Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pregasi un controllo log Hijackthis

pregasi un controllo log Hijackthis Opzioni
Topic Precedente · Topic Sucessivo
Gjack
Inviato: Friday, June 25, 2010 8:38:59 AM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317

--
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.15.33, on 25/06/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Users\Giacomino\Downloads\HiJackThis.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe

--
End of file - 9194 bytes
Potreste farmi un controllo,ho poblemi con schermata blu,fatto scansioni con antivus e Malware,tutto negativo.Grazie
Torna in alto
 
Sponsor
Inviato: Friday, June 25, 2010 8:38:59 AM

 
Torna in alto
 
paolopa
Inviato: Friday, June 25, 2010 9:08:21 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
apri hijack,seleziona le seguenti righee,con tutte le applicazioni chiuse e disconnesso da internet premi fix checked:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
poi:
trova e cancella il file in grassetto:C:\WINDOWS\PixArt\PAC207\Monitor.exe
poi:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop.

Importante: dopo aver scaricato COMBOFIX chiudi la connessione disabilita il tuo antivirus e
chiudi TUTTI i programmi aperti,(Firewall compreso) e

Doppio click su combofix.exe (comparirà una videata.)

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix)
tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse)
e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.
Torna in alto
 
Gjack
Inviato: Friday, June 25, 2010 8:27:39 PM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
ho eliminato le voci che mi hai suggerito,poi ho scaricato Combofix ,effettuata la scansione ho fatto una copia del log(9 pagine),dopo non sono più riuscito a trovarlo,è possibile postarlo in altro modo?Saluti cordiali.
Torna in alto
 
paolopa
Inviato: Friday, June 25, 2010 8:44:28 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
prova a fare una ricerca digitando nell apposita finestra "ComboFix.txt."(senza virgolette)
Torna in alto
 
Gjack
Inviato: Friday, June 25, 2010 10:38:17 PM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
ti sarei grato se potresti spiegarmi come posso postare il log,forse l'ho trovato, è diverso da Hijackthis.?
Torna in alto
 
Gjack
Inviato: Friday, June 25, 2010 11:02:02 PM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
ComboFix 10-06-24.03 - Giacomino 25/06/2010 15.54.50.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.39.1040.18.3326.1958 [GMT 2:00]
Eseguito da: c:\users\Giacomino\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Creati Da 2010-05-25 al 2010-06-25 )))))))))))))))))))))))))))))))))))
.

