Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijack pulizia: HA FUNZIONATO! GRAZIE

2 pages: [1] 2
Hijack pulizia: HA FUNZIONATO! GRAZIE Opzioni
Topic Precedente · Topic Sucessivo
sirbardamu
Inviato: Tuesday, November 17, 2009 3:37:11 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
Salve!
A causa dei popup che continuo a ricevere (Favorit), pur utilizzando mozilla, arrivo qui come da procedura richiesta sul sito!!! Copio ed incollo il risultato della scansione di Hijack e resto in attesa per sapere cosa dovrò spuntare ed eliminare per disattivare Favorit che con lo strumento cerca non riesco a localizzare. Resto in attesaWhistle . Grazie.Pray


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.32.03, on 17/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Creative\Software Update 3\SoftAuto.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Logitech\Logitech Vid\Vid.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
C:\documents and settings\mà\impostazioni locali\dati applicazioni\eueud.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmi\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Programmi\oovootb\oovoodx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Programmi\oovootb\oovoodx.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Programmi\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Logitech Vid] "C:\Programmi\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [L09IXLRD_36520531] "C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [eueud] "c:\documents and settings\mà\impostazioni locali\dati applicazioni\eueud.exe" eueud
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_it;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://king.it.msn.com/opengame_play.jsp?language=it&game=magicspinball"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203595095243
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC71BCD-FC34-4C57-A152-809E252F9966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programmi\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 14187 bytes
Torna in alto
 
Sponsor
Inviato: Tuesday, November 17, 2009 3:37:11 PM

 
Torna in alto
 
shapiro
Inviato: Tuesday, November 17, 2009 3:44:50 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

hai qualche infezione da eliminare- il problema dei pop up e' dovuto al virus navipromo


Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

non usare il pc durante la scansione, nemmeno il mouse!
Torna in alto
 
sirbardamu
Inviato: Thursday, November 19, 2009 2:28:02 AM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
Ciao e intanto grazie per esserti offerto di aiutarmi!Boo hoo!
Ho provveduto alla scansione e questo è il report:

ComboFix 09-11-18.06 - mà 19/11/2009 2.03.49.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.2550.1711 [GMT 1:00]
Eseguito da: c:\documents and settings\mà\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\bqxmshod.dat
c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\bqxmshod.exe
c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\bqxmshod_nav.dat
c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\bqxmshod_navps.dat
c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\kegwnb_nav.dat
c:\programmi\WinPCap
c:\programmi\WinPCap\daemon_mgm.exe
c:\programmi\WinPCap\npf_mgm.exe
c:\programmi\WinPCap\rpcapd.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\service.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\nvs2.inf
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2009-10-19 al 2009-11-19 )))))))))))))))))))))))))))))))))))
.

