Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aprturapagiene web indesiderate in Internet explorer di vista Norton non tova nulla

Aprturapagiene web indesiderate in Internet explorer di vista Norton non tova nulla Opzioni
Topic Precedente · Topic Sucessivo
mimmuz
Inviato: Tuesday, December 30, 2008 3:49:29 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Come da oggetto invio il report di Hijack this
Grazie per il supporto

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.21.35, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Domenico & Consuelo\AppData\Local\uqoucwq.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\DOMENI~1\AppData\Local\Temp\ARC4AA6\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uqoucwq] "c:\users\domenico & consuelo\appdata\local\uqoucwq.exe" uqoucwq
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1229894534_f6181b974241c9080c164c6020f54f92&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12821 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, December 30, 2008 3:49:29 PM

 
Torna in alto
 
mimmuz
Inviato: Tuesday, December 30, 2008 3:57:32 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Dimenticavo Auguri di buon anno a tutti!!!!!!!!!!!!!!!!
Mimmuz
Grazie ancora per le risposte
Torna in alto
 
shapiro
Inviato: Tuesday, December 30, 2008 5:03:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao scusa per l'attesa ma ci sono veramente tante discussioni da controllare

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disattiva l'antivirus e i programmi anti-spyware
Disconnetti il pc da internet
Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione.
Torna in alto
 
mimmuz
Inviato: Wednesday, December 31, 2008 12:04:37 AM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Allora ho fatto girare combo fix come mi hai consigliato
sembrerebbe tutto risolto, ti serve il log?
Grazie mimmuz
Torna in alto
 
mimmuz
Inviato: Wednesday, December 31, 2008 12:10:39 AM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
questo il log di hijack dopo combo fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.21.35, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Domenico & Consuelo\AppData\Local\uqoucwq.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Users\DOMENI~1\AppData\Local\Temp\ARC4AA6\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uqoucwq] "c:\users\domenico & consuelo\appdata\local\uqoucwq.exe" uqoucwq
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1229894534_f6181b974241c9080c164c6020f54f92&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 12821 bytes
Torna in alto
 
Rudewolf
Inviato: Wednesday, December 31, 2008 12:18:11 AM

Rank: AiutAmico

Iscritto dal : 5/2/2006
Posts: 6,184
Forse a shapiro servirebbe anche il log di combo fix.
Torna in alto
 
shapiro
Inviato: Wednesday, December 31, 2008 10:26:12 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
postami il log di combofix ed esegui questa operazione


Scarica http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe e installalo.

vai n provvisoria

Lancia Navilog1 e scegli l'opzione 4, inserisci il nome uqoucwq e confermalo ridigitandolo quando richiesto.

Nota bene: entrambe le volte che lo digiti non devi sbagliare a scrivere il nome altrimenti dovrai ripetere tutta la procedura perchè non verrà eliminato alcun file

A questo punto il programma ripulirà il pc dai file infetti.

Quando finisce, riavvia il pc in modalità normale

Da modalità normale, svuota C:\WINDOWS\Prefetch


apri hijackthis, premi "do a system scan only", cerca e spunta le voci seguenti:

O4 - HKCU\..\Run: [uqoucwq] "c:\users\domenico & consuelo\appdata\local\uqoucwq.exe" uqoucwq


premi fix checked.


dopo ti faccio fixare le altre voci, voglio controllarle bene
Torna in alto
 
mimmuz
Inviato: Thursday, January 01, 2009 3:22:39 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Ecco il log di combofix.
Solo un chiarimento, ma adesso il pc sembra funzionare regolarmente, le scansioni fatte con Norton Antivirus non danno allarmi ( ma questo anche prima ma le pagine web si aprivano in continuazione)per dire accanendosi ancora rischio di incorrere nella disinstallazione di driver che mi porterebbero a dover reinstallre Vista?

ecco il log
Auguri a tutti

ComboFix 08-12-29.02 - Domenico & Consuelo 2008-12-30 23:31:38.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1040.18.3069.1816 [GMT 1:00]
Eseguito da: c:\users\Domenico & Consuelo\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Domenico & Consuelo\AppData\Local\uqoucwq.dat
c:\users\Domenico & Consuelo\AppData\Local\uqoucwq.exe
c:\users\Domenico & Consuelo\AppData\Local\uqoucwq_nav.dat
c:\users\Domenico & Consuelo\AppData\Local\uqoucwq_navps.dat
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-30 )))))))))))))))))))))))))))))))))))
.

