Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Schede explorer che si aprono da sole

Schede explorer che si aprono da sole Opzioni
Topic Precedente · Topic Sucessivo
corradogando
Inviato: Monday, February 14, 2011 7:05:09 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, da diverse settimane internet explorer apre senza il mio comando schede con pagine pubblicitarie. Ho fatto scansioni con vari antivirus, spybot e malwarebytes, ma non è stato rilevato nulla.
Ultimamente ho scaricato e avviato il programma HijackThis, ma durante la scansione compaiono messaggi per me indecifrabili ed al termine del lavoro non viene creato il file long. Il mio sistema operativo è vista. Se fosse possibile allegare file al messaggio vi invierei i messaggi prototti da HijckThis durante la scansione.
Cordiali saluti
Corrado Gandolfi
Torna in alto
 
Sponsor
Inviato: Monday, February 14, 2011 7:05:09 PM

 
Torna in alto
 
tamagon
Inviato: Monday, February 14, 2011 7:20:10 PM

Rank: AiutAmico

Iscritto dal : 3/6/2009
Posts: 2,913
prova a metterlo in una cartella dedicata a lui,poi eseguilo come amministratore ed aspetta r16
Torna in alto
 
r16
Inviato: Monday, February 14, 2011 10:27:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Fai questa scansione:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
corradogando
Inviato: Tuesday, February 15, 2011 7:51:00 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, ho fatto la scansine con combifix. Il file long creato dal programma è il seguente:

ComboFix 11-02-15.01 - corradogando 15/02/2011 19.02.28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3326.2132 [GMT 1:00]
Eseguito da: c:\users\corradogando\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\OfferBox
c:\program files\OfferBox\OfferBoxBHO.dll
c:\programdata\Desktop
c:\users\corradogando\AppData\Roaming\ImgBurn.exe
c:\users\corradogando\AppData\Roaming\inst.exe
c:\users\corradogando\AppData\Roaming\Microsoft\Windows\Recent\PagineGialle.it Visual.url
c:\users\corradogando\AppData\Roaming\OfferBox
c:\users\corradogando\AppData\Roaming\OfferBox\config.dat
c:\users\corradogando\AppData\Roaming\OfferBox\config.xml

.
((((((((((((((((((((((((( Files Creati Da 2011-01-15 al 2011-02-15 )))))))))))))))))))))))))))))))))))
.

2011-02-15 18:16 . 2011-02-15 18:16 -------- d-----w- c:\users\corradogando\AppData\Local\temp
2011-02-15 18:16 . 2011-02-15 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 19:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-02-09 10:41 . 2011-02-09 10:41 388096 ----a-r- c:\users\corradogando\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 10:41 . 2011-02-09 10:41 -------- d-----w- c:\program files\Trend Micro
2011-01-29 17:28 . 2011-01-29 17:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-29 17:07 . 2011-01-29 17:11 -------- d-----w- c:\program files\FoxTabAudioConverter
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\users\corradogando\AppData\Roaming\Malwarebytes
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 20:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:54 . 2011-01-27 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 20:16 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27A7CD9B-0889-4C7F-97A3-A13E01677124}\mpengine.dll
2011-01-25 20:04 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-25 20:04 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-25 20:04 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-25 20:04 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-25 20:04 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-25 19:56 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-01-25 19:54 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-25 19:53 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-25 19:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-25 19:45 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-02 18:32 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-06-02 10:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-06-02 11:00 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-06-02 11:00 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-06-02 11:00 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-06-02 11:00 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-06-02 11:00 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-21 16:37 . 2010-11-21 16:36 7760687 ----a-w- c:\users\corradogando\AppData\Roaming\SetupGFD.exe
2010-11-21 16:36 . 2010-11-21 16:36 5243208 ----a-w- c:\users\corradogando\AppData\Roaming\AvsP.exe
2010-11-21 16:36 . 2010-11-21 16:36 4284535 ----a-w- c:\users\corradogando\AppData\Roaming\ffdshow.exe
2010-11-21 16:36 . 2010-11-21 16:35 642685 ----a-w- c:\users\corradogando\AppData\Roaming\xvid.exe
2010-11-21 16:35 . 2010-11-21 16:35 4182178 ----a-w- c:\users\corradogando\AppData\Roaming\Avisynth.exe
2010-01-06 18:08 . 2010-02-21 13:08 40960 ----a-w- c:\program files\TrialLogoSmartzPatch.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\Softonic-IT\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E3393495-8103-46A0-8181-270273EDDD60}"= "c:\program files\Softonic-IT\tbSoft.dll" [2009-12-31 2349080]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1747739765-2719348431-3360182940-1000]
"EnableNotificationsRef"=dword:00000003

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
S1 aswSP;aswSP; [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-02 13:13]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2010-07-03 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

2011-02-15 c:\windows\Tasks\User_Feed_Synchronization-{EB355DF5-E9ED-4D3E-B3B9-2609216955A4}.job
- c:\windows\system32\msfeedssync.exe [2011-01-25 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SmartMenu - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 19:16
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1747739765-2719348431-3360182940-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{13D523E7-77C1-511F-76C3-020FBED12A68}*]
@Allowed: (Read) (RestrictedCode)
"ianlkmbgbpmppcfial"=hex:6b,61,70,63,68,67,66,6f,6a,64,6a,61,70,67,61,61,65,6f,
6a,6e,69,67,00,00
"hadmiihojkeajccm"=hex:6b,61,70,63,68,67,66,6f,6a,64,6a,61,70,67,61,61,65,6f,
6a,6e,69,67,00,00
"gacnjkpgekilid"=hex:61,63,6c,6e,6f,65,63,6f,6f,65,64,65,6a,6f,6a,66,6d,6f,61,
6e,64,70,6f,6e,63,6a,63,62,69,6a,70,67,63,66,6a,6f,63,6a,62,6f,62,6a,61,6a,\

[HKEY_USERS\S-1-5-21-1747739765-2719348431-3360182940-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34B3FFB4-7B1E-B676-3E87-FAAE46D408D1}*]
"oaolfndofbgfmmjlmpbghghcibdfmb"=hex:69,61,6e,65,6c,6d,68,6f,6e,6c,70,63,67,6e,
69,6d,6a,68,00,00
"nainhpgmjdopgodgjgjenppjcgin"=hex:69,61,6e,65,6c,6d,68,6f,6e,6c,70,63,67,6e,
69,6d,6a,68,00,00
"oaclaimnbdadbkgkldnfmlkapaklec"=hex:64,61,62,66,6a,6b,67,64,00,92

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2011-02-15 19:19:20
ComboFix-quarantined-files.txt 2011-02-15 18:19

Pre-Run: 92.469.092.352 byte disponibili
Post-Run: 92.424.536.064 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 22385AED0830D4B47BA73416113AD188
Torna in alto
 
r16
Inviato: Tuesday, February 15, 2011 10:58:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e3393495-8103-46a0-8181-270273eddd60}"=-
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[-HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3393495-8103-46a0-8181-270273eddd60}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e3393495-8103-46a0-8181-270273eddd60}"=-
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{e3393495-8103-46a0-8181-270273eddd60}]
[-HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

RegNull::
[HKEY_USERS\S-1-5-21-1747739765-2719348431-3360182940-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{34B3FFB4-7B1E-B676-3E87-FAAE46D408D1}*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
corradogando
Inviato: Wednesday, February 16, 2011 9:41:35 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, ho effettuato la scansione inserendo lo script in Combifix, il file long creato dal programma è il seguente:

ComboFix 11-02-15.01 - corradogando 16/02/2011 15.06.17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3326.2233 [GMT 1:00]
Eseguito da: c:\users\corradogando\Desktop\ComboFix.exe
Opzioni usate :: c:\users\corradogando\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-16 14:13 . 2011-02-16 14:17 -------- d-----w- c:\users\corradogando\AppData\Local\temp
2011-02-16 14:13 . 2011-02-16 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 19:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-02-09 10:41 . 2011-02-09 10:41 388096 ----a-r- c:\users\corradogando\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 10:41 . 2011-02-09 10:41 -------- d-----w- c:\program files\Trend Micro
2011-01-29 17:28 . 2011-01-29 17:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-29 17:07 . 2011-01-29 17:11 -------- d-----w- c:\program files\FoxTabAudioConverter
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\users\corradogando\AppData\Roaming\Malwarebytes
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 20:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:54 . 2011-01-27 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 20:16 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27A7CD9B-0889-4C7F-97A3-A13E01677124}\mpengine.dll
2011-01-25 20:04 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-25 20:04 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-25 20:04 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-25 20:04 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-25 20:04 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-25 19:56 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-01-25 19:54 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-25 19:53 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-25 19:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-25 19:45 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-02 18:32 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-06-02 10:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-06-02 11:00 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-06-02 11:00 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-06-02 11:00 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-06-02 11:00 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-06-02 11:00 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-21 16:37 . 2010-11-21 16:36 7760687 ----a-w- c:\users\corradogando\AppData\Roaming\SetupGFD.exe
2010-11-21 16:36 . 2010-11-21 16:36 5243208 ----a-w- c:\users\corradogando\AppData\Roaming\AvsP.exe
2010-11-21 16:36 . 2010-11-21 16:36 4284535 ----a-w- c:\users\corradogando\AppData\Roaming\ffdshow.exe
2010-11-21 16:36 . 2010-11-21 16:35 642685 ----a-w- c:\users\corradogando\AppData\Roaming\xvid.exe
2010-11-21 16:35 . 2010-11-21 16:35 4182178 ----a-w- c:\users\corradogando\AppData\Roaming\Avisynth.exe
2010-01-06 18:08 . 2010-02-21 13:08 40960 ----a-w- c:\program files\TrialLogoSmartzPatch.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
Torna in alto
 
r16
Inviato: Wednesday, February 16, 2011 9:54:32 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log non è completo.
Per vedere se lo script ha funzionato, dovrei vederlo completo.
E, in ogni caso, dimmi se riscontri problemi.
Torna in alto
 
corradogando
Inviato: Wednesday, February 16, 2011 10:12:30 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Scusa, questo è il long completo. Purtroppo il problema persiste.

ComboFix 11-02-15.01 - corradogando 16/02/2011 15.06.17.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3326.2233 [GMT 1:00]
Eseguito da: c:\users\corradogando\Desktop\ComboFix.exe
Opzioni usate :: c:\users\corradogando\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2011-01-16 al 2011-02-16 )))))))))))))))))))))))))))))))))))
.

2011-02-16 14:13 . 2011-02-16 14:17 -------- d-----w- c:\users\corradogando\AppData\Local\temp
2011-02-16 14:13 . 2011-02-16 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-14 19:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-02-09 10:41 . 2011-02-09 10:41 388096 ----a-r- c:\users\corradogando\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 10:41 . 2011-02-09 10:41 -------- d-----w- c:\program files\Trend Micro
2011-01-29 17:28 . 2011-01-29 17:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-29 17:07 . 2011-01-29 17:11 -------- d-----w- c:\program files\FoxTabAudioConverter
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\users\corradogando\AppData\Roaming\Malwarebytes
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 20:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:54 . 2011-01-27 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 20:16 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27A7CD9B-0889-4C7F-97A3-A13E01677124}\mpengine.dll
2011-01-25 20:04 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-25 20:04 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-25 20:04 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-25 20:04 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-25 20:04 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-25 19:56 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-01-25 19:54 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-25 19:53 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-25 19:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-25 19:45 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-02 18:32 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-06-02 10:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-06-02 11:00 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-06-02 11:00 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-06-02 11:00 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-06-02 11:00 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-06-02 11:00 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-21 16:37 . 2010-11-21 16:36 7760687 ----a-w- c:\users\corradogando\AppData\Roaming\SetupGFD.exe
2010-11-21 16:36 . 2010-11-21 16:36 5243208 ----a-w- c:\users\corradogando\AppData\Roaming\AvsP.exe
2010-11-21 16:36 . 2010-11-21 16:36 4284535 ----a-w- c:\users\corradogando\AppData\Roaming\ffdshow.exe
2010-11-21 16:36 . 2010-11-21 16:35 642685 ----a-w- c:\users\corradogando\AppData\Roaming\xvid.exe
2010-11-21 16:35 . 2010-11-21 16:35 4182178 ----a-w- c:\users\corradogando\AppData\Roaming\Avisynth.exe
2010-01-06 18:08 . 2010-02-21 13:08 40960 ----a-w- c:\program files\TrialLogoSmartzPatch.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1747739765-2719348431-3360182940-1000]
"EnableNotificationsRef"=dword:00000003

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548]
R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2008-09-10 20640]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
S1 aswSP;aswSP; [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-02 13:13]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2010-07-03 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

2011-02-16 c:\windows\Tasks\User_Feed_Synchronization-{EB355DF5-E9ED-4D3E-B3B9-2609216955A4}.job
- c:\windows\system32\msfeedssync.exe [2011-01-25 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 15:16
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Ora fine scansione: 2011-02-16 15:23:03 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-02-16 14:23
ComboFix2.txt 2011-02-15 18:19

Pre-Run: 92.366.630.912 byte disponibili
Post-Run: 92.320.419.840 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 45F95D277A1FC2C61338CE7641C5CBFF
Torna in alto
 
r16
Inviato: Wednesday, February 16, 2011 11:01:15 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Apri un file di testo con il Block Note sul Desktop
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Code:
KillAll::

File::
c:\windows\system32\GameMon.des
c:\progra~1\PC-DOC~1\PCD5SRVC.pkms

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]

Driver::
npggsvc

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Torna in alto
 
corradogando
Inviato: Thursday, February 17, 2011 10:54:57 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, dopo la terza scansione il file long creato è il seguente:

ComboFix 11-02-15.01 - corradogando 17/02/2011 21.05.23.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3326.2317 [GMT 1:00]
Eseguito da: c:\users\corradogando\Desktop\ComboFix.exe
Opzioni usate :: c:\users\corradogando\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
"c:\windows\system32\GameMon.des"
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\PC-DOC~1\PCD5SRVC.pkms
c:\windows\system32\GameMon.des

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npggsvc
-------\Legacy_PCD5SRVC{BD6912E3-AC9D80E8-05040000}
-------\Service_PCD5SRVC{BD6912E3-AC9D80E8-05040000}


((((((((((((((((((((((((( Files Creati Da 2011-01-17 al 2011-02-17 )))))))))))))))))))))))))))))))))))
.

2011-02-17 20:13 . 2011-02-17 20:17 -------- d-----w- c:\users\corradogando\AppData\Local\temp
2011-02-14 19:20 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\system32\vorbis.acm
2011-02-09 10:41 . 2011-02-09 10:41 388096 ----a-r- c:\users\corradogando\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-09 10:41 . 2011-02-09 10:41 -------- d-----w- c:\program files\Trend Micro
2011-01-29 17:28 . 2011-01-29 17:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-01-29 17:07 . 2011-01-29 17:11 -------- d-----w- c:\program files\FoxTabAudioConverter
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\users\corradogando\AppData\Roaming\Malwarebytes
2011-01-26 20:54 . 2011-01-26 20:54 -------- d-----w- c:\programdata\Malwarebytes
2011-01-26 20:54 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:54 . 2011-01-27 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:54 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-25 20:16 . 2011-01-20 09:39 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27A7CD9B-0889-4C7F-97A3-A13E01677124}\mpengine.dll
2011-01-25 20:04 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-01-25 20:04 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-01-25 20:04 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-01-25 20:04 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-01-25 20:04 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-01-25 19:56 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-01-25 19:54 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-01-25 19:53 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-01-25 19:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-01-25 19:45 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-08-02 18:32 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-06-02 10:59 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-06-02 11:00 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-06-02 11:00 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:37 . 2010-06-02 11:00 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-06-02 11:00 51280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-13 08:37 . 2010-06-02 11:00 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-21 16:37 . 2010-11-21 16:36 7760687 ----a-w- c:\users\corradogando\AppData\Roaming\SetupGFD.exe
2010-11-21 16:36 . 2010-11-21 16:36 5243208 ----a-w- c:\users\corradogando\AppData\Roaming\AvsP.exe
2010-11-21 16:36 . 2010-11-21 16:36 4284535 ----a-w- c:\users\corradogando\AppData\Roaming\ffdshow.exe
2010-11-21 16:36 . 2010-11-21 16:35 642685 ----a-w- c:\users\corradogando\AppData\Roaming\xvid.exe
2010-11-21 16:35 . 2010-11-21 16:35 4182178 ----a-w- c:\users\corradogando\AppData\Roaming\Avisynth.exe
2010-01-06 18:08 . 2010-02-21 13:08 40960 ----a-w- c:\program files\TrialLogoSmartzPatch.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-10-06 182808]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1747739765-2719348431-3360182940-1000]
"EnableNotificationsRef"=dword:00000003

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 135664]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-22 691696]
S1 aswSP;aswSP; [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 59376]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 51280]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]


--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenuto della cartella 'Scheduled Tasks'

2011-02-17 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-02-02 13:13]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2011-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 14:02]

2010-07-03 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

2011-02-17 c:\windows\Tasks\User_Feed_Synchronization-{EB355DF5-E9ED-4D3E-B3B9-2609216955A4}.job
- c:\windows\system32\msfeedssync.exe [2011-01-25 04:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Cerca - c:\programdata\AOL\ieToolbar\resources\it-IT\local\search.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-17 21:17
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Ora fine scansione: 2011-02-17 21:23:37 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-02-17 20:23
ComboFix2.txt 2011-02-16 14:23
ComboFix3.txt 2011-02-15 18:19

Pre-Run: 95.725.359.104 byte disponibili
Post-Run: 95.429.255.168 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - CA07DF403BD2AA753D1FAC5BE4F5B79D
Torna in alto
 
r16
Inviato: Friday, February 18, 2011 6:00:07 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Vedi se riesci a postare un log di Hijack This
http://www.aiutamici.com/software?ID=11175

Ancora problemi?
Torna in alto
 
corradogando
Inviato: Friday, February 18, 2011 7:32:27 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Purtroppo il problema non è stato risolto. Sono riuscito a creare il file long di Hijackthis sotto scritto.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.28.45, on 18/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Users\Public\Documents\PowerOffer\POService.exe
L:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: PowerOffer - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Users\Public\Documents\PowerOffer\PowerOfferBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 8246 bytes
Torna in alto
 
r16
Inviato: Saturday, February 19, 2011 2:57:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

Commenta:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion &pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=91&bd=Pavilion &pf=cndt
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [KBD] C:\Program Files\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55. cab

Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223

Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Riavvia il pc, e riattiva il ripristino configurazione di sistema.
Torna in alto
 
corradogando
Inviato: Wednesday, February 23, 2011 9:54:13 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, scusa se ho ritardato nella risposta, ma altri impegni mi hanno impedito di dedicarmi al problema in oggetto. Ho effettuto con hijackthis le operazioni consigliate, ma continuano a caricarsi autonomamante schede pubblicitarie. Ultimamente ho notato che questo avviene con determinati siti ad esempio quello di fineco e solo quando lo apro la prima volta. Comunque ringrazio per i suggerimenti forniti, se esiste qualche altro modo per debellare l'inconveniente lo accetto volentiri.
Torna in alto
 
r16
Inviato: Wednesday, February 23, 2011 10:09:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Aspetta un attimo.....
Guarda che è normale che quando visiti alcuni siti ,(non tutti eh..) ti si aprono anche delle pagine pubblicitarie.
E' una forma di auto-finanziamento praticata dai siti medesimi.
Succede anche a me, ogni tanto,(sempre quando visito, un determinato forum per esempio) ma basta eliminare la pagina pubblicitaria, e proseguire con la navigazione.
Il discorso cambia, se si aprono pagine non volute in tutti i siti.
Torna in alto
 
corradogando
Inviato: Wednesday, February 23, 2011 10:16:30 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Con il computer portatile le pagine pubblicitarie non si aprono con nussun sito. Uso sempre internet explorer, vista come sistema operativo come con il fisso.
Torna in alto
 
r16
Inviato: Wednesday, February 23, 2011 10:24:34 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Facciamo una scansione con SuperAntispiware:
Scarica e installa la versione Free di SuperAntispyware:
http://www.superantispyware.com/
lo configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg
Esegui una scansione completa.
Posta il log.
Torna in alto
 
corradogando
Inviato: Friday, February 25, 2011 4:40:29 PM
Rank: Member

Iscritto dal : 1/17/2004
Posts: 21
Buonasera, problema risolto con superantispiware. Grazie
Torna in alto
 
r16
Inviato: Friday, February 25, 2011 6:45:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Di nulla.
Segui queste ultime indicazioni:
Scarica TFC by OldTimer sul desktop (pulisce le cartelle Temp)
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.

Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
http://oldtimer.geekstogo.com/OTC.exe
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Schede explorer che si aprono da sole


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.