Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » file log hijackthis

3 pages: 1 [2] 3
file log hijackthis Opzioni
Topic Precedente · Topic Sucessivo
pidue
Inviato: Saturday, July 31, 2010 2:06:29 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ok, adesso riavvia MBAM, seleziona le voci trovate e clicca su Rimuovi selezionati.
Guarda questa figura.
Posta poi un log aggiornato di HJTH.
Dovresti dirmi se hai notato miglioramenti.


giullare ha scritto:
siccome mi piace controllarle le cose che scrivo ho attivato il teatimer in spybot,e mi appare questa riga nel report di hijack:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
riga regolarmente sparita,senza spegnere e riaccendere o riavviare il pc,dopo la disabilitazione del teatimer secondo le indicazioni del link sopra postato.chiunque puo' fare la prova,non credo che il mio pc sia speciale.e credo che anche le precedenti versioni di spybot agissero nel solito modo,almeno guardando la data nel link sopra riportato,questo per concludere l argomento.


Non ricominciamo con le polemiche.
Non è questo che voleva sapere zorobabele.
Capisci perchè a qualcuno viene voglia di stare lontano da questa sezione?
Torna in alto
 
giullare
Inviato: Saturday, July 31, 2010 2:14:55 PM
Rank: AiutAmico

Iscritto dal : 4/3/2010
Posts: 127
quali polemiche??!!avete parlato di disinstallare il teatimer,e facevate fare un lavoro di disinstalla-reinstalla perfettamente inutile,io ho dato un informazione che è stata contestata velatamente e subdolamente,siccome penso che sia di pubblica utilita' l ho ribadita.perchè non l hai scritto a monsee di non fare polemiche visto il link esplicativo che avevo postato?
Torna in alto
 
sioux
Inviato: Saturday, July 31, 2010 2:29:31 PM
Rank: AiutAmico

Iscritto dal : 1/5/2008
Posts: 2,335
Dai, Giullare; giù la maschera.
Osservo i tuoi interventi in questa sezione: tu non aiuti quasi mai direttamente l'utente che ha il problema. Ti limiti (!) a commentare i consigli di chi ha le palle per darli di persona.
Sei un moderatore frustrato.
Torna in alto
 
zorobabele
Inviato: Saturday, July 31, 2010 3:28:05 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.16.52, on 31/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Glary Utilities\memdefrag.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Acer\AcerSync\AcerSyncService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\NclBTHandler.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0\bin\jusched.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_SB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Programmi\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CrystalDiskInfo] "C:\Documents and Settings\Compaq_Proprietario\Documenti\Download\CrystalDiskInfo3_6_4\DiskInfo.exe" /Startup
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open With JPEGCompress - res://C:\Programmi\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AcerSyncServiceWinService - Unknown owner - C:\Programmi\Acer\AcerSync\AcerSyncService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10884 bytes
fatta scansione stavo cofrontando la figura speditami x eliminare i file è uscita la scritta file eliminati con successo cliccando su ok si è spento e riacceso. Per il momento non posso dire se è migliorato devo ancora rendermene conto, appena possibile ti avviso. riguardo a spybot meglio che scarichi una versione + aggioirnata e lo reinstalli?
Torna in alto
 
pidue
Inviato: Saturday, July 31, 2010 4:11:50 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Disattiva il Ripristino configurazione di sistema:
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Parti in modalità provvisoria:
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Avvia HijackThis, premi il tasto Do a system scan only e fixa le seguenti righe (taso Fix Checked)

O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CrystalDiskInfo] "C:\Documents and Settings\Compaq_Proprietario\Documenti\Download\CrystalDiskInfo3_6_4\DiskInfo.ex e" /Startup
O8 - Extra context menu item: Open With JPEGCompress - res://C:\Programmi\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm (file missing)--------------------------------------------------------------------------------------------------------------------------------------
Vai nel pannello di controllo, disinstalla JRE 1.5.0 ormai scaduto e installa la versione aggiornata da qui.
http://www.aiutamici.com/software?ID=11134

Scarica CCleaner da qui:
http://www.aiutamici.com/software?ID=11223
e pulisci il computer. Lascia le impostazioni di default.
Riposta un log aggiornato.
Torna in alto
 
zorobabele
Inviato: Saturday, July 31, 2010 11:57:41 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.44.28, on 31/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Acer\AcerSync\AcerSyncService.exe
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Glary Utilities\memdefrag.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_SB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Programmi\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save Flash - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Save YouTube Video - res://C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/217
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D13AEA15-BF64-41DC-B297-38AFF6805B3B}: NameServer = 62.211.69.150 212.48.4.15
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AcerSyncServiceWinService - Unknown owner - C:\Programmi\Acer\AcerSync\AcerSyncService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8840 bytes
dopo parecchi accendi e spegni si sono ripresentati addrepley e newtopic che prima erano spariti e usciva la scritta devi registrarti questo è uno dei problemi che spesso succedono per questo dicevo +su che a ogni accensione c,è qualcosa che cambia enon so come meglio spiegare.questo il log dopo le operazioni suggerite da pidue grazie
Torna in alto
 
monsee
Inviato: Sunday, August 01, 2010 2:11:35 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Sicuro della grafia?
addrepley
newtopic
Puoi darci il messaggio COMPLETO che ti appare?
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 9:08:20 AM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
quando succede spariscono i due pulsanti sia in cima alla videata che alla fine addreply-newtopic ,non esce la scritta Risposta veloce e mostra risposta veloce sotto l'ultimo post e sotto la dicitura salta al forum le opzioni sonotutte disabilitate. vado in opzioni incima alla videata scelgo invia topic via email esce la scritta devi esser registrato a questo punto non è possibile comunicare.
Torna in alto
 
pidue
Inviato: Sunday, August 01, 2010 10:18:19 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Senti, sei sicuro di aver eliminato quello che ti aveva rilevato MBAM? IO non tanto.
Rifai una scansione completa, rimuovi tutto quello che ti trova e posta il log che ti sarà rilasciato.

Non mi è chiara faccenda dei pulsanti che vanno e vengono ... Hai problemi anche su altri siti o solo su Aiutamici?
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 11:42:16 AM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
pidue hai postato un messaggio alle 10.18.19 ero fuori casa l adesso ho acceso il pc sono nel forum però il tuo messaggio non si vede lo stò vedendo dal videofonino.gli ultimi post sono: monsee alle 1/8/2010 alle 2.11.35 e il mio in risposta alle1/8/2010 poi niente. ho controllato il post del log ultimo spedito la lista dei fail da fixare quelli che tu mi hai indicato non ci sono più da quello che vedo.nella videata di adessoi nel riquadro sopra rankdove di solito c,è la foto non appare niente. non ho più parole
Torna in alto
 
pidue
Inviato: Sunday, August 01, 2010 12:30:39 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
zorobabele ha scritto:
pidue hai postato un messaggio alle 10.18.19 ero fuori casa...non ho più parole


... nemmeno io. Think
Hai rifatto scansione con MBAM?
Torna in alto
 
monsee
Inviato: Sunday, August 01, 2010 12:32:31 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
zorobabele ha scritto:
quando succede spariscono i due pulsanti sia in cima alla videata che alla fine addreply-newtopic ,non esce la scritta Risposta veloce e mostra risposta veloce sotto l'ultimo post e sotto la dicitura salta al forum le opzioni sonotutte disabilitate. vado in opzioni incima alla videata scelgo invia topic via email esce la scritta devi esser registrato a questo punto non è possibile comunicare.

Ma tu stai parlando della pagina specifica del nostro Forum... NON di qualcosa che ti appare sul desktop!
Lasciamo stare, al momento, come ti appare il Forum (domanda: che browser stai usando? Che firewall hai installato, al momento?)... ci penseremo dopo.
Il computer (quando NON sei collegato a questo Forum) come funziona?
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 1:17:26 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4373

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/08/2010 13.03.46
mbam-log-2010-08-01 (13-03-46).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 199750
Tempo trascorso: 32 minuti, 23 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
si pagina specifica del forum.
Torna in alto
 
pidue
Inviato: Sunday, August 01, 2010 1:24:27 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Prova così:
Chiudi tutte lefinestre Internet, poi riaprilo, vai su Strumenti >> Opzioni Internet >> Avanzate >> Reimposta.
Riavvia IE e vedi cosa succede.
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 2:15:02 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
uso sempre firefox 3.6.6. L'operazione comunque in IE l'ho fatta. sono poi entrato in avanzate di fireox ma li è tutto diverso.
Torna in alto
 
monsee
Inviato: Sunday, August 01, 2010 5:47:40 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
zorobabele ha scritto:
uso sempre firefox 3.6.6. L'operazione comunque in IE l'ho fatta. sono poi entrato in avanzate di fireox ma li è tutto diverso.

Perdona la domanda: perché non hai aggiornato Firefox alla versione 3.6.8? (che è quella attuale)
Altra domanda: il tuo Java Runtime è quello aggiornato? (scusa, ma sto cercando di farmi un'idea di quale potrebbe essere la causa dei problemi che segnali)...

Mi sembra di vedere, inoltre, che nell'ultimo LOG che hai postato, sono ancora presenti le voci:

C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe

... che (ma aspetta conferma da Pidue, al riguardo) sarebbe forse meglio procedere a "fixare".
Torna in alto
 
pidue
Inviato: Sunday, August 01, 2010 7:32:43 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Dal momento che MBAM ti ha dato una bella ripulita e siccome i problemi rimangono, proviamo com ComboFix.
Se nemmeno ComboFix risolverà, dovrai reinstallare Windows.

Scarica Combofix da qui e salvalo sul desktop.
Per usare ComboFix, devi chiudere tutte le applicazioni aperte e disconnerti dalla rete.
Se usi il Firewall di Windows, disattivalo momentaneamente.

Lancia ComboFix con un doppio clic, mentre fa la scansione non muovere nemmeno il mouse.
Se ti verrà chiesto di nstallare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
Attendi la fine della scansione.
Al termine verrà prodotto un log (un file in formato testo) in C:
Si chiama ComboFix.txt. Tu dovrai postarlo qui.
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 9:04:04 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.38.42, on 01/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEButton Class - {F81D52BF-F2F1-4F49-BF5F-05664E803039} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_SB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Programmi\Glary Utilities\memdefrag.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Programmi\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AcerSyncServiceWinService - Unknown owner - C:\Programmi\Acer\AcerSync\AcerSyncService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programmi\Macrium\Reflect\ReflectService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7081 bytes
fixato quello sgnalato da mosee poi c'ere ancora04 hklm\...\run: (NvCplDaemon) RUNDLL32.EXEC:WINDOVS\system32\NvCpl.dll,NvStartup questo l'ho fixato 4 volte in modalità provvisoria spero sia definitivamente cancellato.scarcato firefox3.6.8 che sto usando.java Runtime (TM96update 21già inst. da ieri. ora procedo come suggerito
Torna in alto
 
monsee
Inviato: Sunday, August 01, 2010 9:10:11 PM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Bene, ora tocca a ComboFix (segui alla lettera le istruzioni di Pidue).
Facciamo il tifo per te, forza.

PS: i LOGs (se e quando ti servirà) falli sempre in Modalità Normale. Non serve assolutamente a niente, farli in Modalità Provvisoria.
Torna in alto
 
zorobabele
Inviato: Sunday, August 01, 2010 11:43:16 PM

Rank: AiutAmico

Iscritto dal : 2/11/2010
Posts: 174
ComboFix 10-07-31.04 - Compaq_Proprietario 01/08/2010 23.22.12.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1534.1010 [GMT 2:00]
Eseguito da: c:\documents and settings\Compaq_Proprietario\Documenti\Download\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Proprietario\Dati applicazioni\EurekaLog
c:\documents and settings\Compaq_Proprietario\Documenti\A0042534.dll
c:\windows\system32\Thumbs.db
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-07-01 al 2010-08-01 )))))))))))))))))))))))))))))))))))
.

2010-08-01 13:28 . 2010-08-01 13:51 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-07-31 19:55 . 2010-07-31 19:55 -------- d-----w- c:\programmi\File comuni\Java
2010-07-31 18:10 . 2010-07-31 18:10 -------- d-----w- c:\programmi\CCleaner
2010-07-31 09:54 . 2010-07-31 09:54 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Malwarebytes
2010-07-31 09:53 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 09:53 . 2010-07-31 09:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-07-31 09:53 . 2010-07-31 09:54 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-07-31 09:53 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 22:05 . 2010-07-29 16:01 85464 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\6iu7pzsf.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
2010-07-30 22:05 . 2010-07-29 16:01 38872 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\6iu7pzsf.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINCE\components\WeaveCrypto.dll
2010-07-30 21:56 . 2010-07-30 21:56 388096 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-30 21:11 . 2010-07-30 21:11 -------- d-----w- c:\programmi\Trend Micro
2010-07-30 17:00 . 2010-07-30 17:02 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\dvdcss
2010-07-26 20:10 . 2004-08-19 03:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-07-26 20:10 . 2004-08-19 03:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-07-26 20:10 . 2004-08-19 03:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-07-26 20:10 . 2004-08-19 03:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-07-26 20:10 . 2004-08-19 03:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-07-25 14:17 . 2010-07-25 14:17 -------- d-----w- c:\programmi\eMule
2010-07-25 13:04 . 2010-07-25 13:04 -------- d-----w- c:\programmi\uTorrent
2010-07-25 13:03 . 2010-08-01 21:20 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\uTorrent
2010-07-24 22:50 . 2010-07-24 22:50 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\WinBatch
2010-07-24 19:50 . 2010-07-24 19:50 -------- d-----w- c:\programmi\LSI SoftModem
2010-07-24 17:42 . 2005-10-31 17:17 135168 ------w- c:\windows\system32\RtlCPAPI.dll
2010-07-24 17:42 . 2005-07-15 15:48 40960 ------w- c:\windows\system32\ChCfg.exe
2010-07-24 17:42 . 2006-03-02 19:13 360448 ------w- c:\windows\RtlUpd.exe
2010-07-24 17:42 . 2010-07-24 17:42 -------- d-----w- c:\programmi\Realtek
2010-07-24 17:42 . 2005-04-16 21:20 487424 ------w- c:\windows\RtlExUpd.dll
2010-07-24 13:39 . 2010-07-24 13:39 10134 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-07-24 00:04 . 2010-01-12 07:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-07-24 00:04 . 2010-01-07 09:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-07-24 00:03 . 2010-01-13 06:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-07-24 00:03 . 2010-07-25 16:37 -------- d-----w- c:\programmi\PC Tools Firewall Plus
2010-07-23 23:32 . 2010-02-05 07:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-07-23 23:32 . 2010-03-29 08:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-07-23 23:32 . 2009-11-23 11:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-07-23 22:54 . 2008-04-14 02:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-23 06:34 . 2010-07-23 06:34 -------- d-----w- c:\documents and settings\LocalService\Menu Avvio
2010-07-22 20:29 . 2010-07-22 20:45 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Contacts
2010-07-21 22:21 . 2010-07-24 00:05 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\PCToolsFirewallPlus
2010-07-21 22:20 . 2010-07-21 22:20 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Spam Monitor
2010-07-21 22:17 . 2010-01-07 09:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-07-21 22:16 . 2010-07-24 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2010-07-21 22:16 . 2010-07-23 20:28 -------- d-----w- c:\programmi\PC Tools Internet Security
2010-07-20 18:58 . 2010-07-20 18:58 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Acer
2010-07-20 18:57 . 2010-07-20 18:57 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\ADDP
2010-07-20 17:48 . 2009-05-07 09:03 307200 ----a-w- c:\windows\system32\AscSQLite.dll
2010-07-20 17:48 . 2008-11-06 14:04 36864 ----a-w- c:\windows\system32\ascbalon.dll
