Condividi:        

log di HiJackThis, parere

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

log di HiJackThis, parere

Postdi Reb04 » 19/07/12 23:58

ciao a tutti, ho da pochissimo comprato un nuovo pc (s.o. Windows 7 Home Premium 64 bit) ogni tanto mi si aprivano pagine pubblicitarie mentre navigavo

l'antivirus (AVG 2012 free) non mi ha mai trovato niente (ora ho messo AVIRA, sempre free edition)
ho usato CCleaner e anche Spybot Search and Destroy che mi hanno corretto alcuni errori

poi ho usato Malwarebytes che mi ha trovato ed eliminato 2 file ''PUP.ToolbarDownloader' e Kaspersky TDSS Killer che non ha trovato niente

infine, ho lanciato HiJackThis, questo era il log:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:57, on 19/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @Keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14085 bytes


ho fixato queste voci (che ho visto in rete consigliavano di fixarle) ma lo suggeriva pure il sito HiJack:
Codice: Seleziona tutto
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search
Diagnosi E' consigliabile premere subito il pulsante Fix in HijackThis!

O17 - HKLM\System\CCS\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CS1\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CS2\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.


-------------------------------------------------------------
quindi ora questo è il mio attuale log di HiJackThis:
Codice: Seleziona tutto
Micro HijackThis v2.0.2
Scan saved at 20:21:04, on 19/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @Keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11616 bytes


ora mi pare di non avere più quel problema, pare tutto ok, nel log però ci sono delle voci che mi sa sono da fixare, la mia domanda è appunto questa: devo fixare anche queste voci?
queste:
Codice: Seleziona tutto
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe


O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe

       
O23 - Service: Software Upd (SoftwareUpd) -  SoftwareUpdService -  C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe


potete dare un occhio al log e vedere se sono da fixare e se ce ne sono altre da fixare per caso?

grazie mille!!
Reb04
Newbie
 
Post: 3
Iscritto il: 19/07/12 23:44

Sponsor
 

Re: log di HiJackThis, parere

Postdi Reb04 » 20/07/12 00:49

ho scordato di scrivere che avevo fixato anche:

Codice: Seleziona tutto
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
Applicazione sconosciuta.Gli elementi non necessari (disattivati) dovrebbero essere eliminati.

O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
Applicazione sconosciuta.Gli elementi non necessari (disattivati) dovrebbero essere eliminati.
Reb04
Newbie
 
Post: 3
Iscritto il: 19/07/12 23:44

Re: log di HiJackThis, parere

Postdi FrancescoFDAC » 20/07/12 10:17

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: log di HiJackThis, parere

Postdi Reb04 » 20/07/12 11:21

grazie
ti ho risposto anche da un'altra parte

due cose:
1)se poi devo creare un file txt, lo devo rinominare ''xxxx.txt'' o non devo scrivere ''.txt''? basta scegliere ''salva come documento di testo txt'', giusto?

2)ho anche disattivato il ripristino configurazione di sistema prima di lanciare combofix, lo posso riattivare ora?




dopo che ha riavviato e ha generato il log ho dovuto riavviare di nuovo perchè non mi faceva più fare niente