2009-11-18 15:05 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-11-16 23:21 . 2009-11-16 23:21 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-16 23:20 . 2009-11-16 23:20 -------- d-----w- c:\programmi\File comuni\Skype
2009-11-12 02:04 . 2009-11-12 02:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-10 01:33 . 2009-11-10 01:33 -------- d-s---w- c:\documents and settings\LocalService\Preferiti
2009-11-08 23:38 . 2009-11-08 23:38 -------- d-----w- c:\programmi\GammonEmpire
2009-11-08 20:35 . 2009-11-08 20:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TVU Networks
2009-11-08 20:35 . 2009-11-08 20:35 -------- d-----w- c:\windows\system32\TVUAx
2009-11-07 13:14 . 2009-11-07 13:15 1925024 ----a-w- c:\documents and settings\All Users\Dati applicazioni\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-03 18:14 . 2009-11-03 18:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WebcamMax
2009-11-03 17:51 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2009-11-03 17:49 . 2008-03-11 13:14 941784 ----a-w- c:\windows\system32\drivers\CAMTHWDM.sys
2009-11-03 17:49 . 2009-11-03 17:49 -------- d-----w- c:\programmi\WebcamMax
2009-11-03 16:46 . 2009-11-03 16:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EmailNotifier
2009-11-03 16:46 . 2009-11-03 16:46 -------- d-----w- c:\programmi\oovootb
2009-11-03 16:46 . 2009-11-03 16:46 -------- d-----w- c:\programmi\ooVoo
2009-11-03 08:53 . 2009-11-03 08:53 -------- d-----w- c:\programmi\iPod
2009-11-03 08:53 . 2009-11-03 08:53 -------- d-----w- c:\programmi\iTunes
2009-11-03 08:53 . 2009-11-03 08:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-03 08:45 . 2009-11-03 08:45 79144 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-01 12:52 . 2009-11-01 12:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee
2009-10-30 18:05 . 2009-10-30 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\McAfee Security Scan
2009-10-30 18:05 . 2009-10-30 18:05 -------- d-----w- c:\programmi\McAfee Security Scan
2009-10-30 18:05 . 2009-10-30 18:05 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-27 20:28 . 2008-02-15 11:49 188416 ----a-w- c:\windows\system32\igfxres.dll
2009-10-27 20:24 . 2008-02-15 12:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll
2009-10-27 20:24 . 2008-02-15 12:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2009-10-27 20:24 . 2008-02-15 12:12 57344 ----a-w- c:\windows\system32\igxprd32.dll
2009-10-27 20:24 . 2008-02-15 12:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll
2009-10-27 20:24 . 2008-02-15 12:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll
2009-10-27 20:24 . 2008-02-15 12:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll
2009-10-27 20:24 . 2008-03-07 11:56 920088 ----a-w- c:\windows\system32\igxpun.exe
2009-10-27 20:24 . 2009-10-27 20:24 -------- d-----w- C:\Intel
2009-10-26 20:02 . 2009-10-26 20:02 -------- d-----w- c:\programmi\Microsoft CAPICOM 2.1.0.2
2009-10-25 19:36 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2009-10-25 19:36 . 2009-10-25 19:36 -------- d-----w- c:\programmi\Logitech
2009-10-25 19:29 . 2009-10-25 19:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd
2009-10-25 19:26 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-25 19:26 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-25 19:26 . 2009-10-25 19:26 -------- d-----w- c:\programmi\File comuni\logishrd
2009-10-25 19:26 . 2008-04-14 03:13 54784 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-10-25 19:26 . 2008-04-14 03:13 54784 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-10-25 10:41 . 2009-10-25 10:41 -------- d-----w- c:\programmi\Microsoft Student
2009-10-25 10:41 . 2009-10-25 10:41 -------- d-----w- c:\programmi\Learning Essentials
2009-10-23 19:22 . 2009-09-25 17:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-10-23 19:22 . 2009-09-25 17:42 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-10-23 19:22 . 2009-09-25 17:42 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-10-23 19:10 . 2009-10-23 19:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-10-23 19:10 . 2009-10-23 19:10 -------- d-----w- c:\programmi\DAEMON Tools Toolbar
2009-10-23 19:10 . 2009-10-23 19:10 -------- d-----w- c:\programmi\DAEMON Tools Lite
2009-10-22 21:37 . 2009-10-22 21:37 -------- d--h--w- c:\windows\PIF
2009-10-21 15:55 . 2009-10-21 15:55 -------- d-----w- c:\programmi\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 01:11 . 2009-10-25 19:26 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-11-19 01:11 . 2009-10-30 18:07 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-11-17 21:08 . 2005-02-05 04:26 86394 ----a-w- c:\windows\system32\perfc010.dat