2010-07-20 17:48 . 2008-11-06 14:04 20480 ----a-w- c:\windows\system32\SysRestore.dll
2010-07-20 17:48 . 2009-04-15 16:50 217088 ----a-w- c:\windows\system32\AscConTest.dll
2010-07-20 17:48 . 2010-07-20 23:02 -------- d-----w- c:\programmi\Ascentive
2010-07-18 22:41 . 2010-07-18 22:41 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WinMaximizer
2010-07-18 22:39 . 2009-08-14 15:08 105984 ----a-w- c:\windows\system32\drivers\qcusbser.sys
2010-07-18 22:39 . 2010-07-18 22:39 -------- d-----w- c:\programmi\Microsoft Sync Framework
2010-07-18 16:30 . 2010-07-18 16:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Mender
2010-07-18 15:22 . 2010-07-18 15:22 -------- d-----w- c:\programmi\File comuni\eSellerate
2010-07-18 15:22 . 2010-07-18 15:22 -------- d-----w- C:\E-Zsoft
2010-07-18 15:22 . 2010-07-18 15:22 -------- d-----w- c:\programmi\E-Zsoft
2010-07-18 00:17 . 2010-07-18 00:17 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\com.neurospeech.wsclient.suite
2010-07-18 00:17 . 2010-07-18 00:17 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2010-07-17 13:56 . 2010-07-18 22:39 -------- d-----w- c:\programmi\Acer
2010-07-15 19:09 . 2010-07-23 22:39 -------- d-----w- c:\programmi\JPEGCompress
2010-07-13 22:12 . 2010-07-13 22:12 -------- d-----w- c:\windows\small photos
2010-07-13 21:54 . 2010-07-13 21:54 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Stormdance
2010-07-13 21:54 . 2010-07-13 21:54 -------- d-----w- c:\programmi\PhotoRazor
2010-07-13 06:12 . 2010-07-13 06:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2010-07-13 00:00 . 2010-07-13 00:00 43646 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_E8107429428345802769A1.exe
2010-07-13 00:00 . 2010-07-13 00:00 43646 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_D707CE1C009F1381803C2C.exe
2010-07-13 00:00 . 2010-07-13 00:00 43646 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_21F3885A18D238E15AAE81.exe
2010-07-13 00:00 . 2010-07-13 00:00 43646 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_01A0E73821A82CA3751F06.exe
2010-07-13 00:00 . 2010-07-13 00:00 29926 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_7D9DC4673740B3F1827A58.exe
2010-07-13 00:00 . 2010-07-13 00:00 109534 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{08B14AF7-8C27-4D4F-A40A-1384B9E636A1}\_6FEFF9B68218417F98F549.exe
2010-07-13 00:00 . 2010-07-13 00:00 -------- d-----w- c:\programmi\Macrium
2010-07-12 19:32 . 2010-07-12 19:32 -------- d-----w- C:\I386
2010-07-12 19:30 . 2010-07-12 19:30 -------- d-----w- C:\temp
2010-07-11 16:54 . 2010-07-11 16:54 5440 ----a-r- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Microsoft\Installer\{8FC72000-88A0-4B41-82B8-8905D4AA904C}\spy.exe
2010-07-11 16:54 . 2010-07-11 16:54 -------- d-----w- C:\Msispy
2010-07-11 16:28 . 2010-07-11 16:28 -------- d-----w- C:\MsiIntel.SDK
2010-07-08 07:03 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-07-08 07:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-07-08 07:00 . 2010-07-08 07:00 -------- d-----w- C:\1f58733359d726de6af17be1ea0a2713
2010-07-08 07:00 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-07-08 07:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-07-08 07:00 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-07-08 07:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-07-08 07:00 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-07-08 07:00 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-07-08 07:00 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-07-08 07:00 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-07-07 20:40 . 2010-07-07 20:40 -------- d-----w- c:\windows\Performance
2010-07-07 20:40 . 2010-07-07 20:40 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft Corporation
2010-07-06 20:41 . 2010-07-14 19:45 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\IObit
2010-07-05 20:42 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-07-03 14:22 . 2010-07-03 14:22 -------- d-----w- c:\programmi\PC Inspector File Recovery
2010-07-03 09:58 . 2010-08-01 21:15 -------- d-----w- c:\windows\system32\CatRoot2
2010-07-02 22:17 . 2010-07-02 22:18 -------- d-----w- c:\programmi\Glary Utilities

