Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi potreste gentilmente controllare il LOG di hijack?

3 pages: [1] 2 3
Mi potreste gentilmente controllare il LOG di hijack? Opzioni
Topic Precedente · Topic Sucessivo
urubu
Inviato: Sunday, December 05, 2010 2:25:05 AM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Salve, sono emozionato... questo è il mio primo post sul forum di Aiutamici! Premetto che io e l'informatica siamo come Papa Benedetto ed il centro di Amsterdam, detto questo cerco di spiegare il problema che ho:
Ho un portatile Hp Pavillion, direi che è abbastanza pieno (70 giga su 140 occupati) di foto (chi ha un bambino piccolo potrà comprendere Anxious )
Il problema essenzialemente è che la ventola continua ad andare e si scalda parecchio. Facendo un controllo sulla gestione delle attività mi indica che l'utilizzo della memoria è sempre intorno al 7-800 MB, spesso anche sul giga, quindi sono sempre a 50% dell'utilizzo. Dando un'occhiata ai processi non c'è nulla di rilevante tranne forse che ho 17 svchost.exe.
Premetto che utilizzo avira come antivirus affiancato da Comodo come firewall (windows defender disattivato), navigo con Firefox ed il sistema operativo è Vista (che aggiorno manualmente 1 volta al mese).
Ho fatto una scansione con Hijack, mi controllate il LOG e mi spiegate cos'ho di sbagliato?
P.s. con parole semplici per favore Pray
Vi ringrazio fin d'ora.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.10.45, on 05/12/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9398 bytes
Torna in alto
 
Sponsor
Inviato: Sunday, December 05, 2010 2:25:05 AM

 
Torna in alto
 
r16
Inviato: Sunday, December 05, 2010 11:20:06 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Ci sono alcune cose da sistemare.

Disattiva il Tea Timer di Spybot così: (non serve)
Apri SpyBot in modalità avanzata (menù modalità - avanzata) poi vai in utilità - resident e togli la spunta a TeaTimer, e riavvia il pc.

Disistalla ClamWin. (non serve)

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Vai in c:\windows\prefetch.
Cancella tutti i file (anche la cartella readyboot,che verrà ricreata) meno il file layout.ini.

Importante:
Installa il SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d&displayLang=it

Disistalla HijackThis, e installa questa versione:
http://www.aiutamici.com/software?ID=11175

Posta un nuovo log di HijackThis.
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 2:28:35 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Bene, eccomi qui dopo aver svolto tutti i compiti che mi hai dato!

il LOG di hijack è il seguente:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.21.53, on 05/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8859 bytes

Però devo dire che adesso l'utilizzo della memoria è a 1,29 giga Think non sarebbe dovuta scendere un po'? I processi svchost continuano ad essere parecchi, è normale?

Attendo il responso trepidante, nella speranza che tu non mi dica: "Passa a Win7 e hasta la Vista!" Drool


Torna in alto
 
r16
Inviato: Sunday, December 05, 2010 2:48:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Bene, eccomi qui dopo aver svolto tutti i compiti che mi hai dato!

Non mi risulta.
Non hai disattivato il Tea Timer di SpyBot.
A mio parere, potresti benissimo disistallare completamente anche SpyBOT.
E se vogliamo dirla tutta, siccome penso sia un problema di conflitto di programmi, direi di disistallare pure Comodo. (fra l'altro, mi risulta anche il Firewall di Windows attivo)
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 3:13:10 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Hai ragione, quando ho fatto la scansione con Hijack il TeaTimer di Spybot si era rispuntato... probabilmente dopo tutti i riavvii si era rispuntato da solo. COMUNQUE! Ho eliminato Comodo e pure Spybot, li avevo installati perché la moglie accettava allegramente qualunque minchiata le proponessero su Facebook ed avevo paura che in mia assenza installasse problemi. Ora però le ho spiegato i vari rischi e lei sta molto più attenta quindi non mi occorrono più livelli di sicurezza da paranoia. Nell'ultimo anno Avira mi ha segnalato 2 problemi solo su dei file che scaricavo da Torrent (su cartoni animati per bambini!!!) e null'altro, quindi credo di essere abbastanza tranquillo.
Ho rifatto il LOG, e te lo riposto, vediamo se ora va meglio...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.05.57, on 05/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F995905-16E1-47AC-A951-940B4B6D17F3}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8211 bytes

Ancora grazie mille per l'enorme pazienza... Pray
Torna in alto
 
r16
Inviato: Sunday, December 05, 2010 3:19:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Comodo mi risulta ancora installato:
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

