Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

ma sono sicuro Opzioni
arneisflek
Inviato: Friday, April 16, 2010 9:51:25 AM

Rank: Member

Iscritto dal : 4/13/2010
Posts: 18
d'oh!
Ciao supermaster dell' IT...
io ho grossi dubbi sulla sicurezza del mio PC, worm,spy,malware o altro
... e continuamente tracking cookie rilevati da AVG
ho effettuato diverse pulizie con spybot spy terninator, mlm.....
ora ho creato un file log con hjackthis ela sua funzione adspy che mi ha fatto una sparata
posso inserirle sul forum per ascoltare consigli su come procedere
ciao
grazie


adesso sono al lavoro non sul mio pc di casa
questa sera inserisco entrambi i log sul forum
grazie in anticipo

ecco che piazzo i log di hjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:15, on 16/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Users\alessio\AppData\Local\Temp\wze4d2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A794BF72-7A62-4DA6-9D4E-9852207BD12A}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe

--
End of file - 7975 bytes

questo invece il report che mi ha tirato fuori il programma TFC
chiedendomi se volevo toglerli


C:\PerfLogs\System\Diagnostics\ALESSIO-PC_20100403-000001\report.xml : Qgrg2rf1Znaluncm1kfl1xla5h (136 bytes)
C:\PerfLogs\System\Diagnostics\ALESSIO-PC_20100403-000002\report.xml : Qgrg2rf1Znaluncm1kfl1xla5h (136 bytes)
C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\Users\alessio\AppData\Roaming\default.rss : OECustomProperty (143 bytes)
C:\Users\alessio\Desktop\erika\CV Erika\2010 sommarjobb Bombardier\Fw_ Sommarjobb.eml : OECustomProperty (1151 bytes)
C:\Users\alessio\Favorites\alessio\alpinismo Vie ferrate, SciAlpinismo, Vie classiche in Dolomiti.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\GUARDAFILM Film Streaming in Italiano Gratis! - AL CINEMA (2).url : favicon (5686 bytes)
C:\Users\alessio\Favorites\alessio\InfoJobs.it - Trovare lavoro non è mai stato così facile. Offerte di lavoro in tutta Italia.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\METEO Previsioni del Tempo Italia ed Europa IL METEO.IT.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\Rintraccio Veicoli Intestati - Ordina on line.url : favicon (3638 bytes)
C:\Users\alessio\Favorites\alessio\Skiinfo - Bollettino Neve - Previsioni Meteo - Sci e Snowboard - Vacanze Montagna.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\alessio\UPPA - Un pediatra per Amico, Nel prossimo numero di UPPA.url : favicon (113 bytes)
C:\Users\alessio\Favorites\download\Ad-Aware Free - Download security software for spyware removal - Lavasoft.url : favicon (318 bytes)
C:\Users\alessio\Favorites\download\Antispyware gratis programmi.url : favicon (5430 bytes)
C:\Users\alessio\Favorites\download\Free Download Manager - absolutely free download accelerator and manager.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\download\IlSoftware.it - Pagina di download Empty Temp Folders 2.8.3.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\download\Photoshop Download Scaricare Photoshop Gratis.url : favicon (318 bytes)
C:\Users\alessio\Favorites\download\Sicurezza - Download - UpYou.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\download\Supporto Tecnico Enterprise Sicurezza - Aggiornamento riguardo al Worm Win32-Conficker.B.url : favicon (25214 bytes)
C:\Users\alessio\Favorites\download\Vir.IT eXplorer PRO by TG Soft - Download page Vir.IT eXplorer LITE 6.6.url : favicon (7358 bytes)
C:\Users\alessio\Favorites\download\Vista Services Optimizer - Download Gratis Software Ottimizzazione PC Free.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\Links\Alice Mail e-mail gratis e posta elettronica sicura.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\svezia\Camera di commercio di Torino - Export.url : favicon (5430 bytes)
C:\Users\alessio\Favorites\svezia\EUROPA - EURES - Candidati alla ricerca di un impiego - IL TUO PRIMO LAVORO ALL’ESTERO.url : favicon (766 bytes)
C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)
C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)
C:\Windows\PLA\System\System Diagnostics.xml : 0v1ieca3Feahez0jAwxjjk5uRh (6312 bytes)
cancello tutto o solo alcuni???
grazie in anticipo dei suggerimenti


