Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

search.findeer e controllo log hijackthis & Combofix Opzioni
douxnoir89
Inviato: Monday, September 17, 2012 11:47:24 AM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
Buongiorno a tutti,

Potreste aiutarmi?Ho il seguente virus "search.findeer.com",che non so come eliminare ed inoltre il mio pc fa cose stranissime,uso firefox ma all'improvviso mi si apre la finestra di windows internet explorer che carica in eterno senza aprire mai nessuna pagina.

Ho eseguito hijackthis e combofix,potreste controllarmeli?Vi ringrazio anticipatamente!

Log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.40.29, on 17/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Launch Manager\dsiwmis.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Acer\Acer VCM\RS_Service.exe
C:\Programmi\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Acer\Acer Updater\UpdaterService.exe
C:\Programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\genny\Documenti\Download\HiJackThis.exe
C:\Programmi\Avira\AntiVir Desktop\avwsc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" //mailurl:mailto:clienti@lafeltrinelli.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SuiteTray] "C:\Programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5BEDF46-B548-4818-9AB9-A9AA7EE8A689}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA6165B8-D1BA-47B7-A0DA-3CFBF706648B}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E62FD402-A5B6-457C-BFE7-E24296D31DC4}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Programmi\Launch Manager\dsiwmis.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\genny\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Programmi\Acer\Acer VCM\RS_Service.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\genny\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Programmi\Spyware Terminator\st_rsser.exe
O23 - Service: Updater Service - Acer Group - C:\Programmi\Acer\Acer Updater\UpdaterService.exe

--
End of file - 8914 bytes




Log di Combofix:

ComboFix 12-09-16.01 - genny 17/09/2012 11.23.16.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1013.619 [GMT 2:00]
Eseguito da: c:\documents and settings\genny\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {0012F2B4-5C49-7C92-0300-000100000000}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-17 al 2012-09-17 )))))))))))))))))))))))))))))))))))
.
.
2012-09-09 08:06 . 2012-09-10 07:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2012-09-09 08:06 . 2012-09-09 08:08 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2012-09-04 11:37 . 2012-09-04 11:37 -------- d-----w- c:\programmi\UltraCleaner
2012-09-04 10:35 . 2012-09-05 06:27 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\ServUpdater
2012-09-04 10:35 . 2012-09-04 11:37 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\PowerOffer
2012-09-04 10:35 . 2012-09-04 11:37 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\PosService
2012-09-03 12:45 . 2012-09-03 12:45 -------- d-----w- c:\documents and settings\genny\Dati applicazioni\Avira
2012-09-03 12:38 . 2012-06-05 22:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-03 12:38 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-03 12:38 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-03 12:38 . 2012-09-03 12:38 -------- d-----w- c:\programmi\Avira
2012-09-03 12:38 . 2012-09-03 12:38 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2012-09-02 19:23 . 2012-09-02 19:24 -------- d-----w- c:\documents and settings\Administrator
2012-08-31 08:06 . 2012-08-31 08:07 -------- d-----w- c:\programmi\eMule AdunanzA
2012-08-31 08:06 . 2012-08-31 08:06 -------- d-----w- c:\documents and settings\genny\Dati applicazioni\eMule AdunanzA
2012-08-25 11:27 . 2012-08-25 11:27 -------- d-----w- c:\programmi\CCleaner
2012-08-24 12:10 . 2012-08-24 12:10 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\Sun
2012-08-24 11:22 . 2012-08-24 11:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-24 07:52 . 2012-08-24 07:52 -------- d-----w- c:\programmi\File comuni\Java
2012-08-24 07:50 . 2012-08-24 07:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2011-10-02 08:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 12:32 . 2012-03-29 09:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 12:32 . 2011-10-01 18:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 07:49 . 2012-07-10 20:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 07:49 . 2012-07-10 20:48 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 07:49 . 2011-10-01 19:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-16 06:56 . 2012-08-16 06:55 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-06 13:59 . 2010-06-23 00:42 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-22 15:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2010-06-23 00:42 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:39 . 2010-06-23 00:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2010-06-23 00:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2010-06-23 00:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2010-06-23 00:42 385024 ----a-w- c:\windows\system32\html.iec
2012-09-07 19:39 . 2012-09-07 19:39 266720 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-02_19.50.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-17 07:07 . 2012-09-17 07:07 16384 c:\windows\temp\Perflib_Perfdata_2cc.dat
+ 2012-09-03 12:38 . 2010-06-17 13:14 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2011-12-23 14:08 . 2010-06-17 14:14 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2012-08-24 07:45 . 2012-08-24 07:45 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-08-24 07:45 . 2012-09-04 12:32 690888 c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
- 2012-03-29 09:23 . 2012-08-24 07:45 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-03-29 09:23 . 2012-09-04 12:32 250568 c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-05-05 20:27 . 2012-05-05 20:27 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
+ 2012-09-04 12:43 . 2012-09-04 12:43 371272 c:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
- 2012-08-24 07:45 . 2012-08-24 07:45 9813704 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-08-24 07:45 . 2012-09-04 12:32 9813704 c:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-09-04 12:43 . 2012-09-04 12:43 1648640 c:\windows\Installer\13ae4d8.msi
+ 2011-10-04 13:39 . 2012-09-12 12:23 62164608 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Advanced SystemCare 5"="c:\programmi\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"SuiteTray"="c:\programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acer VCM.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2009-12-11 05:59 59936 ----a-w- c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2009-12-24 16:45 401192 ----a-w- c:\programmi\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2009-12-24 16:44 201512 ----a-w- c:\programmi\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-11-16 14:56 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03 186904 ----a-w- c:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-04-08 04:18 908368 ----a-w- c:\programmi\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-02-01 10:08 337264 ----a-w- c:\programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [06/05/2012 13.17.12 14776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [03/09/2012 14.38.18 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16/08/2012 8.55.23 242240]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [22/12/2011 12.24.10 32768]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\programmi\IObit\Advanced SystemCare 5\ASCService.exe [06/05/2012 13.16.40 497496]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [03/09/2012 14.38.23 86224]
R2 DsiWMIService;Dritek WMI Service;c:\programmi\Launch Manager\dsiwmis.exe [23/06/2010 2.43.20 312400]
R2 IMFservice;IMF Service;c:\programmi\IObit\IObit Malware Fighter\IMFsrv.exe [06/05/2012 13.16.45 821592]
R2 RS_Service;Raw Socket Service;c:\programmi\Acer\Acer VCM\RS_Service.exe [22/06/2010 18.59.55 260640]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programmi\Spyware Terminator\st_rsser.exe [22/12/2011 12.23.57 482992]
R2 Updater Service;Updater Service;c:\programmi\Acer\Acer Updater\UpdaterService.exe [22/06/2010 18.37.00 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [22/04/2010 6.16.55 60456]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/10/2011 19.34.44 135664]
S2 PowerOffer Service;Pos Service;c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [04/09/2012 12.35.01 164352]
S2 ServUpdater;Serv Updater;c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [04/09/2012 12.35.01 156160]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13.33.30 3064000]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [13/07/2012 13.28.36 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 11.23.56 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2010 18.18.40 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [22/06/2010 18.20.22 108752]
S3 FileMonitor;FileMonitor;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [15/05/2012 9.49.28 246816]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [01/10/2011 19.34.44 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 15.08.20 114144]
S3 RegFilter;RegFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [15/05/2012 9.49.28 30368]
S3 UrlFilter;UrlFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [15/05/2012 9.49.28 16208]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:32]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-01 17:34]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-01 17:34]
.
2012-09-17 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2012-05-06 12:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
mStart Page = hxxp://search.findeer.com
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe" //mailurl:mailto:clienti@lafeltrinelli.it
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{C5BEDF46-B548-4818-9AB9-A9AA7EE8A689}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{DA6165B8-D1BA-47B7-A0DA-3CFBF706648B}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{E62FD402-A5B6-457C-BFE7-E24296D31DC4}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\genny\Dati applicazioni\Mozilla\Firefox\Profiles\4gdd7y0u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Cerca...
FF - prefs.js: browser.startup.homepage - hxxp://www.pointshop.it/ep_startpage.asp?do=sp&userid=12160748&tjecksum=21937989392&email=genny.carrano@libero.it&doAutoLogin=true
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTab - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 3a92317800000000000088ae1d1a89df
FF - user.js: extensions.softonic_i.instlDay - 15406
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.512:59
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - it12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00080
FF - user.js: extensions.softonic_i.dfltLng - it
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 11:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\13\0a\03»"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1316)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-09-17 11:39:16
ComboFix-quarantined-files.txt 2012-09-17 09:39
ComboFix2.txt 2012-09-08 12:30
ComboFix3.txt 2012-09-02 20:29
ComboFix4.txt 2012-09-02 19:52
.
Pre-Run: 22.553.755.648 byte disponibili
Post-Run: 22.542.884.864 byte disponibili
.
- - End Of File - - 87A67ADB521704ED635397EE4453CF64
Sponsor
Inviato: Monday, September 17, 2012 11:47:24 AM

 
fernando78
Inviato: Monday, September 17, 2012 2:07:16 PM

Rank: Member

Iscritto dal : 9/11/2012
Posts: 26
ciao ,

autodidatta ? solo un semplice consiglio
quando si tratta di virus , si cerca sempre di salvare il salvabile per prima cosa
e poi usare con metodo i soft che ti potrà consigliare un esperto

comunque , vado un pò di fretta, sai il lavoro :(

1. E' necessario reimpostare Internet Explorer.

Esegui il "Fix it" indicato nell'articolo della Microsoft Knowledge Base sopra indicato.

Se hai problemi con l'esecuzione del "Fix it" reimposta Internet Explorer manualmente:
1 - Opzioni Internet.
2 - Fare clic sulla scheda Avanzate.
3 - Nella finestra di dialogo Reimposta Internet Explorer, fare clic su Reimposta, quindi di nuovo su Reimposta.
4 - Una volta completato il ripristino delle impostazioni predefinite di Internet Explorer, fare clic su Chiudi nella finestra di dialogo Reimposta Internet Explorer.

2. Il computer è infettato da malware, come devo procedere?
Segui alla lettera le prime 4 istruzioni nel istruzioni nel post, nell'esatto ordine in cui sono scritte.




ps , l'mmagine del disco è il miglior modo per risolvere i problemi che nascono con l'uso del computer
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.