ecco il log
Codice: Seleziona tutto
ComboFix 12-07-20.01 - Proprietario 20/07/2012  11:58:45.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8087.5973 [GMT 2:00]
Eseguito da: c:\users\Proprietario\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Proprietario\AppData\Local\unins000.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-06-20 al 2012-07-20  )))))))))))))))))))))))))))))))))))
.
.
2012-07-20 10:01 . 2012-07-20 10:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-20 09:58 . 2012-06-29 10:04   9133488   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8C88CAD-46B6-49D5-84B0-84787A9911EF}\mpengine.dll
2012-07-19 17:07 . 2012-07-20 10:02   94656   ----a-w-   c:\windows\system32\WPRO_41_2001woem.tmp
2012-07-19 16:51 . 2012-02-03 13:26   27760   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2012-07-19 16:51 . 2012-02-03 13:26   132320   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-07-19 16:51 . 2012-02-03 13:26   97312   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2012-07-19 16:51 . 2012-07-19 16:51   --------   d-----w-   c:\programdata\Avira
2012-07-19 16:51 . 2012-07-19 16:51   --------   d-----w-   c:\program files (x86)\Avira
2012-07-19 15:38 . 2012-07-19 15:38   --------   d-----w-   c:\program files (x86)\Trend Micro
2012-07-19 13:21 . 2012-07-19 13:22   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:21 . 2012-07-19 13:21   --------   d-----w-   c:\programdata\Malwarebytes
2012-07-19 13:21 . 2012-07-03 11:46   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-07-19 01:44 . 2012-07-19 16:42   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2012-07-19 01:44 . 2012-07-19 16:42   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2012-07-18 23:50 . 2012-07-18 23:50   --------   d-----w-   c:\program files (x86)\OpenOffice.org 3
2012-07-18 21:53 . 2012-07-18 21:53   --------   d-----w-   c:\program files\Common Files\DESIGNER
2012-07-18 21:53 . 2012-07-18 21:53   --------   d-----w-   c:\windows\PCHEALTH
2012-07-18 21:51 . 2012-07-18 21:51   --------   d-----w-   c:\program files\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 21:51   --------   d-----w-   c:\program files (x86)\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 22:22   --------   d-----w-   c:\program files\Microsoft Office
2012-07-18 21:50 . 2012-07-18 21:50   --------   d-----r-   C:\MSOCache
2012-07-18 21:36 . 2012-07-18 22:43   --------   d-----w-   c:\programdata\Microsoft Help
2012-07-18 18:05 . 2012-07-18 18:05   --------   d-----w-   c:\program files (x86)\uTorrent
2012-07-18 16:49 . 2012-07-18 16:49   --------   d-----w-   c:\programdata\Sony Corporation
2012-07-18 16:15 . 2012-07-18 16:49   --------   d-----w-   c:\program files (x86)\Sony
2012-07-17 01:05 . 2012-07-17 01:06   --------   d-----w-   c:\program files (x86)\Ciel
2012-07-16 23:59 . 2012-07-16 23:59   --------   d-----w-   c:\program files (x86)\AnvSoft
2012-07-16 23:57 . 2012-07-16 23:57   --------   d-----w-   c:\program files (x86)\Common Files\xing shared
2012-07-16 23:57 . 2012-07-16 23:57   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2012-07-16 23:57 . 2012-07-16 23:57   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2012-07-16 23:56 . 2012-07-16 23:57   --------   d-----w-   c:\program files (x86)\Real
2012-07-16 19:06 . 2012-07-16 19:06   --------   d-----w-   c:\program files (x86)\IrfanView
2012-07-16 17:05 . 2012-07-16 17:05   --------   d-----w-   c:\program files (x86)\FastStone Image Viewer
2012-07-16 16:16 . 2012-07-16 17:39   --------   d-----w-   c:\programdata\InstallShield
2012-07-16 00:32 . 2012-07-16 00:32   --------   d-----w-   c:\program files (x86)\TPE
2012-07-15 20:40 . 2008-01-30 15:36   90112   ----a-w-   c:\windows\unvise32.exe
2012-07-15 20:40 . 2012-07-15 20:40   --------   d-----w-   c:\program files (x86)\Datacolor
2012-07-15 01:16 . 2012-07-15 01:16   --------   d-----w-   c:\program files (x86)\VideoLAN
2012-07-14 23:34 . 2012-07-14 23:34   --------   d-----w-   c:\program files (x86)\CrystalDiskInfo
2012-07-13 13:28 . 2012-06-12 03:08   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-13 13:21 . 2012-06-06 06:06   2004480   ----a-w-   c:\windows\system32\msxml6.dll
2012-07-13 12:43 . 2012-07-13 12:43   --------   d-----w-   c:\programdata\ATI
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\programdata\AMD
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files (x86)\AMD AVT
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files (x86)\AMD APP
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files (x86)\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files (x86)\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41   --------   d-----w-   c:\program files\ATI Technologies
2012-07-07 17:30 . 2012-07-07 17:30   --------   d-----w-   c:\program files\CCleaner
2012-07-07 12:49 . 2012-07-07 12:49   0   ----a-w-   c:\windows\ativpsrm.bin
2012-07-07 03:24 . 2012-07-07 03:24   --------   d-----w-   c:\program files (x86)\SystemRequirementsLab
2012-07-07 03:21 . 2012-07-07 03:21   --------   d-----w-   c:\program files (x86)\Common Files\Java
2012-07-07 03:21 . 2012-07-07 03:21   --------   d-----w-   c:\program files (x86)\Oracle
2012-07-07 03:21 . 2012-05-04 17:29   772504   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-07-07 03:21 . 2012-05-04 17:29   687504   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-07-07 03:21 . 2012-07-07 03:21   --------   d-----w-   c:\program files (x86)\Java
2012-07-06 13:22 . 2012-07-06 13:22   --------   d-----w-   c:\programdata\Hewlett-Packard
2012-07-06 13:22 . 2009-07-14 01:41   230400   ----a-w-   c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-07-06 00:20 . 2012-07-06 00:20   --------   d-----w-   c:\program files (x86)\MyPcCleaner
2012-07-06 00:15 . 2012-07-06 00:15   --------   d-----w-   c:\programdata\regid.1986-12.com.adobe
2012-07-06 00:14 . 2012-07-06 00:15   --------   d-----w-   c:\program files\Adobe