Sponsor
Inviato: Friday, April 16, 2010 9:51:25 AM

 
paolopa
Inviato: Friday, April 16, 2010 9:54:52 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
si,ma se non posti il log....
monsee
Inviato: Friday, April 16, 2010 2:14:43 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
I "tracking-cookie" sono inevitabili (te li piazzano i siti che man mano visiti!)... Puoi eliminarli e basta (io faccio così), ma non li puoi evitare (a meno di NON navigare affatto!)...
arneisflek
Inviato: Sunday, April 18, 2010 11:02:24 PM

Rank: Member

Iscritto dal : 4/13/2010
Posts: 18
ecco che piazzo i log di hjack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:22:15, on 16/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Users\alessio\AppData\Local\Temp\wze4d2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A794BF72-7A62-4DA6-9D4E-9852207BD12A}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Rezip - Unknown owner - C:\windows\SYSTEM32\Rezip.exe

--
End of file - 7975 bytes

questo invece il report che mi ha tirato fuori il programma TFC
chiedendomi se volevo toglerli


C:\PerfLogs\System\Diagnostics\ALESSIO-PC_20100403-000001\report.xml : Qgrg2rf1Znaluncm1kfl1xla5h (136 bytes)
C:\PerfLogs\System\Diagnostics\ALESSIO-PC_20100403-000002\report.xml : Qgrg2rf1Znaluncm1kfl1xla5h (136 bytes)
C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\Users\alessio\AppData\Roaming\default.rss : OECustomProperty (143 bytes)
C:\Users\alessio\Desktop\erika\CV Erika\2010 sommarjobb Bombardier\Fw_ Sommarjobb.eml : OECustomProperty (1151 bytes)
C:\Users\alessio\Favorites\alessio\alpinismo Vie ferrate, SciAlpinismo, Vie classiche in Dolomiti.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\GUARDAFILM Film Streaming in Italiano Gratis! - AL CINEMA (2).url : favicon (5686 bytes)
C:\Users\alessio\Favorites\alessio\InfoJobs.it - Trovare lavoro non è mai stato così facile. Offerte di lavoro in tutta Italia.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\METEO Previsioni del Tempo Italia ed Europa IL METEO.IT.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\alessio\Rintraccio Veicoli Intestati - Ordina on line.url : favicon (3638 bytes)
C:\Users\alessio\Favorites\alessio\Skiinfo - Bollettino Neve - Previsioni Meteo - Sci e Snowboard - Vacanze Montagna.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\alessio\UPPA - Un pediatra per Amico, Nel prossimo numero di UPPA.url : favicon (113 bytes)
C:\Users\alessio\Favorites\download\Ad-Aware Free - Download security software for spyware removal - Lavasoft.url : favicon (318 bytes)
C:\Users\alessio\Favorites\download\Antispyware gratis programmi.url : favicon (5430 bytes)
C:\Users\alessio\Favorites\download\Free Download Manager - absolutely free download accelerator and manager.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\download\IlSoftware.it - Pagina di download Empty Temp Folders 2.8.3.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\download\Photoshop Download Scaricare Photoshop Gratis.url : favicon (318 bytes)
C:\Users\alessio\Favorites\download\Sicurezza - Download - UpYou.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\download\Supporto Tecnico Enterprise Sicurezza - Aggiornamento riguardo al Worm Win32-Conficker.B.url : favicon (25214 bytes)
C:\Users\alessio\Favorites\download\Vir.IT eXplorer PRO by TG Soft - Download page Vir.IT eXplorer LITE 6.6.url : favicon (7358 bytes)
C:\Users\alessio\Favorites\download\Vista Services Optimizer - Download Gratis Software Ottimizzazione PC Free.url : favicon (1406 bytes)
C:\Users\alessio\Favorites\Links\Alice Mail e-mail gratis e posta elettronica sicura.url : favicon (1150 bytes)
C:\Users\alessio\Favorites\svezia\Camera di commercio di Torino - Export.url : favicon (5430 bytes)
C:\Users\alessio\Favorites\svezia\EUROPA - EURES - Candidati alla ricerca di un impiego - IL TUO PRIMO LAVORO ALL’ESTERO.url : favicon (766 bytes)
C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)
C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)
C:\Windows\PLA\System\System Diagnostics.xml : 0v1ieca3Feahez0jAwxjjk5uRh (6312 bytes)
cancello tutto o solo alcuni???
grazie in anticipo dei suggerimenti
paolopa
Inviato: Monday, April 19, 2010 6:30:55 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
scusa cosa é "tfc"?se quelli sono gli ads che ti ha rilevato hijack selezionali tutti e cancellali,provvedera' il programma a cancellare solo le infezioni.
jessy42
Inviato: Monday, April 19, 2010 6:47:36 AM