2010-06-25 14:06 . 2010-06-25 14:06 -------- d-----w- c:\users\Giacomino\AppData\Local\temp
2010-06-25 14:06 . 2010-06-25 14:06 -------- d-----w- c:\users\Ro\AppData\Local\temp
2010-06-25 11:57 . 2010-06-25 11:57 -------- d-----w- c:\program files\Trend Micro
2010-06-20 13:45 . 2010-06-20 13:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-20 13:44 . 2010-06-20 13:44 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-06-20 13:44 . 2010-06-20 13:44 272384 ----a-w- c:\windows\system32\schannel.dll
2010-06-20 09:43 . 2010-06-20 09:44 -------- d-----w- c:\users\Giacomino\AppData\Roaming\PCToolsFirewallPlus
2010-06-20 09:42 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-20 09:42 . 2009-11-09 09:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-20 09:42 . 2010-01-07 10:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-20 09:42 . 2010-01-07 10:40 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-06-20 09:40 . 2010-06-20 09:42 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-20 09:40 . 2010-01-12 07:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-06-20 09:40 . 2010-01-07 09:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-06-20 09:40 . 2010-01-07 09:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-06-20 09:40 . 2010-01-13 06:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-06-20 09:40 . 2010-06-20 09:45 -------- d-----w- c:\program files\PC Tools Firewall Plus
2010-06-19 18:41 . 2010-06-19 18:41 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-06-19 18:41 . 2010-06-19 18:41 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-06-19 18:41 . 2010-06-19 18:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-19 18:41 . 2010-06-19 18:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-19 18:41 . 2010-06-19 18:41 24064 ----a-w- c:\windows\system32\lpk.dll
2010-06-19 18:41 . 2010-06-19 18:41 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-06-19 18:41 . 2010-06-19 18:41 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-06-19 18:41 . 2010-06-19 18:41 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-06-19 18:41 . 2010-06-19 18:41 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-06-19 18:41 . 2010-06-19 18:41 272896 ----a-w- c:\windows\system32\polstore.dll
2010-06-19 18:41 . 2010-06-19 18:41 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 18:41 . 2010-06-19 18:41 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-19 18:39 . 2010-06-19 18:39 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-06-19 18:38 . 2010-06-19 18:38 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 18:38 . 2010-06-19 18:38 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 18:38 . 2010-06-19 18:38 376832 ----a-w- c:\windows\system32\winhttp.dll
2010-06-19 18:38 . 2010-06-19 18:38 434176 ----a-w- c:\windows\system32\vbscript.dll
2010-06-19 18:38 . 2010-06-19 18:38 71680 ----a-w- c:\windows\system32\atl.dll
2010-06-19 18:38 . 2010-06-19 18:38 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-06-19 18:37 . 2010-06-19 18:37 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-06-19 18:37 . 2010-06-19 18:37 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-06-19 18:37 . 2010-06-19 18:37 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-06-19 18:37 . 2010-06-19 18:37 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-06-19 18:37 . 2010-06-19 18:37 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-06-19 18:37 . 2010-06-19 18:37 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-06-19 18:36 . 2010-06-19 18:36 268800 ----a-w- c:\windows\system32\es.dll
2010-06-19 18:36 . 2010-06-19 18:36 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-06-19 18:35 . 2010-06-19 18:35 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-19 18:11 . 2010-06-19 18:11 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-06-19 18:10 . 2010-06-19 18:10 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-06-19 18:09 . 2010-06-19 18:09 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-06-19 18:09 . 2010-06-19 18:09 25600 ----a-w- c:\windows\system32\amxread.dll
2010-06-19 18:09 . 2010-06-19 18:09 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-06-19 18:09 . 2010-06-19 18:09 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-06-19 18:09 . 2010-06-19 18:09 37376 ----a-w- c:\windows\system32\printcom.dll
2010-06-19 18:09 . 2010-06-19 18:09 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-06-19 18:09 . 2010-06-19 18:09 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-06-19 18:09 . 2010-06-19 18:09 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-06-19 18:07 . 2010-06-19 18:07 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-06-19 18:07 . 2010-06-19 18:07 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-06-19 18:07 . 2010-06-19 18:07 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-06-19 18:07 . 2010-06-19 18:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-06-19 18:07 . 2010-06-19 18:07 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-19 16:03 . 2010-04-19 08:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-06-19 13:30 . 2010-06-19 13:30 -------- d-----w- c:\program files\VS Revo Group