2009-11-17 21:08 . 2005-02-05 04:26 494086 ----a-w- c:\windows\system32\perfh010.dat
2009-11-01 13:40 . 2009-09-29 15:20 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-23 19:07 . 2008-06-23 11:07 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-14 12:40 . 2009-10-14 12:40 296280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd\LQCVFX\Filters\VMSEF.dll
2009-10-14 12:37 . 2009-10-14 12:37 6781272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\LogiShrd\LQCVFX\Filters\MMSEF.dll
2009-10-11 03:17 . 2009-05-12 17:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 08:49 . 2009-04-30 22:03 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2009-10-07 08:48 . 2009-04-30 22:02 539160 ------w- c:\windows\system32\LVUI2RC.dll
2009-10-07 08:48 . 2009-04-30 22:02 539160 ------w- c:\windows\system32\LVUI2.dll
2009-10-07 08:47 . 2009-04-30 22:01 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2009-10-07 08:43 . 2009-04-30 21:57 416280 ----a-w- c:\windows\system32\LVCodec2.dll
2009-10-07 08:25 . 2009-04-30 21:40 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2009-10-07 08:24 . 2009-04-30 21:39 34068 ----a-w- c:\windows\system32\Repository.reg
2009-10-07 00:46 . 2009-10-07 00:46 25752 ----a-w- c:\windows\system32\drivers\LVPr2Mon.sys
2009-10-07 00:25 . 2009-10-07 00:25 85302 ----a-w- c:\windows\system32\drivers\LVFeL102.cfg
2009-10-07 00:25 . 2009-10-07 00:25 69592 ----a-w- c:\windows\system32\drivers\LVFaL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25 227172 ----a-w- c:\windows\system32\drivers\LVFeL100.cfg
2009-10-07 00:25 . 2009-10-07 00:25 146680 ----a-w- c:\windows\system32\drivers\LVFeL101.cfg
2009-10-07 00:23 . 2009-10-07 00:23 13584 ----a-w- c:\windows\system32\drivers\iKeyLFT2.dll
2009-10-06 00:52 . 2009-09-29 15:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-06 00:52 . 2009-09-29 15:20 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-10-01 16:21 . 2009-10-01 16:21 -------- d-----w- c:\programmi\PDF Suite
2009-09-29 15:20 . 2009-09-29 15:20 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\id Software
2009-09-26 23:24 . 2009-09-26 23:24 -------- d-----w- c:\programmi\Avira
2009-09-26 23:24 . 2009-09-26 23:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2009-09-25 17:41 . 2009-09-25 17:41 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-09-25 17:41 . 2009-09-25 17:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 17:41 . 2009-09-25 17:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 17:41 . 2009-09-25 17:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 17:41 . 2009-09-25 17:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 17:41 . 2009-09-25 17:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 17:41 . 2009-09-25 17:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-11 15:17 . 2004-08-19 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 22:03 . 2004-08-19 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 21:38 . 2009-08-29 18:44 192673 ----a-w- c:\windows\hpwins20.dat
2009-09-01 21:32 . 2009-09-01 21:29 101580 ----a-w- c:\windows\hpqins01.dat
2009-09-01 21:22 . 2009-09-01 21:17 99379 ----a-w- c:\windows\hpqins11.dat
2009-08-30 17:07 . 2009-08-30 17:03 134899 ----a-w- c:\windows\hpqins00.dat
2009-08-29 08:56 . 2004-08-19 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 22:34 . 2009-08-26 22:32 40960 ----a-w- c:\windows\DelPiv.exe
2009-08-26 09:00 . 2004-08-19 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-01-16 17:40 . 2008-01-16 17:40 1256519 ----a-w- c:\programmi\wrar371it.exe
2006-11-02 21:56 . 2008-02-10 21:08 64000 --sha-w- c:\windows\BricoPacks\SysFiles\71_wmplayer.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\winlogon.exe
[-] 2008-04-14 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-19 . E6F62282EBAA63BA07FA2DC7198B8D0D . 544256 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 663E53939024F3DFBAF00CF44E122898 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-14 . 10AA0E13B4D20EE798E3382C9B89B3E3 . 617472 . . [5.82] . . c:\windows\VistaMizer\old\comctl32.dll
[-] 2008-04-14 . 663E53939024F3DFBAF00CF44E122898 . 724992 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . DC57C1C5D7C651079754D2A6EF247F97 . 724992 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[7] 2004-08-19 . 0FE5F5912C30795C455A9645970E6C7C . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll

[-] 2008-04-14 . 70B14F74A77121FB970692BBAFF64748 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 70D7F99D95615C3C278367756287DB71 . 1036288 . . [6.00.2900.5512] . . c:\windows\VistaMizer\old\explorer.exe
[-] 2008-04-14 . 70B14F74A77121FB970692BBAFF64748 . 1554944 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 21B69AA06FCE941009A3C58DC8E94A5E . 1554432 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . B4E85805BE6D23DE697F7B3BA7492D0B . 1035776 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-19 . 178D42BD8FC34A9837417A6CE1D6BB7B . 1034752 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . F53CDDEF33A4C41336A782BE3D170158 . 15360 . . [5.1.2600.5512] . . c:\windows\VistaMizer\old\ctfmon.exe
[-] 2008-04-14 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-19 . 40DE117B6CCFC031D2DC8B73D82020CF . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\programmi\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\programmi\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\programmi\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-29 68856]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Logitech Vid"="c:\programmi\Logitech\Logitech Vid\Vid.exe" [2009-07-16 5458704]
"L09IXLRD_36520531"="c:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" [2009-03-02 351000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 25088]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-01-09 589824]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"LogitechQuickCamRibbon"="c:\programmi\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"SmartDefrag"="c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 25088]

c:\documents and settings\m…\Menu Avvio\Programmi\Esecuzione automatica\
Logitech . Registrazione prodotti.lnk - c:\programmi\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\m…\Menu Avvio\Programmi\Esecuzione automatica\
Logitech . Registrazione prodotti.lnk - c:\programmi\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\m…\Menu Avvio\Programmi\Esecuzione automatica\
Logitech . Registrazione prodotti.lnk - c:\programmi\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan.lnk - c:\programmi\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]

c:\documents and settings\m…\Menu Avvio\Programmi\Esecuzione automatica\
Logitech . Registrazione prodotti.lnk - c:\programmi\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\AIUTAMICI\\emule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\Programmi\\TavoliVerdi\\TVControllo.exe"=
"c:\\Programmi\\TavoliVerdi\\TavoliVerdi.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\ooVoo\\ooVoo.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Logitech\\Logitech Vid\\Vid.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:Porta TCP ooVoo 443
"443:UDP"= 443:UDP:Porta UDP ooVoo 443
"37674:TCP"= 37674:TCP:Porta TCP ooVoo 37674
"37674:UDP"= 37674:UDP:Porta UDP ooVoo 37674
"37675:UDP"= 37675:UDP:Porta UDP ooVoo 37675

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/05/2009 10.51.09 54752]
S3 CTUPnPSv;Creative Centrale Media Server;c:\programmi\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 13.42.56 64000]
S3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22.48.42 704864]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-19 c:\windows\Tasks\User_Feed_Synchronization-{4AE8DE49-15B5-4E86-ACBE-7E62B19C30DB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]

2009-11-08 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-11-03 08:22]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {4DC71BCD-FC34-4C57-A152-809E252F9966} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\mà\Dati applicazioni\Mozilla\Firefox\Profiles\33rv1nkz.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it
FF - prefs.js: keyword.URL - hxxp://urlseek40.vmn.net/search.php?lg=en&type=dns&tbn=oovoo2_0dn&q=
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\programmi\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-bqxmshod - c:\documents and settings\mà\impostazioni locali\dati applicazioni\bqxmshod.exe
AddRemove-bqxmshod - c:\documents and settings\mà\impostazioni locali\dati applicazioni\bqxmshod.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 02:13
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvs.sys >>UNKNOWN [0x8AAB5938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba16cf28
\Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
\Driver\atapi -> atapi.sys @ 0xb9e03b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9d1dbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d2aa21
SendHandler -> NDIS.sys @ 0xb9d0887b
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9E03B40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9E03B40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9E03B40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9E03B40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9E03B40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9E03B40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3401816449-2844666022-282875758-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E9E33D1A-13DE-B4ED-0179-8AA2A4860AB5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"01400E0900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140A10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140810900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140910900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140AC0900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140210900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140B10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140610900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(880)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\SETUPAPI.dll

- - - - - - - > 'explorer.exe'(160)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Intel\Wireless\Bin\EvtEng.exe
c:\programmi\Intel\Wireless\Bin\S24EvMon.exe
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Creative\Shared Files\CTDevSrv.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programmi\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\HP\Digital Imaging\bin\hpqSTE08.exe
c:\programmi\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-19 02:16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-19 01:16

Pre-Run: 10.184.523.776 byte disponibili
Post-Run: 10.782.769.152 byte disponibili

- - End Of File - - 985FEA0B585CA14DA8334610F915FD26


Una precisazione: dopo il riavvio il mouse nn è entrato in funzione...come mai?
Se hai tempo e voglia mi piacerebbe capire cosa ho fatto e perchè, nel senso di comprendere il senso del report
per quello che posso...Grazie per la pazienza e per il tempo dedicato.
Torna in alto
 
shapiro
Inviato: Thursday, November 19, 2009 11:26:18 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti

controlla se hai questi file

c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\kegwnb.dat

c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\kegwnb.exe

c:\documents and settings\mà\Impostazioni locali\Dati applicazioni\kegwnb_navps.dat


se ne vedi anche uno solo, eliminalo




vai nel pannello di controllo- strumenti - opzioni internet - scheda "contenuto" e cerca i certificati