Rank: AiutAmico

Iscritto dal : 4/17/2010
Posts: 607
No ,che cancelli tutti...ma scherzi?
Anzi fai attenzione a quello che cancelli che potresti avere problemi di instabilità del sistema e quindi ti suggerisco vivamente di fare una copia di backup del tuo sistema prima di cancellare qualsiasi cosa.

Ad ogni modo devi cancellare tutti questi :

C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)
C:\Users\All Users\Temp : 4CF61E54 (124 bytes)
C:\Users\All Users\Temp : 5C5A503E (143 bytes)
C:\Users\All Users\Temp : A42A9F39 (129 bytes)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes)
C:\Users\All Users\Temp : ABE89FFE (130 bytes)
C:\Users\All Users\Temp : DFC5A2B2 (121 bytes)
C:\Users\All Users\Temp : E1F04E8D (143 bytes)

C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\ProgramData\Temp : 4CF61E54 (124 bytes)
C:\ProgramData\Temp : 5C5A503E (143 bytes)
C:\ProgramData\Temp : A42A9F39 (129 bytes)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes)
C:\ProgramData\Temp : ABE89FFE (130 bytes)
C:\ProgramData\Temp : DFC5A2B2 (121 bytes)
C:\ProgramData\Temp : E1F04E8D (143 bytes)
C:\Users\alessio\AppData\Roaming\default.rss : OECustomProperty (143 bytes)

paolopa
Inviato: Monday, April 19, 2010 8:42:54 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
@jessy42:forse hai letto male quanto ho scritto...te lo evidenzio meglio,cosi' non scrivi cose inesatte.
se quelli sono gli ads rilevati con il programma hijack selezionali e cancellali tutti!
la procedura per eliminare gli ads è questa:
Lancia Hijackthis e pulisci gli ADS in questo modo:
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
clicca su Scan.
Aspetta pazientemente la fine della scansione.
se venissero rilevati ADS, spunta tutte (senza paura) le caselline e clicca su
Remove selected
spero di essere stato piu' chiaro.

http://forum.aiutamici.com/yaf_postst66834_ADS-ma-sono-questi.aspx
arneisflek
Inviato: Monday, April 19, 2010 2:41:34 PM

Rank: Member

Iscritto dal : 4/13/2010
Posts: 18
ok grazie mille ho fatto tutto quello che mi avete suggerito....
mi rimane la domanda......il lofile di hijack sono puliti?
ho provato a ripassare spybot e mi trova"doubleclick" & "drivercleaner"
malwarebytes mi ha trovato infezioni e le ha cancellate
devo magari rifare una scansione con hijack e rimetterla qui?
Ultimo quesito un amico mi ha suggerito di usare combofix gira anche su windows7 a 32 bit...
ho letto la guida e lo presenta come un programma da ultima spiaggia...
grazie

PS io sono un po' timoroso

ciaociao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.