Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate il log hijackthis per un virus searchnu 406 pls? Opzioni
mailab
Inviato: Tuesday, June 26, 2012 11:18:09 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
Ciao,da ieri dopo aver scaricato un programma come pagina iniziale di chrome mi si apre sempre questo http://www.searchnu.com/406 ;se apro con explorer non succede...ma comunque....ho seguito le indicazioni per la scansione con hijackthis :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:59:08, on 26/06/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16968)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\MAILA\AppData\Roaming\cacaoweb\cacaoweb.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/11
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe
O4 - HKCU\..\Run: [cacaoweb] "C:\Users\MAILA\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MAILA\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Device Detection] C:\Program Files\PhotoSi\MyComposer\dd.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--
End of file - 10012 bytes





che devo fare ora?come antivirus ho il NOD...grazie in anticipo a chi mi aiuterà!
Sponsor
Inviato: Tuesday, June 26, 2012 11:18:09 PM

 
shapiro
Inviato: Wednesday, June 27, 2012 12:46:03 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao Mailab prova a rimuovere mozilla da pannello di controllo

fai pulizia con ccleaner



durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

Installa la nuova versione di Mozilla scaricalo da qui

fai anche una scansione con malwarebytes

1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum

mailab
Inviato: Wednesday, June 27, 2012 1:19:44 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
ciao!grazie della risposta,non sapevo nemmeno di avere mozilla fai te....ora malwarebytes sta giusto finendo la scansione completa...
mailab
Inviato: Wednesday, June 27, 2012 1:22:05 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
l'avevo scaricato in attesa che rispondesse qualcuno...quindi dovrò fare con ccleaner nell'ordine inverso a quello che mi hai detto te?
shapiro
Inviato: Wednesday, June 27, 2012 2:10:34 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

finita la scansione pulisci il sistema con ccleaner poi installa mozilla che hai scaricato e vedi se si ripresenta il problema
mailab
Inviato: Wednesday, June 27, 2012 2:15:11 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35

LA Scansione ha dato questo...non ho cancellato nulla per ora....




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Versione database: v2012.06.27.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
MAILA :: MAILA-PC [amministratore]

27/06/2012 13:01:53
mbam-log-2012-06-27 (14-12-26).txt

Tipo di scansione: Scansione completa
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 341524
Tempo impiegato: 1 ore, 9 minuti, 34 secondi

Processi rilevati in memoria: 1
C:\Users\MAILA\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> 3668 -> Nessuna azione intrapresa.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Nessuna azione intrapresa.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Nessuna azione intrapresa.

Valori di registro rilevati: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cacaoweb (Trojan.Agent) -> Dati: "C:\Users\MAILA\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer -> Nessuna azione intrapresa.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 14
C:\Users\MAILA\AppData\Roaming\cacaoweb\cacaoweb.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew2e3af3.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew5c8ae5.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew5e1dcd.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew747499.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew843b01.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew93de02.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonew952d0e.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonewab9b4e.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonewb09b7c.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonewe45891.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\AppData\Local\Temp\cacaonewff07d6.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Users\MAILA\Desktop\cacaoweb.exe (Trojan.Agent) -> Nessuna azione intrapresa.
C:\Windows\CSC\v2.0.6\namespace\PC-CASA\Public\bimwzx.exe (Heuristics.Shuriken) -> Nessuna azione intrapresa.

(fine)
mailab
Inviato: Wednesday, June 27, 2012 2:17:18 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
oks cancello sta roba e poi ccleaner...
shapiro
Inviato: Wednesday, June 27, 2012 2:19:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


Evidenzia gli elementi trovati da malwarebyts e premi "Rimuovi elementi selezionati".
Hai reinstallato mozilla?
mailab
Inviato: Wednesday, June 27, 2012 2:24:35 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
SIIIII!!!! fatto ! sparita quella pagina iniziale del cavolo!!!grazie mille!!!
shapiro
Inviato: Wednesday, June 27, 2012 2:27:42 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
milab avevi installato anche un programma poco sicuro questo ti consiglierei di eseguire anche combofix per sicurezza ora ti lascio la procedura

scaricalo da qui
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
mailab
Inviato: Wednesday, June 27, 2012 5:06:07 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
eccomi,ci ho messo un po' perchè non sapevo di dover disattivare prima il mio antivirus....allora il rapporto è questo:
ComboFix 12-06-26.02 - MAILA 27/06/2012 16:52:17.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.39.1040.18.2935.1931 [GMT 2:00]
Eseguito da: c:\users\MAILA\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MAILA\AppData\Local\Temp\{DC2C6BC6-CB7E-4082-9F0A-584B082A29B0}\fpb.tmp
c:\users\MAILA\AppData\Roaming\cacaoweb
c:\users\MAILA\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating03FA1C03705D7223751F68797D3640DF.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating128E9579715746CDE78CC395F014240C.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating2B9FF954C1B9E036AD5290CBAF430360.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating6C8B96EE684A06C328A8A30F3D904EC4.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating756456CD6E364D2F830D902FC8F3E047.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating79FEC84C74430CCBC61FA495F9F01637.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating7D88C3FEAD1E3771EF59A5A8F72BA08A.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating90C9BBDEF79B2F5925C220747BE973C7.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicating9A4C079EA33EBAD790D9FAB18C85494E.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicatingABB7A0C914E8FCC00CEE06259D3EB52C.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicatingBADDBF40C8CB8B6FAE9F982FC2447580.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicatingCA416D327439A974DD8DEF47073E929C.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\replicatingDF66EA349F5678C18D5F26765A5C7B64.cacao
c:\users\MAILA\AppData\Roaming\cacaoweb\storage.db
c:\users\MAILA\AppData\Roaming\OfferBox
c:\users\MAILA\AppData\Roaming\OfferBox\config.xml
c:\users\MAILA\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe
c:\users\MAILA\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db
c:\users\MAILA\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe
c:\users\MAILA\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe
c:\users\MAILA\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml
c:\users\Public\sdelevURL.tmp
c:\windows\system32\drivers\npf.sys
.
.
((((((((((((((((((((((((( Files Creati Da 2012-05-27 al 2012-06-27 )))))))))))))))))))))))))))))))))))
.
.
2012-06-27 14:56 . 2012-06-27 14:57 -------- d-----w- c:\users\MAILA\AppData\Local\temp
2012-06-27 11:36 . 2012-06-27 11:36 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-27 10:59 . 2012-06-27 10:59 -------- d-----w- c:\users\MAILA\AppData\Roaming\Malwarebytes
2012-06-27 10:59 . 2012-06-27 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-27 10:59 . 2012-06-27 10:59 -------- d-----w- c:\programdata\Malwarebytes
2012-06-27 10:59 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 10:52 . 2012-06-27 10:52 -------- d-----w- c:\users\MAILA\AppData\Local\Ilivid Player
2012-06-26 20:48 . 2012-06-26 20:48 388096 ----a-r- c:\users\MAILA\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-26 20:48 . 2012-06-26 20:48 -------- d-----w- c:\program files\Trend Micro
2012-06-26 20:36 . 2012-03-30 10:29 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-26 20:36 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-26 20:35 . 2012-04-02 04:40 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-26 20:35 . 2012-04-02 04:41 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-26 20:35 . 2012-04-02 04:40 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-26 20:35 . 2012-04-02 04:40 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-26 20:35 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-26 20:35 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-26 20:35 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-26 20:33 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-26 20:33 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-26 20:32 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-26 20:32 . 2012-03-17 07:20 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-26 20:32 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-26 20:32 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-26 20:32 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-26 20:32 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-26 20:31 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-06-26 20:31 . 2012-03-03 05:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-06-26 20:31 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-06-26 20:31 . 2012-03-03 05:40 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-26 20:30 . 2012-03-03 05:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-26 20:05 . 2012-06-26 20:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-26 20:05 . 2012-06-26 20:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-26 14:21 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76816FC7-1FD9-49AD-B92B-CCD433B30AEE}\mpengine.dll
2012-06-23 17:15 . 2012-06-23 17:15 -------- d-----w- c:\programdata\boost_interprocess
2012-06-22 10:07 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 10:07 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 10:07 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 10:07 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 10:07 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 10:07 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 10:07 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 10:07 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 10:07 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-15 18:05 . 2012-06-26 22:07 -------- d-----w- c:\users\MAILA\AppData\Roaming\vlc
2012-06-15 18:02 . 2012-06-15 18:02 -------- d-----w- c:\program files\VideoLAN
2012-06-12 15:57 . 2012-06-12 15:57 -------- d-----w- c:\program files\Microsoft SDKs
2012-06-12 15:41 . 2012-06-12 15:41 -------- d-----w- C:\Hauppauge
2012-06-12 15:34 . 2001-01-12 09:02 53248 ----a-w- c:\windows\system32\MDCustomPanels.ocx
2012-06-12 15:34 . 2000-07-14 21:00 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-06-12 15:34 . 1999-05-06 21:00 244232 ----a-w- c:\windows\system32\MsFlxGrd.ocx
2012-06-12 15:34 . 1998-06-25 21:00 89600 ----a-w- c:\windows\system32\MSCAL.OCX
2012-06-12 15:34 . 2002-12-27 10:33 65536 ----a-w- c:\windows\system32\dmcrypto.dll
2012-06-12 15:34 . 1998-06-18 09:33 598288 ----a-w- c:\windows\system32\temp.011
2012-06-12 15:34 . 1998-06-18 09:33 164112 ----a-w- c:\windows\system32\temp.012
2012-06-12 15:34 . 1998-06-18 09:32 147728 ----a-w- c:\windows\system32\temp.013
2012-06-12 15:34 . 1998-06-16 22:13 17920 ----a-w- c:\windows\system32\temp.014
2012-06-12 15:33 . 2012-06-12 15:42 -------- d-----w- c:\program files\WinTV
2012-06-12 15:33 . 2000-03-07 14:22 278581 ----a-w- c:\windows\system32\temp.00F
2012-06-12 15:33 . 2000-02-11 15:58 995383 ----a-w- c:\windows\system32\temp.010
2012-06-12 15:33 . 1998-06-25 00:43 1409024 ----a-w- c:\windows\system32\temp.015
2012-06-12 15:33 . 1998-06-16 18:45 77878 ----a-w- c:\windows\system32\temp.00E
2012-06-12 15:33 . 1998-05-31 14:06 22288 ----a-w- c:\windows\system32\temp.016
2012-06-12 15:32 . 2012-06-12 15:32 -------- d-----w- C:\hcw21nova-t
2012-06-05 09:17 . 2012-06-05 09:17 -------- d-----w- c:\programdata\Microsoft Help
2012-06-05 09:17 . 2012-06-05 09:17 -------- d-----w- c:\users\MAILA\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\MAILA\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-19 137536]
"eMuleAutoStart"="c:\program files\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-07 1602856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-06 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-08 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-08 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-08 170008]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-11-29 5249024]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2219184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-3-21 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 20:05]
.
2012-06-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2719283518-2909302424-3632810199-1000Core.job
- c:\users\MAILA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-19 23:06]
.
2012-06-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2719283518-2909302424-3632810199-1000UA.job
- c:\users\MAILA\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-19 23:06]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 16:06]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-16 16:06]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719283518-2909302424-3632810199-1000Core.job
- c:\users\MAILA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 21:22]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2719283518-2909302424-3632810199-1000UA.job
- c:\users\MAILA\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 21:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-Device Detection - c:\program files\PhotoSi\MyComposer\dd.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2719283518-2909302424-3632810199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (S-1-5-21-2719283518-2909302424-3632810199-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-2719283518-2909302424-3632810199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (S-1-5-21-2719283518-2909302424-3632810199-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-2719283518-2909302424-3632810199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (S-1-5-21-2719283518-2909302424-3632810199-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-2719283518-2909302424-3632810199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2719283518-2909302424-3632810199-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-2719283518-2909302424-3632810199-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{27FEB862-BA8D-472A-4B8A-06832EDC2EAF}*]
"hahpoebiiegcnele"=hex:6a,61,63,69,70,65,62,67,65,64,6e,6d,68,63,6e,6c,64,69,
67,70,00,00
"ianoiefahcolfeijgo"=hex:6a,61,63,69,70,65,62,67,65,64,6e,6d,68,63,6e,6c,64,69,
67,70,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5856)
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
c:\program files\Dell\DW WLAN Card\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Ora fine scansione: 2012-06-27 17:01:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-06-27 15:01
.
Pre-Run: 190.114.467.840 byte disponibili
Post-Run: 203.171.323.904 byte disponibili
.
- - End Of File - - DF30AEDE7A31CDF7570EF26D59E8D227
mailab
Inviato: Wednesday, June 27, 2012 5:08:25 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
spero vada bene ora....insomma sto programma di cacaoweb una porcheria....grazie per l'aiuto !!davvero!
shapiro
Inviato: Wednesday, June 27, 2012 10:23:19 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mailab hai dei rimasugli di rootkit e qualcossa di sospetto, prima di fartelo eliminare vorrei che usassi un sistema automatico della Microsoft integrato nel S.O.

da start/esegui scrivi mrt e dai ok, acconsenti all'aggiornamento se te lo chiede e avvia la scansione completa

occhio a cio' che trova, semmai prendi nota
mailab
Inviato: Wednesday, June 27, 2012 10:28:27 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
oks!fatta partire la scansione completa!!appena finisce scrivo qua...sono l'unica che non si guarda il calcio stasera tipo...
shapiro
Inviato: Wednesday, June 27, 2012 10:32:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
sono l'unica che non si guarda il calcio stasera tipo...


nemmeno io lo guardo e lo faccio per loro

http://www.oipa.org/italia/maltrattamenti/appelli/ucraina_petizione.html
mailab
Inviato: Wednesday, June 27, 2012 10:36:30 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
idem. :(
mailab
Inviato: Wednesday, June 27, 2012 10:52:23 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
comunque anche dopo aver reinstallato chrome continua ad aprirmisi come pagina iniziale searchnu 406...con explorer no...
shapiro
Inviato: Wednesday, June 27, 2012 10:55:52 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

rimuovi chrome appesantisce soltanto
mailab
Inviato: Wednesday, June 27, 2012 11:02:26 PM

Rank: AiutAmico

Iscritto dal : 6/26/2012
Posts: 35
done
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.