Elimina anche questo servizio:
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
Elimina anche la cartella in rosso:
C:\Program Files\WinPcap\rpcapd.exe

Ma ci sono Miglioramenti, oppure è tutto come prima.
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 3:26:50 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Dunque, fatto tutto, sono pure andato a cercare sulle installazioni se comodo c'era ancora ma non c'è... Da Start lo trovo ancora ma quando cerca di fare disinstalla mi dice che si può fare solo sui prodotti correttamente installati. Ho eliminato la riga su Hijack ed ho pure eliminato il file .exe che mi hai detto sulla cartella WinPcap (comunque c'era pure il file uninstall sulla stessa cartella).
Da un controllo sulla gestione attività non è cambiato nulla: memoria fisica al 49% e processi 73 come prima...
Rifaccio la scansione con Hijack?
Torna in alto
 
r16
Inviato: Sunday, December 05, 2010 3:30:17 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No.
Segui attentamente queste istruzioni:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 6:35:44 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Problemino... sono riuscito a fare il tutto, solo che ora quando tento di accedere a Firefox, Explorer o WIndows Live Mail mi esce la scritta " E' stata tentata una operazione non consentita su una chiave di Registro di sistema segnata per l'eliminazione"
Sto usando un netbook diverso per scrivere... Avira e Skype sembrano funzionare.
Questo il LOG di Combo

ComboFix 10-12-04.01 - Marco 05/12/2010 15.41.34.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1193 [GMT 1:00]
Eseguito da: c:\users\Marco\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Marco\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-11-05 al 2010-12-05 )))))))))))))))))))))))))))))))))))
.

2010-12-05 15:00 . 2010-12-05 15:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\ca-ES
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\eu-ES
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\vi-VN
2010-12-05 12:52 . 2010-12-05 12:52 -------- d-----w- c:\windows\system32\SPReview
2010-12-05 12:25 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-12-05 12:24 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-12-05 12:17 . 2009-04-10 22:28 595456 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-05 12:16 . 2009-04-10 22:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-12-05 12:15 . 2009-04-10 22:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-12-05 12:14 . 2009-04-10 22:28 99840 ----a-w- c:\windows\system32\ulib.dll
2010-12-05 12:07 . 2010-12-05 12:07 -------- d-----w- c:\windows\system32\EventProviders
2010-12-05 10:53 . 2010-12-05 10:53 388096 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-05 10:50 . 2010-12-05 10:50 -------- d-----w- c:\program files\CCleaner
2010-12-05 00:45 . 2010-12-05 10:35 -------- d-----w- c:\programdata\.clamwin
2010-12-04 23:51 . 2010-12-04 23:51 -------- d-----w- c:\users\Marco\AppData\Roaming\Avira
2010-12-04 22:48 . 2010-12-04 22:48 -------- d-----w- c:\users\Marco\AppData\Local\AskToolbar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 11:49 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 11:49 . 2010-06-01 17:00 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 11:49 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 11:49 . 2010-06-04 09:55 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 11:49 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-15 02:50 . 2010-04-22 06:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-15 16:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-29 12:00 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F1E21CC-C9CB-4ECF-9B43-19391CC067F7}\mpengine.dll
2010-09-08 17:23 . 2010-10-15 16:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-15 16:19 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-15 16:19 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20 . 2010-10-15 16:18 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-15 16:18 17920 ----a-w- c:\windows\system32\netevent.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2819563528-3661968701-1403540855-1000]
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-05-29 31952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 18:38]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 18:38]

2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{BDD938E7-BE4F-4447-8167-63D2D6836E22}.job
- c:\windows\system32\msfeedssync.exe [2008-05-28 07:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {0F995905-16E1-47AC-A951-940B4B6D17F3} = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nvKL6Na5&q=
FF - component: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Marco\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Extension: Personas: personas@christopher.beard - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\personas@christopher.beard
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: FastestFox: smarterwiki@wikiatic.com - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\smarterwiki@wikiatic.com
FF - Extension: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Extension: LastPass: support@lastpass.com - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\support@lastpass.com
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Extension: Picnik: {5b1fdac4-a239-4933-9c52-b65a2a720b75} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nvKL6Na5&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-hpWirelessAssistant - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
HKLM-Run-WAWifiMessage - %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 16:07
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2776)
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\conime.exe
c:\program files\FreePOPs\freepopsservice.exe
c:\program files\FreePOPs\freepopsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\RtHDVCpl.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-05 16:15:20 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-05 15:15

Pre-Run: 83.120.340.992 byte disponibili
Post-Run: 85.846.335.488 byte disponibili

