ha da invidiare al prodotto di casa Adobe: http://blog.kowalczyk.info/software/sum ... eader.html

******************************

4. Disattiva il Ripristino Configurazione di Sistema

Procedura per Windows XP:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Risorse del computer
● seleziona, dal menù a tendina, la voce Proprietà
● apri la scheda Ripristino configurazione di sistema
● metti la spunta alla voce Disattiva Ripristino configurazione di sistema su tutte le unità
● conferma la modifica, con Applica e OK

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● tasto destro del mouse sull'icona Computer
● seleziona, dal menù a tendina, la voce Proprietà
● clicca, nel menù a sinistra, su Protezione sistema; compare un avviso relativo al Controllo Account Utente: clicca su Continua
● deseleziona la casella di controllo visualizzata accanto al Disco Locale C:
● clicca sul pulsante OK
● conferma la modifica apportata, cliccando sul pulsante Applica e OK

******************************

5. Svuota del suo contenuto la cartella Prefetch

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella Prefetch
elimina tutte le voci conservate al suo interno, tranne il file Layout.ini: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Prefetch contiene i file che il sistema operativo esegue; un'operazione di prefetch consiste nel rendere immediatamente disponibili, nella memoria cache, i file utilizzati più spesso e quelli necessari per il processo di avvio del personal computer.
Il riavvio successivo sarà un po' lento, ma quelli seguenti saranno senza dubbio più veloci

******************************

6. Svuota del suo contenuto la cartella Download

Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Risorse del computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Procedura per Windows Vista e Windows Seven:
● clicca sul pulsante Start
● clicca su Computer
● apri il Disco locale C:
● individua ed apri la cartella Windows
● individua ed apri la cartella SoftwareDistribution
● individua ed apri la cartella Download
elimina tutte le voci conservate al suo interno: fai attenzione però, a non eliminare la cartella

Nota - riguardo alla procedura:
● la cartella Download contiene i file di installazione degli aggiornamenti di Windows, che possono essere eliminati senza problemi per recuperare spazio su disco e risolvere fastidiosi problemi di aggiornamenti

******************************

7. Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota: per eseguire correttamente TFC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

8. Scarica ed installa CCleaner: http://www.piriform.com/ccleaner/download
Nota - durante l'installazione: non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato ed avviato, esegui queste operazioni:
● nel menù di sinistra, clicca su Opzioni
● nella finestra successiva, clicca su Impostazioni
● spunta la voce Tipo cancellazione: Sicura (lenta) e nel menù a tendina seleziona la voce DOD 5220.22-M (3 passaggi)
● clicca su Avanzate
● togli la spunta alla voce Cancella file in Windows Temp solo se più vecchi di 24 ore e alla voce Chiedi se salvare un backup dei problemi del registro
● clicca, nel menù a sinistra, su Pulizia: nella sezione Avanzate, metti la spunta alle voci Vecchi dati Prefetch, Disinstallatori Aggiornamenti di Windows e File Log IIS
● apri, in alto, il tab Applicazioni: spunta tutte le voci presenti
termina tutti i programmi attivi, comprese le pagine Internet
● clicca, in basso a sinistra, sul bottone Analizza, per cercare i file temporanei
● clicca, in basso a destra, sul bottone Avvia Pulizia, per avviare la pulizia dei file temporanei
● nella finestra che compare, metti la spunta alla voce Non mostrare più questo messaggio, e conferma cliccando sul pulsante OK
● terminata la pulizia, nel menù a sinistra, clicca sulla voce Registro
● clicca sul bottone Trova Problemi, per avviare la ricerca delle voci di registro corrotte e danneggiate
● clicca sul bottone Ripara selezionati... e prosegui con la riparazione: la pulizia del registro ripetila più volte, fino a quando non verranno più rilevati problemi da correggere
● una volta terminate le operazioni, chiudi il programma

Nota: in Windows Seven, manca la voce Disinstallatori Aggiornamenti di Windows, e la voce Tipo cancellazione: Sicura (lenta) DOD 5220.22-M (3 passaggi) è stata sostituita dalla dicitura Sovrascrittura avanzata 83 passaggi

******************************

9. Lancia Hijackthis e pulisci gli ADS (esclusivamente su partizioni formattate in NTFS):
● clicca sulla voce Open the Misc Tools section
● clicca su Open ADS Spy..., nel tab System tools
● in alto, togli la spunta alla voce Quick scan (Windows base folder only)
● clicca, in basso, sul pulsante Scan
● attendi pazientemente il termine della scansione
● se venissero rilevati molti ADS, clicca con il tasto destro sulla prima casellina, e scegli la voce Select all
● clicca, in basso, sul pulsante Remove selected: conferma con
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
● in caso avessi un sistema operativo a 64 Bit, tralascia la procedura. Fai click qui per scoprire se il tuo sistema operativo è a 32 o 64 Bit: http://support.microsoft.com/kb/827218/it

******************************

10. Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Note - riguardo al programma:
OTC by OldTimer va eseguito solamente nel caso tu abbia utilizzato in precedenza particolari programmi che richiedono una particolare procedura di disinstallazione, come ComboFix, FindAWF, GMER, RSIT e TDSS Killer.
● per eseguire correttamente OTC by OldTimer su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore: conferma la richiesta proposta

******************************

11. Riabilita il Ripristino Configurazione di Sistema, seguendo la procedura inversa al punto 4

******************************

12. Scarica ed installa Defraggler: http://www.piriform.com/defraggler/download

Nota - durante l'installazione:
non consentire l'installazione di componenti aggiuntivi (Toolbar in particolare): non installarne alcuno, quindi togli la spunta alla relativa voce