2012-07-06 00:13 . 2012-07-06 00:15   --------   d-----w-   c:\program files\Common Files\Adobe
2012-07-05 22:30 . 2010-02-23 08:16   294912   ----a-w-   c:\windows\system32\browserchoice.exe
2012-07-05 21:43 . 2012-07-16 19:33   --------   d-----w-   c:\program files (x86)\Common Files\Adobe AIR
2012-07-05 21:43 . 2012-07-05 21:43   --------   d-----w-   c:\program files (x86)\Adobe Download Assistant
2012-07-05 19:55 . 2012-07-13 13:27   59701280   ----a-w-   c:\windows\system32\MRT.exe
2012-07-05 18:44 . 2012-07-05 18:44   --------   d-----w-   c:\program files (x86)\Common Files\logishrd
2012-07-05 18:44 . 2012-07-05 18:44   --------   d-----w-   c:\program files\Common Files\logishrd
2012-07-05 18:36 . 2012-07-05 18:36   --------   d-----w-   c:\windows\SysWow64\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36   --------   d-----w-   c:\windows\system32\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36   --------   d-----w-   c:\windows\SysWow64\Wat
2012-07-05 18:36 . 2012-07-05 18:36   --------   d-----w-   c:\windows\system32\Wat
2012-07-05 18:21 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-07-05 18:21 . 2012-03-01 06:38   220672   ----a-w-   c:\windows\system32\wintrust.dll
2012-07-05 18:21 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-07-05 18:21 . 2012-03-01 05:37   172544   ----a-w-   c:\windows\SysWow64\wintrust.dll
2012-07-05 18:21 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-07-05 16:08 . 2012-07-05 16:08   --------   d-----w-   C:\viewpower
2012-07-05 16:08 . 2012-07-05 16:08   --------   d-----w-   c:\program files (x86)\ViewPower
2012-07-05 16:08 . 2012-07-05 16:08   --------   d--h--w-   c:\program files (x86)\Zero G Registry
2012-07-05 15:24 . 2012-07-18 21:53   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2012-07-05 15:21 . 2012-07-06 00:20   --------   d-----w-   c:\program files\WinRAR
2012-07-05 14:58 . 2012-07-05 14:59   --------   d-----w-   c:\program files (x86)\softOSD
2012-07-05 14:58 . 2007-05-03 16:19   14032   ----a-w-   c:\windows\system32\drivers\se64a.sys
2012-07-05 14:43 . 2012-07-13 14:20   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 14:43 . 2012-07-13 14:20   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 14:43 . 2012-07-05 14:43   --------   d-----w-   c:\windows\SysWow64\Macromed
2012-07-05 14:43 . 2012-07-05 14:43   --------   d-----w-   c:\windows\system32\Macromed
2012-07-05 14:41 . 2012-07-06 00:14   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2012-07-05 14:34 . 2012-04-26 05:41   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-07-05 14:33 . 2012-05-04 11:06   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-07-05 14:33 . 2012-05-04 10:03   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-07-05 14:33 . 2012-05-04 10:03   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-07-05 14:30 . 2011-01-17 11:09   197120   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-07-05 14:30 . 2011-01-17 05:47   161792   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2012-07-05 14:30 . 2011-04-29 03:06   467456   ----a-w-   c:\windows\system32\drivers\srv.sys
2012-07-05 14:30 . 2011-04-29 03:05   410112   ----a-w-   c:\windows\system32\drivers\srv2.sys
2012-07-05 14:30 . 2011-04-29 03:05   168448   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2012-07-05 14:30 . 2011-08-17 05:26   613888   ----a-w-   c:\windows\system32\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 05:25   108032   ----a-w-   c:\windows\system32\psisrndr.ax
2012-07-05 14:30 . 2011-08-17 04:24   465408   ----a-w-   c:\windows\SysWow64\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 04:19   75776   ----a-w-   c:\windows\SysWow64\psisrndr.ax
2012-07-05 14:30 . 2012-04-28 03:55   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-05 14:30 . 2011-12-28 03:59   498688   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-07-05 14:28 . 2011-02-23 04:55   90624   ----a-w-   c:\windows\system32\drivers\bowser.sys
2012-07-05 14:24 . 2012-07-05 14:24   --------   d--h--w-   c:\programdata\Common Files
2012-07-05 14:24 . 2012-07-19 16:45   --------   d-----w-   c:\programdata\MFAData
2012-07-05 14:20 . 2012-07-19 12:51   --------   d-----w-   c:\program files (x86)\Mozilla Maintenance Service
2012-06-29 19:49 . 2012-06-29 13:02   --------   d-----w-   c:\windows\Panther
2012-06-29 13:25 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-06-29 13:22 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-29 13:22 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-29 13:22 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-29 13:22 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-29 13:22 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-29 13:22 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-29 13:22 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-29 13:22 . 2012-06-02 13:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-29 13:22 . 2012-06-02 13:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-29 13:17 . 2012-06-29 13:17   --------   d-----w-   c:\program files (x86)\Common Files\Intel Corporation