2008-12-30 16:24 . 2008-12-30 16:24 <DIR> d-------- c:\windows\LastGood
2008-12-30 16:23 . 2008-12-30 16:23 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\InstallShield
2008-12-30 16:23 . 2008-12-30 16:23 <DIR> d-------- C:\Intel
2008-12-30 16:23 . 2008-09-12 13:32 327,192 --a------ c:\windows\System32\drivers\iaStor.sys
2008-12-30 16:16 . 2008-12-30 16:16 289,634,547 --a------ c:\windows\MEMORY.DMP
2008-12-30 15:28 . 2008-12-30 15:36 <DIR> d-------- c:\users\Domenico & Consuelo\.housecall6.6
2008-12-30 15:19 . 2008-12-30 15:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-25 23:20 . 2008-12-25 23:20 <DIR> d-------- c:\users\Domenico & Consuelo\Contacts - Copia (1)
2008-12-25 18:36 . 2008-12-25 18:36 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-16 23:41 . 2008-12-16 23:41 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-11 23:10 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-11 09:34 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-11 09:34 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
2008-12-11 09:34 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-11 09:34 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll
2008-12-11 09:33 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll
2008-12-11 09:33 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2008-12-11 09:33 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
2008-12-11 09:33 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe
2008-12-09 23:43 . 2008-12-09 23:43 <DIR> d-------- c:\users\All Users\wmp
2008-12-09 23:43 . 2008-12-09 23:43 <DIR> d-------- c:\programdata\wmp
2008-12-09 21:52 . 2008-12-09 21:52 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-09 13:46 . 2008-12-09 13:46 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\GrabPro
2008-12-09 13:46 . 2008-12-14 21:39 <DIR> d-------- C:\downloads
2008-12-09 13:42 . 2008-12-15 00:43 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\Orbit
2008-11-29 22:39 . 2008-11-29 22:39 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\dvdcss
2008-11-28 21:59 . 2008-11-28 21:59 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-27 19:23 . 2008-11-27 19:25 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\Canon
2008-11-27 19:21 . 2008-11-27 19:21 <DIR> d-------- c:\program files\Canon
2008-11-27 19:13 . 2008-11-27 19:13 <DIR> d--h----- C:\CanoScan
2008-11-27 19:13 . 2005-06-23 22:17 352,256 --a------ c:\windows\System32\CNQL1213.DLL
2008-11-27 19:13 . 2005-02-28 13:20 57,344 --a------ c:\windows\System32\CNQU110.DLL
2008-11-26 18:24 . 2008-11-26 18:24 <DIR> d-------- c:\users\All Users\Nokia
2008-11-26 18:24 . 2008-11-26 18:24 <DIR> d-------- c:\programdata\Nokia
2008-11-26 16:28 . 2008-11-26 16:28 0 --ah----- c:\windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-11-26 16:28 . 2008-11-26 16:28 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-11-25 22:14 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 22:14 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 22:14 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 22:14 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 22:14 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-24 10:17 . 2008-11-24 10:17 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 10:17 . 2008-11-24 10:17 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 10:17 . 2008-11-24 10:17 <DIR> d-------- c:\program files\iTunes
2008-11-24 10:17 . 2008-11-24 10:17 <DIR> d-------- c:\program files\iPod
2008-11-24 10:15 . 2008-11-24 10:16 <DIR> d-------- c:\program files\QuickTime
2008-11-24 10:15 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2008-11-24 02:23 . 2008-11-24 02:23 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\Template
2008-11-24 02:23 . 2008-11-24 02:24 192 --a------ c:\users\Domenico & Consuelo\AppData\Roaming\wklnhst.dat
2008-11-24 01:22 . 2008-11-24 01:22 <DIR> d-------- C:\PerfLogs
2008-11-23 02:47 . 2008-01-19 08:38 4,595,712 --a------ c:\windows\System32\AuthFWSnapin.dll
2008-11-23 02:46 . 2008-01-19 08:33 8,139,264 --a------ c:\windows\System32\ssBranded.scr
2008-11-23 02:45 . 2008-01-19 08:33 2,585,088 --a------ c:\windows\System32\FirewallControlPanel.exe
2008-11-23 02:44 . 2008-01-19 08:35 3,072,000 --a------ c:\windows\System32\networkmap.dll
2008-11-23 02:43 . 2008-01-19 08:32 1,370,624 --a------ c:\windows\System32\Aurora.scr
2008-11-23 02:42 . 2008-01-19 08:32 5,714,432 --a------ c:\windows\System32\logon.scr
2008-11-23 02:41 . 2008-01-19 07:06 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2008-11-23 02:40 . 2008-01-19 08:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-11-23 02:40 . 2008-01-05 12:31 145,455 --a------ c:\windows\System32\perfmon.msc
2008-11-23 02:40 . 2008-01-05 12:22 144,909 --a------ c:\windows\System32\fsmgmt.msc
2008-11-23 02:40 . 2008-01-05 12:34 15,181 --a------ c:\windows\System32\gatherWirelessInfo.vbs
2008-11-23 02:40 . 2008-01-05 12:21 12,198 --a------ c:\windows\System32\gatherWiredInfo.vbs
2008-11-23 02:40 . 2008-01-05 12:31 3 --a------ c:\windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2008-11-23 02:38 . 2006-11-02 10:46 151,552 --a------ c:\windows\System32\WpdMtp.dll
2008-11-23 02:36 . 2008-01-19 08:36 357,888 --a------ c:\windows\System32\wbemcomn.dll
2008-11-23 02:35 . 2008-01-19 08:36 704,512 --a------ c:\windows\System32\SmiEngine.dll
2008-11-23 02:35 . 2008-01-19 08:36 218,624 --a------ c:\windows\System32\wdscore.dll
2008-11-23 02:35 . 2008-01-19 08:36 139,264 --a------ c:\windows\System32\SmiInstaller.dll
2008-11-23 02:35 . 2008-01-19 08:33 130,560 --a------ c:\windows\System32\PkgMgr.exe
2008-11-23 02:35 . 2008-01-19 08:36 129,536 --a------ c:\windows\System32\sqmapi.dll
2008-11-23 02:33 . 2008-01-19 08:34 305,152 --a------ c:\windows\System32\msdelta.dll
2008-11-23 02:33 . 2008-01-19 08:34 258,560 --a------ c:\windows\System32\dpx.dll
2008-11-23 02:33 . 2008-01-19 08:34 246,784 --a------ c:\windows\System32\drvstore.dll
2008-11-23 02:33 . 2008-01-19 08:35 35,328 --a------ c:\windows\System32\mspatcha.dll
2008-11-21 13:27 . 2008-11-21 13:27 <DIR> d-------- c:\program files\Common Files\PCSuite
2008-11-21 13:27 . 2008-11-26 17:14 <DIR> d-------- c:\program files\Common Files\Nokia
2008-11-21 00:55 . 2008-11-26 16:28 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\PC Suite
2008-11-21 00:55 . 2008-12-15 01:10 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\Nokia
2008-11-21 00:55 . 2008-11-26 16:28 <DIR> d-------- c:\users\All Users\PC Suite
2008-11-21 00:55 . 2008-11-26 16:28 <DIR> d-------- c:\programdata\PC Suite
2008-11-21 00:51 . 2008-11-21 00:51 <DIR> d-------- c:\program files\DIFX
2008-11-21 00:51 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys
2008-11-21 00:49 . 2008-11-21 00:49 <DIR> d-------- c:\program files\PC Connectivity Solution
2008-11-21 00:46 . 2008-11-26 17:08 <DIR> d-------- c:\users\All Users\Installations
2008-11-21 00:46 . 2008-11-26 17:08 <DIR> d-------- c:\programdata\Installations