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 18:40 . 2010-02-26 22:34 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-08-01 15:50 . 2010-02-22 17:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-07-31 23:13 . 2010-03-11 21:41 -------- d-----w- c:\programmi\Mozilla Thunderbird
2010-07-31 19:53 . 2005-01-03 00:10 -------- d-----w- c:\programmi\Java
2010-07-31 16:12 . 2010-04-10 09:30 -------- d-----w- c:\programmi\Digisoft AntiDialer
2010-07-28 19:32 . 2010-04-25 14:46 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-07-27 20:23 . 2010-02-17 20:41 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\U3
2010-07-27 19:22 . 2010-06-27 07:21 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\HpUpdate
2010-07-26 23:05 . 2010-02-17 20:54 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2010-07-26 20:10 . 2004-12-10 21:24 633002 ----a-w- c:\windows\system32\perfh010.dat
2010-07-26 20:10 . 2004-12-10 21:24 131772 ----a-w- c:\windows\system32\perfc010.dat
2010-07-24 17:42 . 2005-01-03 00:28 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-07-24 00:04 . 2010-02-26 22:34 -------- d-----w- c:\programmi\File comuni\PC Tools
2010-07-23 05:32 . 2010-03-11 21:41 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Thunderbird
2010-07-18 22:39 . 2010-03-07 12:58 -------- d-----w- c:\programmi\DIFX
2010-07-18 16:50 . 2010-06-18 21:57 -------- d-----w- c:\programmi\Driver Whiz
2010-07-18 13:22 . 2010-02-17 23:31 55568 ----a-w- c:\documents and settings\Compaq_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-07-18 00:08 . 2010-08-01 17:32 53632 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-07-17 13:56 . 2010-06-03 21:02 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-07-17 03:00 . 2010-06-27 08:20 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 17:12 . 2010-02-21 17:38 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\OfferBox
2010-07-06 22:21 . 2010-03-24 23:04 -------- d-----w- c:\programmi\SIW
2010-07-03 09:58 . 2010-07-03 09:58 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-06-28 20:57 . 2010-03-19 06:54 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-19 06:55 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-19 06:55 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-19 06:55 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-19 06:55 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-03-19 06:55 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-03-19 06:55 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-03-19 06:55 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-27 18:04 . 2010-02-18 18:14 -------- d-----w- c:\programmi\Picasa2
2010-06-27 16:44 . 2010-06-26 22:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\eXPert PDF 6
2010-06-27 08:36 . 2010-06-27 08:36 503808 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ec8e6fe-n\msvcp71.dll
2010-06-27 08:36 . 2010-06-27 08:36 499712 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ec8e6fe-n\jmc.dll
2010-06-27 08:36 . 2010-06-27 08:36 348160 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6ec8e6fe-n\msvcr71.dll
2010-06-27 08:22 . 2010-06-27 08:22 61440 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3938736b-n\decora-sse.dll
2010-06-27 08:22 . 2010-06-27 08:22 12800 ----a-w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3938736b-n\decora-d3d.dll
2010-06-27 07:22 . 2010-06-27 07:22 -------- d-----w- c:\programmi\Hp
2010-06-26 22:49 . 2010-04-25 18:45 -------- d-----w- c:\programmi\K-Lite Codec Pack
2010-06-26 22:47 . 2010-06-26 22:47 -------- d-----w- c:\programmi\Visagesoft
2010-06-26 22:47 . 2010-06-26 22:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\eXPert PDF Jobs
2010-06-26 22:47 . 2010-06-26 22:47 -------- d-----w- c:\programmi\BVRP Software
2010-06-26 22:47 . 2010-06-26 22:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\BVRP Software
2010-06-26 22:45 . 2010-05-29 12:29 -------- d-----w- c:\programmi\Acer(2)
2010-06-26 22:28 . 2010-06-23 20:38 -------- d-----w- c:\programmi\Index.dat Suite
2010-06-26 16:00 . 2010-06-26 16:00 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Registry Mechanic
2010-06-26 15:40 . 2010-06-26 15:39 1840 ----a-w- c:\windows\pchealth\helpctr\PackageStore(2)\SkuStore.bin
2010-06-26 15:39 . 2010-06-26 15:39 76875 ----a-w- c:\windows\pchealth\helpctr\OfflineCache(2)\index.dat