Electronic-Group certificate

OOO-Favorit certificate

se li vedi, seleziona ed elimina



scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
sirbardamu
Inviato: Friday, November 20, 2009 7:26:09 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
Come da indicazioni ho seguito passo passo quanti mi hai indicato. Solo nella seconda parte ho avuto riscontro(la parte in cui controllo le certificazioni). Passo il risultato della scansione. Resto in attesa per varie ed eventuali, e se hai un po' di tempo e voglia puoi chiarirmi queste operazioni. Grazie.Drool

Malwarebytes' Anti-Malware 1.41
Versione del database: 3200
Windows 5.1.2600 Service Pack 3

20/11/2009 7.42.39
mbam-log-2009-11-20 (07-42-00).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)
Elementi scansionati: 203159
Tempo trascorso: 41 minute(s), 53 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir (Adware.PopCap) -> No action taken.
Torna in alto
 
shapiro
Inviato: Friday, November 20, 2009 7:39:56 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
i certificati che hai controllato(ed eliminato spero) appartengono al virus navipromo

riavvia malwarebytes ed elimina tutto


Installa Ccleaner

http://www.ccleaner.com

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''


Scarica TFC by OldTimer sul desktop
http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "start"
al termine della scansione ti chiederà il riavvio, dai ok



Finite queste operazioni, postami un log aggiornato di hijackthis e dimmi come va ora il pc
Torna in alto
 
sirbardamu
Inviato: Friday, November 20, 2009 10:53:55 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
detto fatto!
ecco il report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.51.47, on 20/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe
C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Creative\Software Update 3\SoftAuto.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Logitech\Logitech Vid\Vid.exe
C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Programmi\oovootb\oovoodx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Programmi\oovootb\oovoodx.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SmartDefrag] "C:\Programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Programmi\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Logitech Vid] "C:\Programmi\Logitech\Logitech Vid\Vid.exe" -bootmode
O4 - HKCU\..\Run: [L09IXLRD_36520531] "C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_it;_rv:1.9.1.5)_Gecko/20091102_Firefox/3.5.5_(.NET_CLR_3.5.30729)" -"http://king.it.msn.com/opengame_play.jsp?language=it&game=magicspinball"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Registrazione prodotti.lnk = C:\Programmi\Logitech\Logitech WebCam Software\eReg.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203595095243
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games – Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab64162.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DC71BCD-FC34-4C57-A152-809E252F9966}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programmi\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 13734 bytes
Torna in alto
 
sirbardamu
Inviato: Friday, November 20, 2009 11:03:30 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
...a proposito! Come va ora il computer?Dancing Nessun problema di finestre che si aprono improvvisamente, si sono velocizzati i passaggi, in parole povere va benissimo! ti ringrazio e...se ti va di farmi una sintesi...resto a in attesa!
Applause Applause Applause
Torna in alto
 
shapiro
Inviato: Friday, November 20, 2009 11:10:10 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
questo programma >>> oovootb lo hai installato tu?

elimina questa riga con hjt


O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)






avevi il virus navipromo che ti apriva le fastidiose pagine, adesso non lo hai piu'....e qualche altra schifezza nel pc(eliminata anche quella)



riguardo combofix, prova solo a disinstallarlo: clicca su start - esegui - digita combofix /u e dai l'ok ... (combofix/[spazio]/u)

elimina da C:\ la cartella qoobox
Torna in alto
 
r16
Inviato: Friday, November 20, 2009 11:16:28 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Se ne impara sempre di nuove.....Whistle
E non lo dico con ironia.
E' la prima volta che sento, che un pc, và bene con l'MBR infetto.
Comunque, fin che la barca và.....
Torna in alto
 
shapiro
Inviato: Friday, November 20, 2009 11:18:53 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ah si scusa....dobbiamo controllare l'MBR.....la stanchezza
Torna in alto
 
shapiro
Inviato: Friday, November 20, 2009 11:21:30 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Scarica MBR:EXE direttamente in C:\

http://www2.gmer.net/mbr/mbr.exe

vai in provvisoria

Da Start - Esegui - digita C:\mbr.exe e clicca su OK (fai copia-incolla) e posta il report che rilascia
Torna in alto
 