2008-11-21 00:46 . 2008-11-26 17:38 <DIR> d-------- c:\program files\Nokia
2008-11-21 00:46 . 2008-02-01 16:17 90,624 --a------ c:\windows\System32\nmwcdcls.dll
2008-11-20 08:50 . 2008-11-20 08:50 269,312 --a------ c:\windows\System32\es.dll
2008-11-19 11:33 . 2008-12-30 16:03 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\skypePM
2008-11-19 11:33 . 2008-11-19 11:33 56 --ah----- c:\users\All Users\ezsidmv.dat
2008-11-19 11:33 . 2008-11-19 11:33 56 --ah----- c:\programdata\ezsidmv.dat
2008-11-19 10:50 . 2008-11-19 10:50 <DIR> d-------- c:\users\All Users\Office Genuine Advantage
2008-11-19 10:50 . 2008-11-19 10:50 <DIR> d-------- c:\programdata\Office Genuine Advantage
2008-11-19 01:14 . 2008-12-30 23:20 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\Skype
2008-11-19 00:45 . 2008-11-19 00:45 <DIR> d-------- c:\users\All Users\Google
2008-11-19 00:44 . 2008-11-19 00:45 <DIR> d-------- c:\program files\Google
2008-11-19 00:43 . 2008-11-19 00:43 <DIR> d-------- c:\users\All Users\Skype
2008-11-19 00:43 . 2008-11-19 00:43 <DIR> d-------- c:\programdata\Skype
2008-11-19 00:43 . 2008-11-19 00:43 <DIR> d-------- c:\program files\Skype
2008-11-19 00:43 . 2008-11-19 00:43 <DIR> d-------- c:\program files\Common Files\Skype
2008-11-18 22:59 . 2008-11-18 22:59 361,984 --a------ c:\windows\System32\IPSECSVC.DLL
2008-11-18 22:59 . 2008-11-18 22:59 272,896 --a------ c:\windows\System32\polstore.dll
2008-11-18 22:59 . 2008-11-18 22:59 61,440 --a------ c:\windows\System32\winipsec.dll
2008-11-18 22:59 . 2008-11-18 22:59 28,672 --a------ c:\windows\System32\FwRemoteSvr.dll
2008-11-18 22:58 . 2008-11-18 22:58 1,695,744 --a------ c:\windows\System32\gameux.dll
2008-11-18 22:53 . 2008-11-18 22:53 <DIR> d-------- c:\users\Domenico & Consuelo\AppData\Roaming\GTek
2008-11-18 22:52 . 2008-11-18 22:52 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-18 22:51 . 2008-11-18 22:51 2,032,640 --a------ c:\windows\System32\win32k.sys
2008-11-18 22:51 . 2008-11-18 22:51 303,616 --a------ c:\windows\System32\wmpeffects.dll
2008-11-18 22:50 . 2008-11-18 22:50 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-18 22:50 . 2008-11-18 22:50 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-18 22:46 . 2008-11-18 22:49 <DIR> d-------- c:\users\All Users\eMule
2008-11-18 22:46 . 2008-11-18 22:49 <DIR> d-------- c:\programdata\eMule
2008-11-18 22:46 . 2008-11-18 22:46 <DIR> d-------- c:\program files\eMule
2008-11-18 22:46 . 2008-11-18 22:46 988,216 --a------ c:\windows\System32\winload.exe
2008-11-18 22:46 . 2008-11-18 22:46 927,288 --a------ c:\windows\System32\winresume.exe
2008-11-18 22:46 . 2008-11-18 22:46 615,992 --a------ c:\windows\System32\ci.dll
2008-11-18 22:46 . 2008-11-18 22:46 378,368 --a------ c:\windows\System32\srcore.dll
2008-11-18 22:46 . 2008-11-18 22:46 318,464 --a------ c:\windows\System32\rstrui.exe
2008-11-18 22:46 . 2008-11-18 22:46 46,592 --a------ c:\windows\System32\setbcdlocale.dll
2008-11-18 22:46 . 2008-11-18 22:46 40,960 --a------ c:\windows\System32\srclient.dll
2008-11-18 22:46 . 2008-11-18 22:46 19,000 --a------ c:\windows\System32\kd1394.dll
2008-11-18 22:46 . 2008-11-18 22:46 14,848 --a------ c:\windows\System32\srdelayed.exe
2008-11-18 22:46 . 2008-11-18 22:46 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-11-18 22:44 . 2008-11-18 22:44 443,392 --a------ c:\windows\System32\win32spl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 17:05 --------- d-----w c:\programdata\Symantec