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 18:59 . 2012-06-11 18:59   10248192   ----a-w-   c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35   70144   ----a-w-   c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29   24826368   ----a-w-   c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00   20467712   ----a-w-   c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25   163840   ----a-w-   c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24   924160   ----a-w-   c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23   1090560   ----a-w-   c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20   442368   ----a-w-   c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19   532992   ----a-w-   c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19   239616   ----a-w-   c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17   120320   ----a-w-   c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17   21504   ----a-w-   c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17   59392   ----a-w-   c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17   43520   ----a-w-   c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16   6301696   ----a-w-   c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01   6914560   ----a-w-   c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51   4246528   ----a-w-   c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45   51200   ----a-w-   c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45   46080   ----a-w-   c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45   5480448   ----a-w-   c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45   44544   ----a-w-   c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45   44032   ----a-w-   c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45   15703040   ----a-w-   c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43   4729344   ----a-w-   c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40   13277696   ----a-w-   c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36   6605824   ----a-w-   c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27   539136   ----a-w-   c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26   368640   ----a-w-   c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26   17920   ----a-w-   c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26   14848   ----a-w-   c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26   14848   ----a-w-   c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26   41984   ----a-w-   c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26   33280   ----a-w-   c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26   367616   ----a-w-   c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25   54784   ----a-w-   c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25   42496   ----a-w-   c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25   45056   ----a-w-   c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24   32768   ----a-w-   c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24   53248   ----a-w-   c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23   56320   ----a-w-   c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23   56320   ----a-w-   c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23   56832   ----a-w-   c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23   56832   ----a-w-   c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50   187392   ----a-w-   c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50   75264   ----a-w-   c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50   65024   ----a-w-   c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50   63488   ----a-w-   c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50   56320   ----a-w-   c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50   16457728   ----a-w-   c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49   13008896   ----a-w-   c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48   54784   ----a-w-   c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48   50176   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2012-05-31 10:25 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-05-10 14:35 . 2012-05-10 14:35   43520   ----a-w-   c:\windows\system32\kdbsdk64.dll
2012-05-10 14:35 . 2012-05-10 14:35   29184   ----a-w-   c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-07-16 296096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
c:\users\Proprietario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViewPower.lnk - c:\program files (x86)\ViewPower\ViewPower.exe [2012-7-5 116224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ServUpdater;Serv Updater;c:\users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R2 SoftwareUpd;Software Upd;c:\users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 se64a;EnTech softEngine;c:\windows\system32\Drivers\se64a.sys [2007-05-03 14032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PowerOffer Service;Pos Service;c:\users\Proprietario\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
S2 softOSD;softOSD;c:\program files (x86)\softOSD\softOSD.exe [2010-12-18 291384]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-07-20 34752]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 14:20]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000Core.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000UA.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 79.137.95.200 80.79.48.66
FF - ProfilePath - c:\users\Proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\1rzly8nm.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bca82793a-f805-4684-8df7-c391bb2ca180%7D&mid=7d8186d9f8b747d0b24e6d16b2dc55b3-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.12&lang=it&pr=fr&d=2012-07-05%2016%3A30%3A56&sap=ku&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-PosService - c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Proprietario\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\softLCP.exe
c:\progra~2\VIEWPO~1\TOMCAT~1.EXE
c:\program files (x86)\ViewPower\jre\bin\javaw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-20  12:05:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-07-20 10:05
.
Pre-Run: 128.389.734.400 byte disponibili
Post-Run: 128.437.555.200 byte disponibili
.
- - End Of File - - B3EA451E12EBF32230E6CD17E0A0D861
Reb04
Newbie
 
Post: 3
Iscritto il: 19/07/12 23:44

Re: log di HiJackThis, parere

Postdi FrancescoFDAC » 20/07/12 12:58

Ciao.
Continuiamo sull'altro Forum (ti ho già inserito lo script da eseguire).

Francesco
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "log di HiJackThis, parere":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3
HijackThis
Autore: franco58
Forum: Sistemi Operativi Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti