Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Potreste controllare il log log HijackThis? Opzioni
giancarlo52
Inviato: Tuesday, July 17, 2012 10:39:07 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Buona sera
da qualche giorno mi succede una cosa strana, e cioè ogni tanto mi appare sullo schermo la finestra di regolazione della taratura colori, contrasto, luminosità ecc. dello schermo che vengono modificate.
Non so se sia un problema dell'hardware oppure che ci sia qualche altra causa
questo è il log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:13, on 17/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Panero\Desktop\SICUREZZA E PULIZIA\AUP_Hijack\HiJackThis.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Avvio Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)
O9 - Extra 'Tools' menuitem: &Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F306FE-50D9-4524-9238-65DB22828230}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A86B6AB-3469-4BE5-93A3-2E17C73FCF98}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Panero\AppData\Local\PosService\Pos.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Panero\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UDKIP - Unknown owner - C:\Users\Panero\AppData\Local\Temp\UDKIP.exe (file missing)

--
End of file - 9595 bytes


ringrazio in anticipo per l'attenzione
Sponsor
Inviato: Tuesday, July 17, 2012 10:39:07 PM

 
giancarlo52
Inviato: Tuesday, July 17, 2012 11:19:42 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Aggiungo che talvolta il PC si disconnette anche se la linea è connessa
cbbusto
Inviato: Tuesday, July 17, 2012 11:40:32 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, hai il pc infetto da findeer che ti ha modificato gli indirizzi Ip e i DNS.

Prima cosa elimina questo programma seguendo il percorso, elimina tutto file e cartella:
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe.
Quando installi programmi non installare mai le toolbar, creano solo problemi.

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\6.0\iobitToolbarIE.dll

O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe

O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)

O9 - Extra 'Tools' menuitem: &Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{61F306FE-50D9-4524-9238-65DB22828230}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{6A86B6AB-3469-4BE5-93A3-2E17C73FCF98}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS2\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe

Installa Malwarebytes QUI lo aggiorni e poi fai una scansione COMPLETA non veloce, elimina quello che trova.
Fai una pulizia con Ccleaner compreso il registro.

Riavvia il pc in modalità provvisoria poi Start / Esegui / digiti;
sc delete ServUpdater\ServiceUpd.exe
e dai l'ok.
Poi vai nel percorso: C:\Users\Panero\AppData\Local\ServUpdater ed elimina l'eseguibile (ServiceUpd.exe)
Riavvia in mod. normale, fai sapere come va, se si ripete ancora la taratura dello shcermo potrebbe dipendere dalla scheda video, driver da aggiornare. Ciao

giancarlo52
Inviato: Wednesday, July 18, 2012 11:05:15 AM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Per prima cosa ti ringrazio
Ho fatto tutto
Ho però un dubbio
quando in modalità provvisoria faccio START non c'è nessun pulsante ESEGUI per cui ho scritto nel riquadro di rcerca
sc delete ServUddater\ServiceUpd.exe
epoi ho dato l'invio

non so se abbia preso il comando
poi ho fatto tutto come mi hai detto ma c'è una cosa strana, e cioè diverse righe del log che ho fissato se faccio rigirare HiJackThis appaiono nuovamente come puoi vedere:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:22, on 18/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Users\Panero\Desktop\SICUREZZA E PULIZIA\AUP_Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Avvio Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)
O9 - Extra 'Tools' menuitem: &Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F306FE-50D9-4524-9238-65DB22828230}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A86B6AB-3469-4BE5-93A3-2E17C73FCF98}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Panero\AppData\Local\PosService\Pos.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - Unknown owner - C:\Users\Panero\AppData\Local\ServUpdater\ServiceUpd.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UDKIP - Unknown owner - C:\Users\Panero\AppData\Local\Temp\UDKIP.exe (file missing)

--
End of file - 7716 bytes


Avrei ancora una domanda:
avev (spero di non avere più) il pc infetto da findeer che mi hai detto che ha modificato gli indirizzi ip e i DNS

mi piacerebbe sapere quali danni può aver fatto questa modifica

grazie


shapiro
Inviato: Wednesday, July 18, 2012 11:17:27 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


per start esegui su Windows 7 prova >>> tasto logo windows + R

per il resto segui cbbusto
giancarlo52
Inviato: Wednesday, July 18, 2012 11:31:30 AM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
fatto
grazie

ora mi rimane solo il problema delle righe del log che non sono sparite e la curiosità sui problemi che potrebbe aver provocato quel virus che spero di non avere più
cbbusto
Inviato: Wednesday, July 18, 2012 12:37:57 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, il log è a posto search finder non compare più.
Questo search findeer, un programmino che va a modificare i browser, creando non pochi problemi all’utente.
Sul browser viene modificata l’home page vengono cambiati gli indirizzi IP e vieni indirizzato altrove.

Le voci rimaste non sono un problema si tratta di toolbar e voci in avvio non necessarie.
Quello che devi cambiare sono gli indirizzi e i DNS perchè ti sono rimasti questi:
NameServer = 176.31.229.24,176.31.229.25 che sicuramente non hai messo tu.
Poi ti spiego come fare, ora mi devo assentare, intanto controlla le proprietà del protocollo internet 4 (TCP/IP) che DNS hai.
giancarlo52
Inviato: Wednesday, July 18, 2012 12:59:52 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Ecco i dati che mi hai chiesto:

Proprietà
Protocollo Internet Versione 4 (TCP/IPv4)

Server DNS preferito: 176.31.229.24
Server DNS alternativo: 176.31.229.25

grazie
cbbusto
Inviato: Wednesday, July 18, 2012 2:32:41 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Sicuramente non li hai messi tu, portano ad un sito francese, questo l'indirizzo:

http://www.ovh.com
country: FR
admin-c: OK217-RIPE
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France

Sostituiscili con quelli di google che sono molto veloci:

Server DNS Preferito: 8.8.8.8
Server DNS alternativo: 8.8.4.4

Se usi Alice puoi mettere anche quelli di Telecom validi anch'essi:
Server DNS Preferito: 85.37.17.15
Server DNS alternativo: 85.38.28.74

In alto lascia spuntata la voce: Ottieni automaticamente un indirizzo IP.
Ora dovresti essere a posto, dimmi come va il pc. Ciao
giancarlo52
Inviato: Wednesday, July 18, 2012 3:05:54 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Ho inserito i dati google che mi hai indicato
avrei anche voluto inserire i dati di Alice ma non so dove metterli
ho di nuovo lanciato HiJackThis e come puoi vedere appaiono i dati che ho inserito ma ci sono ancora 3 righe con i dati del server da eliminare, e fissando non si eliminano

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:59, on 18/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\StikyNot.exe
C:\Users\Panero\Desktop\SICUREZZA E PULIZIA\AUP_Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Avvio Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)
O9 - Extra 'Tools' menuitem: &Easy Web Cam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{61F306FE-50D9-4524-9238-65DB22828230}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A86B6AB-3469-4BE5-93A3-2E17C73FCF98}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Panero\AppData\Local\PosService\Pos.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - Unknown owner - C:\Users\Panero\AppData\Local\ServUpdater\ServiceUpd.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UDKIP - Unknown owner - C:\Users\Panero\AppData\Local\Temp\UDKIP.exe (file missing)

--
End of file - 7911 bytes
cbbusto
Inviato: Wednesday, July 18, 2012 3:44:14 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Se hai cancellato i vecchi DNS e sostituiti con quelli di Google non ci dovrebbero essere, nella stessa finestra vai su avanzate/scheda DNS e controlla cosa c'è, se li trovi li clicca su rimuovi.
I DNS di Alice li devi mettere al posto di quelli di Google.
Controlla che la pagina principale del browser non sia modificata, poi controlla, sempre nel browser Strumenti/
Componenti aggiuntivi che non ci sia qualche Estensione o Plugin che non c'entrano.
Per le voci nel log potresti provare a lanciare HJT in provvisoria fixare le voci e clic su Fix checked, dovrebbero eliminarsi, ma se rimangono non è un problema.
Piuttosto non hai eliminato (ServUpdater) devi seguire questo percorso:
C:\Users\Panero\AppData\Local\ cerca ServUpdater\ServiceUpd.exe ed limina tutti i file inerenti a quelle voci ed anche eventuali cartelle.
giancarlo52
Inviato: Wednesday, July 18, 2012 5:03:31 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Ho lanciato HJT in modalità provvisoria ed ho eliminato le righe che in modalità normale non si potevano eliminare
sono entrato in C:\Users\Panero\AppData\Local\ServUpdater
ed ho eliminato la cartella
ma il log di JTS alla riga 23 me lo indica e non riesco a cancellare la riga neppure in modalità provvisoria
Per quanto riguarda la pagina principale del browser mi sembra a posto, ma non sono sicurssimo in quanto non so cosa potrebeb essere modificato
ti allego l'ultimo log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:56:24, on 18/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Panero\Desktop\SICUREZZA E PULIZIA\AUP_Hijack\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Avvio Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Ricerca rapida.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.samsungsetup.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D2479DD-12F6-483C-839F-42BD4E8CED14}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Panero\AppData\Local\PosService\Pos.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - Unknown owner - C:\Users\Panero\AppData\Local\ServUpdater\ServiceUpd.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UDKIP - Unknown owner - C:\Users\Panero\AppData\Local\Temp\UDKIP.exe (file missing)

--
End of file - 6381 bytes



ciao
cbbusto
Inviato: Wednesday, July 18, 2012 5:30:07 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Va bene così non ti preoccupare è tutto a posto. Ciao
giancarlo52
Inviato: Wednesday, July 18, 2012 5:31:36 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Non posso fare altro che ringraziarti nuovamente
Ciao e buona giornata
cbbusto
Inviato: Wednesday, July 18, 2012 6:36:12 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
giancarlo52 ha scritto:
Non posso fare altro che ringraziarti nuovamente
Ciao e buona giornata


Un saluto anche a te. Speak to the hand
giancarlo52
Inviato: Friday, July 20, 2012 10:39:02 AM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Ringraziando nuovamente per l'aiuto ne approfitto per sottoporre il log del PC portatile, mi sembra un pò rallentato anche se per ora non mi da alcun problema, però mi piacerebbe sapere se c'è qualcosa da eliminare:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.18.42, on 19/07/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\hijackyhis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Controllo/blocco dispositivi HP ProtectTools (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9018 bytes



cbbusto
Inviato: Friday, July 20, 2012 5:12:05 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il log è a posto, se vuoi eliminare voci inutili ci sarebbe la toolbar di avast, a proposito di antivirus, sicuro di avere Avast aggiornato ? l'ultima è la Release 7.0.1456, controlla.
Poi ci sono un sacco di voci in avvio inutili, causa anche di rallentamenti, se vuoi eliminarle sono queste:

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\hp\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

Poi una pulizia con Ccleaner compreso il Registro, tieni deframmentato il disco, ottimo sw è QUESTO.
Ciao
giancarlo52
Inviato: Friday, July 20, 2012 6:51:18 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Tutto fatto
ora sto deframmentando con Auslogic Defrag
ciao e grazie ancora
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.