2008-12-30 15:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-12 10:37 --------- d-----w c:\program files\Windows Mail
2008-12-11 22:13 --------- d-----w c:\programdata\Microsoft Help
2008-12-09 20:52 --------- d-----w c:\program files\Java
2008-11-24 00:33 174 --sha-w c:\program files\desktop.ini
2008-11-24 00:25 --------- d-----w c:\program files\Windows Sidebar
2008-11-24 00:25 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-24 00:25 --------- d-----w c:\program files\Windows Journal
2008-11-24 00:25 --------- d-----w c:\program files\Windows Defender
2008-11-24 00:25 --------- d-----w c:\program files\Windows Collaboration
2008-11-24 00:25 --------- d-----w c:\program files\Windows Calendar
2008-11-24 00:18 --------- d-----w c:\programdata\NVIDIA
2008-11-24 00:06 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-24 00:06 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-18 21:59 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-11-18 21:53 --------- d-----w c:\program files\Hp
2008-11-18 21:53 --------- d-----w c:\program files\Hewlett-Packard
2008-11-17 23:20 --------- d-----w c:\programdata\CyberLink
2008-11-17 18:16 --------- d-----w c:\program files\Norton Internet Security
2008-11-17 18:16 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-17 18:09 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-11-17 18:09 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-17 18:09 10,671 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-17 18:09 --------- d-----w c:\program files\Symantec
2008-11-17 16:56 --------- d-----w c:\programdata\Hewlett-Packard
2008-11-17 16:43 --------- d-----w c:\program files\HPQ
2008-11-17 16:34 --------- d-sh--w c:\programdata\Preferiti
2008-11-17 16:34 --------- d-sh--w c:\programdata\Modelli
2008-11-17 16:34 --------- d-sh--w c:\programdata\Menu Avvio
2008-11-17 16:34 --------- d-sh--w c:\programdata\Documenti
2008-11-17 16:34 --------- d-sh--w c:\programdata\Desktop
2008-11-17 16:34 --------- d-sh--w c:\programdata\Dati applicazioni
2008-11-17 16:34 --------- d-sh--w c:\program files\File comuni
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-19 171448]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 c:\windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{50FE1639-2277-423A-9FFB-A9E65BB7474C}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AFAAC25D-2240-47B4-BABB-B3C1AE76B327}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DBB0C4D-969D-459E-A788-A31354634EC3}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{DD521377-4A4F-4CED-AEA5-6A924730F285}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4D7D39C6-43EA-49CB-908E-AB3ED64848DD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D5308FAD-6E91-4707-BA48-7EC2C478E700}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CF9AEBB0-16A1-4D6B-97A6-DFDDAEDCF983}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F123929F-2614-468E-A872-7E05D7706B37}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{71A916B7-0527-4C75-945C-5EA7C9D029FF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{828CBE4C-17E5-42DC-9788-D4033DEBB1BE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{445BD503-4E24-48FF-9CDA-46695B3600B6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081220.001\IDSvix86.sys [2008-12-20 270384]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-11-17 149352]
R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-11-17 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]