2010-06-17 10:03 . 2010-06-17 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-11 12:48 . 2010-06-11 21:23 -------- d-----w- c:\users\Ro\AppData\Roaming\Canon
2010-06-09 10:58 . 2010-06-25 10:09 -------- d-----w- c:\users\Giacomino\AppData\Roaming\Canon
2010-06-08 20:14 . 2010-06-08 20:22 -------- d-----w- c:\users\Ro\AppData\Local\Microsoft Games
2010-06-08 12:39 . 2010-06-08 12:39 -------- d-----w- c:\windows\system32\Adobe
2010-06-07 17:43 . 2010-06-21 07:32 -------- d-----w- c:\users\Ro\Tracing
2010-06-07 16:20 . 2010-06-10 10:46 1 ----a-w- c:\users\Ro\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-07 16:20 . 2010-06-07 16:20 -------- d-----w- c:\users\Ro\AppData\Roaming\OpenOffice.org
2010-06-07 14:54 . 2010-06-07 14:54 -------- d-----w- c:\users\Ro\AppData\Local\Mozilla
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- c:\users\Giacomino\AppData\Roaming\Malwarebytes
2010-06-05 09:08 . 2010-06-05 09:08 -------- d-----w- c:\programdata\Malwarebytes
2010-06-03 07:01 . 2010-06-03 07:01 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-06-03 07:01 . 2010-06-03 07:01 29512 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-02 20:42 . 2010-06-21 07:32 1 ----a-w- c:\users\Giacomino\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-02 20:42 . 2010-06-02 20:42 -------- d-----w- c:\users\Giacomino\AppData\Roaming\OpenOffice.org
2010-06-01 17:40 . 2010-06-01 17:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 13:23 . 2010-05-29 13:23 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 11:00 . 2010-05-29 11:00 -------- d-----w- c:\users\Giacomino\AppData\Roaming\InstallShield
2010-05-29 10:47 . 2010-05-29 10:47 -------- d-----w- c:\users\Giacomino\AppData\Roaming\WinBatch
2010-05-29 10:27 . 2010-05-29 10:27 -------- d-----w- c:\program files\CCleaner
2010-05-28 14:40 . 2010-05-28 14:42 -------- d-----w- c:\users\Ro\AppData\Local\Adobe
2010-05-28 14:37 . 2010-05-28 14:37 -------- d-----w- c:\users\Ro\AppData\Local\Hewlett-Packard
2010-05-28 14:25 . 2010-05-28 14:26 -------- d-----w- c:\users\Marisa\AppData\Local\Google
2010-05-28 14:22 . 2010-05-28 14:22 -------- d-----w- c:\users\Marisa\AppData\Roaming\vlc
2010-05-28 14:19 . 2010-06-11 12:24 -------- d-----w- c:\users\Marisa\Tracing
2010-05-28 14:18 . 2010-05-28 14:18 -------- d-----w- c:\users\Marisa\AppData\Local\Mozilla
2010-05-28 14:17 . 2010-05-28 14:17 -------- d-----w- c:\users\Marisa\AppData\Roaming\skypePM
2010-05-28 14:16 . 2010-05-28 14:18 -------- d-----w- c:\users\Marisa\AppData\Roaming\Skype
2010-05-28 14:12 . 2010-05-28 14:12 -------- d-----w- c:\users\Marisa\AppData\Local\Hewlett-Packard
2010-05-28 14:12 . 2010-05-28 14:12 -------- d-----w- c:\users\Marisa\AppData\Roaming\Hewlett-Packard
2010-05-28 14:11 . 2010-05-28 14:11 -------- d-----w- c:\users\Marisa\AppData\Roaming\PCToolsFirewallPlus
2010-05-28 14:11 . 2010-06-01 17:04 77584 ----a-w- c:\users\Marisa\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-28 14:03 . 2006-11-03 08:59 48128 ----a-w- c:\windows\system32\Remove.exe
2010-05-28 14:03 . 2010-05-28 14:03 -------- d-----w- c:\windows\PixArt
2010-05-28 14:03 . 2010-05-28 14:03 -------- d-----w- c:\program files\Common Files\PAC207
2010-05-28 14:03 . 2010-05-28 14:03 -------- d-----w- c:\program files\Trust
2010-05-28 14:03 . 2010-05-28 14:02 9001984 ----a-w- c:\program files\Trust WB-1200p Mini Webcam.msi
2010-05-28 14:02 . 2010-05-28 14:02 -------- d-----w- c:\windows\Downloaded Installations
2010-05-28 13:53 . 2002-05-24 01:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2010-05-28 13:53 . 2002-11-15 08:15 40960 ----a-w- c:\windows\system32\CNQU83.DLL
2010-05-28 13:53 . 2006-10-25 07:43 495616 ----a-w- c:\windows\system32\CNQL1209.DLL
2010-05-28 13:53 . 2002-11-20 13:15 729088 ----a-w- c:\windows\system32\CNQA1209.DLL
2010-05-28 13:53 . 2010-05-28 13:53 -------- d-----w- C:\CanoScan
2010-05-28 13:52 . 2010-05-28 13:52 -------- d--h--w- c:\programdata\CanonBJ
2010-05-28 13:52 . 2006-11-02 09:46 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2010-05-28 13:45 . 2010-05-28 13:50 -------- d-----w- c:\program files\Canon
2010-05-28 13:44 . 2010-05-28 13:44 -------- d-----w- c:\program files\Common Files\Canon
2010-05-28 13:32 . 2010-01-14 14:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-05-28 13:32 . 2010-01-14 14:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-05-28 13:32 . 2010-01-14 14:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-05-28 13:32 . 2010-05-28 13:32 -------- d-----w- c:\program files\ThreatFire
2010-05-28 13:32 . 2010-05-28 13:32 -------- d-----w- c:\programdata\PC Tools
2010-05-28 13:03 . 2010-05-28 13:03 -------- d-----w- c:\program files\VideoLAN
2010-05-28 12:59 . 2010-06-22 18:42 -------- d-----w- c:\users\Giacomino\AppData\Roaming\skypePM
2010-05-28 12:57 . 2010-06-22 19:05 -------- d-----w- c:\users\Giacomino\AppData\Roaming\Skype
2010-05-28 12:56 . 2010-05-28 12:56 -------- d-----w- c:\program files\Common Files\Skype
2010-05-28 12:56 . 2010-05-28 12:57 -------- d-----r- c:\program files\Skype
2010-05-28 12:56 . 2010-05-28 12:56 -------- d-----w- c:\programdata\Skype
2010-05-28 12:46 . 2010-05-28 12:46 -------- d-----w- c:\program files\JRE
2010-05-28 12:45 . 2010-05-28 12:46 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-28 12:32 . 2010-06-25 12:07 -------- d-----w- c:\users\Giacomino\Tracing
2010-05-28 12:31 . 2010-05-28 12:31 -------- d-----w- c:\program files\Microsoft
2010-05-28 12:31 . 2010-05-28 12:31 -------- d-----w- c:\program files\Windows Live SkyDrive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-25 12:07 . 2010-06-01 17:44 64635 ----a-w- c:\programdata\nvModes.dat
2010-06-20 13:46 . 2010-06-20 13:46 72704 ----a-w- c:\windows\system32\admparse.dll
2010-06-20 13:46 . 2010-06-20 13:46 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-20 13:46 . 2010-06-20 13:46 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-06-20 13:45 . 2010-06-20 13:45 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-06-20 13:45 . 2010-06-20 13:45 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-20 13:45 . 2010-06-20 13:45 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-06-19 18:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-19 18:39 . 2010-06-19 18:39 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-06-19 18:34 . 2010-06-19 18:34 696832 ----a-w- c:\windows\system32\localspl.dll
2010-06-19 18:11 . 2010-06-19 18:11 613888 ----a-w- c:\windows\system32\wpd_ci.dll
2010-06-19 18:10 . 2010-06-19 18:10 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-06-19 18:09 . 2010-06-19 18:09 40960 ----a-w- c:\windows\AppPatch\apihex86.dll
2010-06-19 18:08 . 2010-06-19 18:08 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-06-19 18:08 . 2010-06-19 18:08 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-06-19 18:08 . 2010-06-19 18:08 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-06-19 18:08 . 2010-06-19 18:08 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-06-19 18:08 . 2010-06-19 18:08 84480 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-06-19 18:08 . 2010-06-19 18:08 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-06-19 18:08 . 2010-06-19 18:08 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-06-19 18:08 . 2010-06-19 18:08 94720 ----a-w- c:\windows\system32\logagent.exe
2010-06-19 18:08 . 2010-06-19 18:08 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-06-19 18:08 . 2010-06-19 18:08 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-19 18:08 . 2010-06-19 18:08 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-06-08 17:33 . 2007-01-02 05:10 682184 ----a-w- c:\windows\system32\perfh010.dat
2010-06-08 17:33 . 2007-01-02 05:10 114622 ----a-w- c:\windows\system32\perfc010.dat
2010-06-01 17:42 . 2007-01-01 21:13 -------- d-----w- c:\programdata\NVIDIA
2010-05-29 13:23 . 2007-01-01 21:21 -------- d-----w- c:\program files\Common Files\Java
2010-05-29 13:23 . 2007-01-01 21:21 -------- d-----w- c:\program files\Java
2010-05-29 13:13 . 2010-05-28 14:33 77584 ----a-w- c:\users\Ro\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-29 10:55 . 2007-01-01 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-29 10:48 . 2007-01-01 21:19 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-05-28 14:34 . 2010-05-28 14:33 -------- d-----w- c:\users\Ro\AppData\Roaming\PCToolsFirewallPlus
2010-05-28 14:33 . 2010-05-28 14:33 -------- d-----w- c:\users\Ro\AppData\Roaming\Hewlett-Packard
2010-05-28 14:04 . 2007-01-01 21:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-28 14:02 . 2010-05-28 14:03 5186 ----a-w- c:\program files\0x0410.ini
2010-05-28 14:02 . 2010-05-28 14:03 143872 ----a-w- c:\program files\1040.MST
2010-05-28 12:59 . 2010-05-28 12:59 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-05-28 12:20 . 2007-01-01 21:20 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-28 10:58 . 2007-01-01 21:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-28 10:57 . 2007-01-01 21:30 -------- d-----w- c:\programdata\Symantec
2010-05-28 10:11 . 2007-01-01 21:26 -------- d-----w- c:\programdata\Hewlett-Packard
2010-05-28 10:11 . 2010-05-28 10:08 -------- d-----w- c:\users\Giacomino\AppData\Roaming\Hewlett-Packard
2010-05-28 10:06 . 2010-05-28 10:06 1808 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_KQ295AA-ABZ a6442.it_YC_0Pavi_QCZX813_E82ITv3PrA2_49_IBenicia_SPEGATRON CORPORATION_V1.01_B5.21_T080226_WUH0_L410_M3327_J500_7Intel_8Core2 Quad Q6600_92.4_#080601_N10EC8168_Z_G10DE0402.MRK
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Preferiti
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Modelli
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Menu Avvio
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Documenti
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Desktop
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\programdata\Dati applicazioni
2010-05-28 10:02 . 2010-05-28 10:02 -------- d-sh--we c:\program files\File comuni
2010-04-16 20:12 . 2010-04-16 20:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2008-06-01 13:38 . 2010-05-28 10:51 22 --sha-w- c:\windows\SMINST\HPCD.SYS
2007-01-02 05:44 . 2007-01-02 05:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 08:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-02 1232896]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-01-02 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 13789728]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