- - End Of File - - 2DE33E339F8CD7BA808000472E8C2814

Ora che faccio?
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 6:52:28 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
AGGIORNAMENTO

Ho riavviato il tutto e sembra funzionare ogni cosa. La memoria fisica rimane al 45% mentre i processi ora sono 67 invece di 73, cominciamo a migliorare... Dancing
Torna in alto
 
maopapof
Inviato: Sunday, December 05, 2010 7:47:07 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
per facilitare il lavoro che fà il tuo pc .... visto che hai detto che hai molte foto .... ti consiglio di partizionare il tuo disco, in modo che in uno ci lavori e nell'altro ti conservi quello che vuoi per dar modo al tuo pc che quando cerca dei file , li trova subito in uno spazio più piccolo

programma consigliato .... easus .... ;O) ... ciao e buon lavoro
Torna in alto
 
r16
Inviato: Sunday, December 05, 2010 9:14:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt
Code:
KillAll::
Folder::
c:\users\Marco\AppData\Local\AskToolbar
c:\programdata\.clamwin
Driver::
Lbd
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Se il pc non si riavvia da solo, riavvialo tu.
Posta il log aggiornato di combofix
Torna in alto
 
urubu
Inviato: Sunday, December 05, 2010 11:26:33 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Dunque... gran pacco.
Dopo 25 minuti Combofix finisce e si riavvia. Come prima non riesco a far partire Live Mail o Firefox e decido il riavvio. Ora non si connette più alla rete (notare che il netbook che uso ora è attaccato allo stesso modem).
Tra le altre cose mi ritrovo su start la cartella di Comodo (ma no su installazioni applicazioni) che avevo già cancellato prima del secondo riavvio, e sul desktop c'è la cartella di spybot... comincio a non capirci più nulla.
Comunque il LOG di Combofix non riesco a farvelo vedere perché sparisce dalla chiavetta usb che sto utilizzando per portarlo sul net... Brick wall Io faccio copia incolla dal C: alla chiavetta, compare il file sulla chiavetta, quando poi la passo sul net non c'è più...
La situazione di memoria fisica è la stessa in compenso sono aumentati i processi.
Ed ora?
Torna in alto
 
urubu
Inviato: Monday, December 06, 2010 12:09:14 AM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
OK trovato il modo di portare il LOG qui, eccolo:

ComboFix 10-12-04.01 - Marco 05/12/2010 22.22.52.2.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.39.1040.18.2046.1255 [GMT 1:00]
Eseguito da: c:\users\Marco\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Marco\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\.clamwin
c:\users\Marco\AppData\Local\AskToolbar
c:\users\Marco\AppData\Local\AskToolbar\Downloaded Program Files\Nero.dll
c:\users\Marco\AppData\Local\AskToolbar\Downloaded Program Files\Nero.inf

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LBD
-------\Service_Lbd


((((((((((((((((((((((((( Files Creati Da 2010-11-05 al 2010-12-05 )))))))))))))))))))))))))))))))))))
.

2010-12-05 21:45 . 2010-12-05 21:48 -------- d-----w- c:\users\Marco\AppData\Local\temp
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\ca-ES
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\eu-ES
2010-12-05 12:59 . 2010-12-05 13:00 -------- d-----w- c:\windows\system32\vi-VN
2010-12-05 12:52 . 2010-12-05 12:52 -------- d-----w- c:\windows\system32\SPReview
2010-12-05 12:25 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-12-05 12:24 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-12-05 12:17 . 2009-04-10 22:28 595456 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-05 12:16 . 2009-04-10 22:32 99816 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2010-12-05 12:15 . 2009-04-10 22:32 19944 ----a-w- c:\windows\system32\kdusb.dll
2010-12-05 12:14 . 2009-04-10 22:28 99840 ----a-w- c:\windows\system32\ulib.dll
2010-12-05 12:07 . 2010-12-05 12:07 -------- d-----w- c:\windows\system32\EventProviders
2010-12-05 10:53 . 2010-12-05 10:53 388096 ----a-r- c:\users\Marco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-05 10:50 . 2010-12-05 10:50 -------- d-----w- c:\program files\CCleaner
2010-12-04 23:51 . 2010-12-04 23:51 -------- d-----w- c:\users\Marco\AppData\Roaming\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 11:49 . 2010-06-01 17:00 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-29 11:49 . 2010-06-01 17:00 78504 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-29 11:49 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-29 11:49 . 2010-06-04 09:55 236088 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-29 11:49 . 2010-06-01 17:00 17256 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-15 02:50 . 2010-04-22 06:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-15 16:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-09 22:52 . 2010-09-29 12:00 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F1E21CC-C9CB-4ECF-9B43-19391CC067F7}\mpengine.dll
2010-09-08 17:23 . 2010-10-15 16:19 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-15 16:19 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 15:23 . 2010-10-15 16:19 389632 ----a-w- c:\windows\system32\html.iec
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-09 4390912]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2819563528-3661968701-1403540855-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 133104]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-02-12 99152]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-05-29 31952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ASBroker;Operatore della sessione di accesso;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 ASChannel;Canale di comunicazione locale;c:\windows\System32\svchost.exe [2008-01-19 21504]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 18:38]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-18 18:38]

2010-12-05 c:\windows\Tasks\User_Feed_Synchronization-{BDD938E7-BE4F-4447-8167-63D2D6836E22}.job
- c:\windows\system32\msfeedssync.exe [2008-05-28 07:33]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {0F995905-16E1-47AC-A951-940B4B6D17F3} = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\
FF - prefs.js: browser.search.selectedEngine - GoogIe
FF - prefs.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nvKL6Na5&q=
FF - component: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\users\Marco\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: All-in-One Sidebar: {097d3191-e6fa-4728-9826-b533d755359d} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
FF - Extension: Personas: personas@christopher.beard - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\personas@christopher.beard
FF - Extension: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Extension: FastestFox: smarterwiki@wikiatic.com - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\smarterwiki@wikiatic.com
FF - Extension: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Extension: LastPass: support@lastpass.com - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\support@lastpass.com
FF - Extension: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Extension: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Extension: Picnik: {5b1fdac4-a239-4933-9c52-b65a2a720b75} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\e4386bbs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - GoogIe
FF - user.js: keyword.URL - hxxp://www.theast.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=nvKL6Na5&q=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 22:49
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(2340)
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\windows\system32\conime.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\ehome\ehmsas.exe
c:\program files\FreePOPs\freepopsservice.exe
c:\program files\FreePOPs\freepopsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2010-12-05 22:56:58 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-12-05 21:56
ComboFix2.txt 2010-12-05 15:15

Pre-Run: 85.431.914.496 byte disponibili
Post-Run: 85.253.390.336 byte disponibili

- - End Of File - - 71816B183315FD4EBB67872676EE3A4E
Torna in alto
 
r16
Inviato: Monday, December 06, 2010 5:54:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Per ripristinare la connessione segui le indicazioni di questo link:
http://www.bleepingcomputer.com/combofix/it/come-usare-combofix
Trovi la soluzione a fondo pagina.
Commenta:
Tra le altre cose mi ritrovo su start la cartella di Comodo

Eliminala.
Commenta:
e sul desktop c'è la cartella di spybot.

Eliminala.

Cosa sono questi ?:
VBoxUSB
ASBroker.
ASChannel.

Sono indispensabili?

Vai in Installazione Applicazioni, e disistalla TUTTE le versioni Java che trovi.
Torna in alto
 
urubu
Inviato: Monday, December 06, 2010 7:38:09 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Non riesco a ripristinare la connessione di rete. Dice che automaticamente non è possibile e che mancano dei dati...
Per quanto riguarda VboxUSB credo sia qualcosa legato al Virtual box che usavo tempo fa per provare vari sistemi operativi, ASBroker non ho la più pallida idea di cosa sia e ASChannel idem... Dove li trovo? PEr quanto riguarda l'eliminazione, fatto!
COme faccio per la connessione?
Torna in alto
 
urubu
Inviato: Monday, December 06, 2010 7:59:50 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
Niente da fare con la connessione, ho provato ad inserire manualmente l'indirizzo IP e dati vari, perchè mi dice la verifica che mi manca un indirizzo IP valido, ma nemmeno quello inserito a mano lo accetta.
Torna in alto
 
r16
Inviato: Monday, December 06, 2010 8:04:05 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai provato così ?:
Start\ pannello di controllo\ connessioni di rete
clicca con il tasto destro del mouse sulla tua connessione.
seleziona proprietà.
doppio click su "Protocollo Internet(TCP/IP)
metti la spunta a "ottieni indirizzo server DNS automaticamente".
Clicca OK.
Riavvia il pc.
Torna in alto
 
urubu
Inviato: Monday, December 06, 2010 8:34:30 PM

Rank: Member

Iscritto dal : 12/5/2010
Posts: 28
YES! FUNZIONA!!!
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: [1] 2 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi potreste gentilmente controllare il LOG di hijack?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.