*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-17 c:\windows\Tasks\Norton Internet Security - Scansione completa sistema - Domenico & Consuelo.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-uqoucwq - c:\users\domenico & consuelo\appdata\local\uqoucwq.exe



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 23:34:25
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-12-30 23:54:31
ComboFix-quarantined-files.txt 2008-12-30 22:54:28

Pre-Run: 150,339,055,616 byte disponibili
Post-Run: 152,041,594,880 byte disponibili

288 --- E O F --- 2008-12-30 14:22:38
Torna in alto
 
mimmuz
Inviato: Thursday, January 01, 2009 4:09:18 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Allora mi sono fermato per paura di fare danni allo svuotare:

C:\WINDOWS\Prefetch

intendevi dire cancellarne tutto il suo contenuto?

In attesa di una conferma ho lanciato Hijack questo il log a quanto sembra non c'era piu da spuntare

O4 - HKCU\..\Run: [uqoucwq] "c:\users\domenico & consuelo\appdata\local\uqoucwq.exe" uqoucwq

ecco il log a riprova:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.55.18, on 01/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230647267316&h=e1565e53a45b3747ae53cdaaeb8f96ce/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11572 bytes

Grazie
Torna in alto
 
mimmuz
Inviato: Thursday, January 01, 2009 4:15:20 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Sembra tutto plug una bomba fammi sapere che ti sembra grazie e buon 2009
Torna in alto
 
shapiro
Inviato: Thursday, January 01, 2009 4:49:50 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questa chiave l'ha tolta navilog

O4 - HKCU\..\Run: [uqoucwq] "c:\users\domenico & consuelo\appdata\local\uqoucwq.exe" uqoucwq


hai installato AOL Toolbar?


Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O13 - Gopher Prefix:





Scarica questo programma e decomprimilo

fai una scansione senza togliere eventuali voci che ti segnala- dimmi solo cosa trova


http://wikisend.com/download/469610/PREVXProduct.zip



il log di combofix ha tolto delle infezioni da navipromo
Torna in alto
 
mimmuz
Inviato: Thursday, January 01, 2009 11:56:58 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Allora ho fatto tutto quello che mi avevi detto e

http://wikisend.com/download/469610/PREVXProduct.zip

non ha rilevato nulla

Ho tolto i fix che mi hai evidenziato
mi manca solo da cancellare

C:\WINDOWS\Prefetch

se mi dai l'ok cancello il contenuto
che mi dici?
Grazie
Torna in alto
 
mimmuz
Inviato: Thursday, January 01, 2009 11:58:11 PM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Dimenticavo il nuovo log di hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.50.17, on 01/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230647267316&h=e1565e53a45b3747ae53cdaaeb8f96ce/&filename=jinstall-6u11-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 11547 bytes
Torna in alto
 
mimmuz
Inviato: Friday, January 02, 2009 12:04:52 AM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Caro Shapiro,
sei stato un grande, le tue indicazioni precise ed essenziali
Grazie Mimmuz
Torna in alto
 
Rudewolf
Inviato: Friday, January 02, 2009 12:05:06 AM

Rank: AiutAmico

Iscritto dal : 5/2/2006
Posts: 6,184
Il contenuto della cartella Prefetch lo puoi cancellare tranquillamente.
Torna in alto
 
mimmuz
Inviato: Friday, January 02, 2009 12:05:51 AM
Rank: Member

Iscritto dal : 12/30/2008
Posts: 16
Caro Shapiro,
sei stato un grande, le tue indicazioni precise ed essenziali
Grazie Mimmuz

P.s.
quale antivirus mi consigli per il futuro?
Torna in alto
 
shapiro
Inviato: Friday, January 02, 2009 10:39:40 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
AOL Toolbar l'hai installata tu?

Commenta:
Ho tolto i fix che mi hai evidenziato
mi manca solo da cancellare

C:\WINDOWS\Prefetch

se mi dai l'ok cancello il contenuto
che mi dici?


svuota C:\WINDOWS\Prefetch





per l'antivirus consiglio sempre i ''leader''

avira free oppure avg8 sempre free

fammi sapere se il pc ha ancora problemi

il log e' pulito
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aprturapagiene web indesiderate in Internet explorer di vista Norton non tova nulla


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.