Una volta installato, esegui queste operazioni:
● avvia il programma con un doppio click
● seleziona con il tasto sinistro del mouse l'unità Disco Locale C:
● clicca, in basso a sinistra, sul bottone Deframmenta
● attendi pazientemente il termine delle operazioni

******************************

13. Controlla l'Hard Disk per eventuali errori


Procedura per Windows XP:
● clicca sul pulsante Start
● clicca su Esegui
● nello spazio bianco, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni
● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

Procedura per Windows Vista e Windows Seven:


● clicca sul pulsante Start
● scegli la voce Tutti i programmi
● clicca su Accessori
● clicca con il tasto destro sull'icona Prompt dei comandi, e scegli la voce Esegui come amministratore
● nello spazio nero, copia ed incolla questa riga:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
● clicca sul pulsante OK
● attendi pazientemente il termine delle operazioni; digita ora exit, sempre nello spazio nero, per uscire dal Prompt dei comandi, e quindi premi il pulsante Invio
● una finestra DOS vuota potrebbe aprirsi sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi
● allega il file checkhd.txt presente sul Desktop per un controllo

******************************

Note - al termine della procedura:
riavvia il sistema
allega un nuovo log di HijackThis
● comunica come funziona il sistema, e quali problemi riscontri attualmente
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problemi con HiJackThis

Postdi nonsonoio » 19/05/12 14:04

Codice: Seleziona tutto
Il file system Š di tipo NTFS.

Avvertenza! Parametro F non specificato
CHKDSK eseguito in modalit… sola lettura.

Verifica dei file in corso (fase 1 di 3)...
Verifica file completata.
  362 record di file di grandi dimensioni elaborati.                     

  0 record file non validi elaborati.                                     

  0 record EA elaborati.                                           

  86 record reparse elaborati.                                     

Verifica degli indici in corso (fase 2 di 3)...
Accesso negato. Privilegi insufficienti.
Questa utilit… deve essere eseguita tramite un account con privilegi elevati.




Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:24:07, on 19/05/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Angelo\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Angelo\Desktop\HiJackThis-2.0.4.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C564C8BE-A6D6-4728-AA07-45B00153C2D1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Angelo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10265 bytes
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi nonsonoio » 19/05/12 14:31

http://tinypic.com/r/jhvn29/6

giusto per vedere se ci sono programmi inutili che possono dare fastidio

comunque dopo i 13 punti.. il pc va mooooolto meglio..direi che è come nuovo
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 19/05/12 14:40

Fixa ancora queste voci:

Codice: Seleziona tutto
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O3 - Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe


Abbiamo finito.
Alla prossima!
Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problemi con HiJackThis

Postdi nonsonoio » 19/05/12 15:13

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:59, on 19/05/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Angelo\Desktop\HiJackThis-2.0.4.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O3 - Toolbar: (no name) - !{691ca8ec-7205-4aa9-bdd6-15493d16f835} - (no file)
O3 - Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - (no file)
O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C564C8BE-A6D6-4728-AA07-45B00153C2D1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2299E5D3-D881-43D2-9411-351A9786667E}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Angelo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9770 bytes
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi aurelio37 » 19/05/12 15:44

Il tuo sistema operativo non è aggiornato col SP1 e successivi aggiornamenti di sicurezza.
Anche Internet Explorer non è aggiornato alla versione 9
Avatar utente
aurelio37
Moderatore
 
Post: 2736
Iscritto il: 07/02/07 11:36
Località: Milano

Re: Problemi con HiJackThis

Postdi nonsonoio » 20/05/12 10:42

mmmh dopo aver eseguito la procedura il pc andava benissimo..poi però ad un certo punto dopo un giorno di utilizzo del pc..ho riscontrato che all'avvio il pc carica per diversi secondi la connessione Wlan.. cosa che prima invece non faceva in quanto la procedura aveva eliminato questo problema..

cosa può essere successo?
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 20/05/12 10:56

Ciao. Aggiorna il PC installando l'ultimo SP rilasciato per il tuo SO, Internet Explorer 9 compreso (come ha fatto notare giustamente Aurelio).

Per il "problema" della connessione, può darsi che avendo eliminato la voce in avvio manualmente essa si avvi impiegando un attimino di tempo in più.

Nulla di cui preoccuparsi, comunque.

Ciao!
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problemi con HiJackThis

Postdi nonsonoio » 20/05/12 11:18

infatti va tutto molto bene..sono davvero contento del procedimento seguito..

ultima cosa è che non so cosa sia SO e come si aggiorni
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi nikita75 » 20/05/12 12:17

"La teoria è quando si sa tutto e niente funziona. La pratica è quando tutto funziona e nessuno sa il perché. Noi abbiamo messo insieme la teoria e la pratica: non c'è niente che funzioni e nessuno sa il perché" Albert Einstein
Immagine
Avatar utente
nikita75
Utente Senior
 
Post: 5387
Iscritto il: 31/07/09 13:36
Località: Alberobello (Bari )

Re: Problemi con HiJackThis

Postdi nonsonoio » 26/05/12 00:45

fatto grazie :D
nonsonoio
Utente Senior
 
Post: 101
Iscritto il: 14/05/12 23:40

Re: Problemi con HiJackThis

Postdi FrancescoFDAC » 26/05/12 12:52

Di nulla. Alla prossima!
Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "Problemi con HiJackThis":


Chi c’è in linea

Visitano il forum: Nessuno e 35 ospiti