2010-06-24 21:32 . 2010-06-24 21:32 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Uniblue
2010-06-22 13:59 . 2010-06-22 13:59 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Drivers HeadQuarters
2010-06-22 13:44 . 2010-06-22 13:44 -------- d-----w- c:\programmi\PC Drivers HeadQuarters
2010-06-21 09:58 . 2010-06-21 09:58 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys
2010-06-21 09:57 . 2010-06-21 09:57 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys
2010-06-20 15:35 . 2010-06-20 15:35 -------- d-----w- c:\programmi\MSBuild
2010-06-20 15:35 . 2010-06-20 15:35 -------- d-----w- c:\programmi\Reference Assemblies
2010-06-18 22:37 . 2010-06-18 22:35 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Acer
2010-06-18 22:18 . 2010-06-18 22:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Driver Whiz
2010-06-18 17:00 . 2010-03-07 12:58 -------- d-----w- c:\documents and settings\Compaq_Proprietario\Dati applicazioni\PC Suite
2010-06-17 19:23 . 2010-06-17 19:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MSScanAppDataDir
2010-06-17 19:05 . 2010-02-21 17:37 304160 ----a-w- C:\PA207.DAT
2010-06-14 14:31 . 2008-11-11 05:24 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-06 10:32 . 2004-08-19 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:32 . 2004-08-19 11:00 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2010-05-06 10:32 . 2004-08-19 11:00 1209344 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2010-05-06 10:32 . 2007-08-13 17:34 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2006-08-12 15:54 . 2010-02-18 04:08 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\programmi\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Glary Memory Optimizer"="c:\programmi\Glary Utilities\memdefrag.exe" [2010-06-28 108344]
"uTorrent"="c:\programmi\uTorrent\uTorrent.exe" [2010-07-25 327984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"vspdfprsrv.exe"="c:\programmi\Visagesoft\eXPert PDF 6\vspdfprsrv.exe" [2009-01-15 1205760]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-21 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digisoft AntiDialer.lnk - c:\programmi\Digisoft AntiDialer\AntiDialer.exe [2003-8-19 730112]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [21/06/2010 11.58.08 15328]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19/03/2010 8.55.24 165456]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24/07/2010 1.32.22 233136]
R2 AcerSyncServiceWinService;AcerSyncServiceWinService;c:\programmi\Acer\AcerSync\AcerSyncService.exe -p --> c:\programmi\Acer\AcerSync\AcerSyncService.exe -p [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19/03/2010 8.55.24 17744]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [24/07/2010 1.32.19 88040]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\programmi\Macrium\Reflect\ReflectService.exe [21/06/2010 11.57.42 220128]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 11.26.10 508288]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [24/07/2010 2.04.01 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [22/07/2010 0.17.06 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [24/07/2010 2.03.58 115216]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [21/06/2010 11.57.56 44512]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [19/07/2010 0.39.24 105984]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2010-08-01 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-07-02 09:14]

2010-08-01 c:\windows\Tasks\User_Feed_Synchronization-{081C0CE3-ED28-446E-B3F1-DCC766CC62D1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\6iu7pzsf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:it:official
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\Compaq_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\6iu7pzsf.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\documents and settings\All Users\Dati applicazioni\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll
FF - plugin: c:\programmi\Picasa2\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Ora fine scansione: 2010-08-01 23:30:44
ComboFix-quarantined-files.txt 2010-08-01 21:30

Pre-Run: 178.660.667.392 byte disponibili
Post-Run: 178.659.569.664 byte disponibili

- - End Of File - - F75EB45C3206EEB00656FAAE5998D550
operazione conclusa
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » file log hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.