sirbardamu
Inviato: Saturday, November 21, 2009 2:19:01 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
Allora, la faccenda si è leggermente ingarbugliata...combo non si fa disinstallare, infatti, provando con quella striga riparte la scansioneEh? !
1- Per ciò che riguarda MBR lanciandolo sia dalla stringa del comando 'esegui' che entrando in C: e lanciandolo da lì il risultato è sempre una finestra -quella che vediamo lanciando da esegui con qualsiasi altro comando - che si apre e si richiude immediatamente!
2- Ho eliminato il file .dat di combo e lo stesso ha fatto con la cartella qoobox.
3- Ovoo è un programma tipo skype che cmq non uso e disinstallerò.
Attendo news...Grazie.
Torna in alto
 
sirbardamu
Inviato: Saturday, November 21, 2009 2:35:19 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
P.S. Dimenticavo! Ho notato che spegnendo il PC si blocca con la schermata "Chiusura di Windows" e allora non mi resta che forzare la chiusura...al riavvio non mi segnala nulla. Penso però che la cosa sia di poco significato...in ogni caso per dovere di cronaca...
Torna in alto
 
shapiro
Inviato: Saturday, November 21, 2009 5:09:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
se non hai scaricato MBR direttamente in C:\ non potrai avere alcun risultato

per la disinstallazione di combofix penseremo dopo, l'importante e' aver eliminato la cartella qoobox

fai questa scansione- combofix segnala l'MBR infetto


Scarica Norman SinowalMBR Cleaner

http://download.norman.no/public/Norman_Sinowal_Cleaner.exe

Avvia il pc in modalità provvisoria.

Doppio click sull'icona di Norman SinowalMBR Cleaner.exe

Clicca su Accept >>> poi su start scan

Al termine della scansione, viene generato un log sul desktop >>> NFix_2008-MM-GG_hh-mm-ss.log

Postalo nel forum
Torna in alto
 
sirbardamu
Inviato: Saturday, November 21, 2009 7:36:47 PM
Rank: Member

Iscritto dal : 11/17/2009
Posts: 17
Fatto! Allora:
1- Avevo scaricato Mbr in c: come da indicazioni
2- Ho scaricato Norman e questo è il report(mi sembra sia tutto in ordine...)

Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600(Safe mode) Service Pack 3
Logged on user: MASSIMOTERESA\mà

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "00 00 00 00 78 01 25 8C 41 0A C0 20 0C 04 FB 1E 0F FD 83 8A 34 42 23 D2 04 ED CD 8F F4 F1 DD 6D 2F C3 30 64 13 F6 2C FA 84 7D 24 03 4D C8 DA 2A 3C 45 07 F5 CA A0 38 6F C4 E3 E7 EC D1 3A 7C A4 02 4E 13 32 B1 FB 4D FE 2B B5 03 3D 1B 3F AC B5 E8 8D 7F BA 70 5B F4 44 69 D3 B6 17 " -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 21/11/2009 17:44:00

Scanning bootsectors...

Unable to scan for SinowalMBR hooks

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 672ms


Scanning running processes and process memory...

Number of processes/threads found: 600
Number of processes/threads scanned: 600
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 23s


Scanning file system...

Scanning: C:\*.*

Scanning: D:\*.*

Scanning: F:\*.*


Running post-scan cleanup routine:

Number of files found: 113854
Number of archives unpacked: 6351
Number of files scanned: 113833
Number of files not scanned: 21
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 1h 23m 56s
Torna in alto
 
shapiro
Inviato: Saturday, November 21, 2009 7:43:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
mi riesegui solo per precauzione questo comando?

vai in provvisoria

Start - Esegui - digita C:\mbr.exe -f e clicca su OK ( Per non sbagliare a digitare il comando, fai copia-incolla.)

Postami il risultato
Torna in alto
 
simo95
Inviato: Saturday, November 21, 2009 7:48:03 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Comunque è normale che la finestra scompaia subito.
Posta il log che trovi in C:\mbr.log
Torna in alto
 
shapiro
Inviato: Saturday, November 21, 2009 7:50:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao simo95 tutto bene?
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Hijack pulizia: HA FUNZIONATO! GRAZIE


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.