c:\users\Ro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\users\Giacomino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-28 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-03 242896]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-01-07 233136]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-05-28 916760]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-28 308064]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-23 88040]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-01-12 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-01-07 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-01-13 115216]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]

.
Contenuto della cartella 'Scheduled Tasks'

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3616263833-1863374948-3577338511-1000Core.job
- c:\users\Giacomino\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 11:48]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3616263833-1863374948-3577338511-1000UA.job
- c:\users\Giacomino\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 11:48]

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3616263833-1863374948-3577338511-1001Core.job
- c:\users\Marisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 14:25]

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3616263833-1863374948-3577338511-1001UA.job
- c:\users\Marisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-28 14:25]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=it_it&c=81&bd=Pavilion&pf=desktop
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Giacomino\AppData\Roaming\Mozilla\Firefox\Profiles\x44se1im.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Giacomino\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-25 16:06
Windows 6.0.6000 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'lsass.exe'(744)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'Explorer.exe'(4716)
c:\program files\ThreatFire\TfWah.dll
c:\windows\System32\NLSLexicons0010.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\BatMeter.dll
c:\windows\System32\npmproxy.dll
c:\windows\System32\srchadmin.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2010-06-25 16:13:30
ComboFix-quarantined-files.txt 2010-06-25 14:13

Pre-Run: 386.546.778.112 byte disponibili
Post-Run: 386.542.194.688 byte disponibili

- - End Of File - - 0FBE5BBD7BC7062AFE913AD26A4F8E42
Torna in alto
 
paolopa
Inviato: Saturday, June 26, 2010 6:55:30 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
adesso fai queste operazioni in attesa che r16 ti controlli il log di combo e,se è il caso,ti faccia eseguire uno script(io non sono capace):
Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok.
poi:
Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta
a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie),
registro compreso.
Poi:
Provvedi a svuotare del suo contenuto la cartella Prefetch :
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows,
aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci ESCLUSO LAYOUT(questa la tieni)
conservate al suo interno ( non eliminare la cartella)
SVUOTA IL CESTINO
Poi:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected
combofix e il ripristino di sistema per il momento li tralasciamo in attesa di r16
riferisci come va il pc.
Torna in alto
 
Gjack
Inviato: Sunday, June 27, 2010 10:07:44 AM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
qualcuno cortesemente potrebbe dare una controllatina al log di Combofix e dirmi se nota qualcosa di anomalo riguardo alla schermata blu che mi appare periodicamente?Grazie.
Torna in alto
 
Gjack
Inviato: Tuesday, June 29, 2010 6:17:54 PM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
scusate se insisto,potreste controllarmi il log di Combofix,se c'è qualcosa da correggere,grazie.
Torna in alto
 
paolopa
Inviato: Tuesday, June 29, 2010 6:41:53 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
appena r16 lo vedra' te lo controllera' lui,io posso dirti che non ti ha effettuato eliminazioni,quindi non ha trovato infezioni da eliminare(il che pero' non significa necessariamente che non ce ne siano,per questo aspetto chi ne sa piu' di me), e che non hai l mbr infetto.mbam mi hai detto che non ha trovato nulla,e a tal proposito volevo chiederti se l hai Aggiornato prima e se hai fatto una scansione Completa.dirti di piu' sarebbe voler superare i miei limiti,e non servirebbe a nessuno dei due.
Torna in alto
 
r16
Inviato: Tuesday, June 29, 2010 6:56:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Il log di Combofix, non presenta infezioni.
Le schermate blu, riportano un messaggio, o dei numeri?

Prova a disistallare completamente il Firewall.
Elimina questa voce di HJT:
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
Segui i percorsi, ed elimina le cartelle in rosso:
c:\program files\ThreatFire\TfWah.dll
C:\Program Files\ThreatFire\TFService.exe
Quel programma, fà anche da antivirus.
Forse entra in conflitto con AVG.
Torna in alto
 
Gjack
Inviato: Tuesday, June 29, 2010 7:53:33 PM
Rank: AiutAmico

Iscritto dal : 5/10/2006
Posts: 317
Vi ringrazio a tutti e due,ora provvederò per le rettifiche,buona serata.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pregasi un controllo log Hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.