Problema search finder - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema search finder

2 pages: [1] 2

Problema search finder

Opzioni

Topic Precedente · Topic Sucessivo

zakyel

Inviato: Thursday, July 26, 2012 3:11:01 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

spesso mentre uso chrome vengo dirottato su questa pagina http://search.findeer.com/ qualcuno mi puo dare una mano per risolvere il problema? ho già istallato Hijackthis se può essere utile.
ciao e grazie!

Torna in alto

Sponsor

Inviato: Thursday, July 26, 2012 3:11:01 PM

Torna in alto

shapiro

Inviato: Thursday, July 26, 2012 3:51:24 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

ciao posta il log poi ti diro' come eliminarlo

Torna in alto

zakyel

Inviato: Thursday, July 26, 2012 4:07:00 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.05.41, on 26/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe
E:\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Giraffic\Veoh_Giraffic.exe
C:\Programmi\Wajam\Updater\WajamUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\Bit Che\Bit_Che.exe
E:\BitTorrent.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programmi\Wajam\IE\wajam.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [L09IXLRD_23890468] "C:\Programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MediaGet2] C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\MediaGet2\mediaget.exe --minimized
O4 - HKCU\..\Run: [ares] "C:\Programmi\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [VeohPlugin] "C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3282CB76-E2C4-4993-A9F7-1177F3A5D52F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{632402D2-F654-4386-953F-9CBB4632949D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5B04E3B-CC96-4B08-A58C-D97D3AE12C52}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A6B5AA7-2FF1-44CC-B786-70A6A7ADE26E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS3\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: WajamUpdater - Wajam - C:\Programmi\Wajam\Updater\WajamUpdater.exe

--
End of file - 12900 bytes

Torna in alto

shapiro

Inviato: Thursday, July 26, 2012 4:19:55 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

hai un po' di ''schifezze'' da eliminare inizia con hjt, avvia nuovamente la scansione e metti la spunta accanto a queste righe poi premi fix checked

Code:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll

O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Programmi\Wajam\IE\wajam.dll

O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll

O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll

O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

O4 - HKLM\..\Run: [SearchSettings] "C:\Programmi\File comuni\Spigot\Search Settings\SearchSettings.exe"

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file)

O9 - Extra button: (no name) - {09E90109-A9AA-4980-BCEF-76F8D924E902} - (no file) (HKCU)

fai una scansione con combofix scaricalo da qui e mettilo sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

Torna in alto

zakyel

Inviato: Thursday, July 26, 2012 4:56:50 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

ComboFix 12-07-27.01 - Utente 26/07/2012 16.34.04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2231 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\8e00e3257def1ecd2b4d2b040fbb568b_c
c:\documents and settings\Utente\Dati applicazioni\Toolbar4
c:\programmi\BrowserCompanion
c:\programmi\BrowserCompanion\BCHelper.exe
c:\programmi\BrowserCompanion\blabbers-ch.crx
c:\programmi\BrowserCompanion\logo.ico
c:\programmi\BrowserCompanion\sqlite3.dll
c:\windows\system32\SET1AA.tmp
c:\windows\system32\SET1AB.tmp
c:\windows\system32\SET1AC.tmp
c:\windows\system32\SET1B0.tmp
c:\windows\system32\SET1B1.tmp
c:\windows\system32\SET1B2.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1B8.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-26 al 2012-07-26 )))))))))))))))))))))))))))))))))))
.
.
2012-07-26 13:11 . 2012-07-26 13:11 388096 ----a-r- c:\documents and settings\Utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-26 13:11 . 2012-07-26 13:11 -------- d-----w- c:\programmi\Trend Micro
2012-07-14 08:49 . 2012-07-14 08:49 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Search Settings
2012-07-14 08:49 . 2012-07-14 08:49 -------- d-----w- c:\programmi\Application Updater
2012-07-14 08:49 . 2012-07-14 08:49 -------- d-----w- c:\programmi\pdfforge Toolbar
2012-07-14 08:49 . 2012-07-14 08:49 -------- d-----w- c:\programmi\File comuni\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-26 11:58 . 2012-05-02 13:23 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-07-12 11:20 . 2012-03-29 13:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 11:20 . 2012-03-29 13:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2008-04-13 15:50 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:49 . 2012-06-12 19:49 249856 ------w- c:\windows\Setup1.exe
2012-06-12 19:49 . 2012-06-12 19:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-05 15:49 . 2008-04-13 16:13 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-13 16:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-13 16:13 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-02-24 17:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-02-24 17:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-02-24 17:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-02-24 17:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-02-24 17:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-13 16:13 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-02-24 17:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-02-24 17:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:21 . 2008-04-13 16:13 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2008-04-27 12:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-04-27 12:24 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-27 12:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-27 12:23 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-13 18:55 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-13 15:54 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2011-02-24 17:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:38 . 2012-03-29 12:32 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-28 . D5E120A3BA164D2E7307A6688FEB26B2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"VeohPlugin"="c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-29 18671104]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2012-03-09 296056]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"e:\\BitTorrent.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"e:\\bin\\javaw.exe"=
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Programmi\\Giraffic\\Veoh_Giraffic.exe"=
"c:\\Programmi\\Giraffic\\Veoh_GirafficWatchdog.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/02/2012 17.47.05 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2012 17.47.08 314456]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [27/06/2012 17.01.34 791488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/02/2012 17.47.09 20568]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe --service --> c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [02/04/2012 18.05.36 2348352]
R2 WajamUpdater;WajamUpdater;c:\programmi\Wajam\Updater\WajamUpdater.exe [10/03/2012 0.50.38 109064]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [16/02/2012 17.42.03 38656]
R3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S2 PowerOffer Service;Pos Service;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [03/04/2012 19.12.21 164352]
S2 ServUpdater;Serv Updater;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [03/04/2012 19.12.22 156160]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 15.25.49 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2011 19.53.30 1684736]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 11.25.22 30969208]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:20]
.
2012-07-23 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-02-25 09:22]
.
2012-07-26 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-02-25 09:22]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-484061587-682003330-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-06-12 13:43]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-484061587-682003330-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-06-12 13:43]
.
2012-07-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-484061587-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
2012-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-484061587-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3282CB76-E2C4-4993-A9F7-1177F3A5D52F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{632402D2-F654-4386-953F-9CBB4632949D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{F5B04E3B-CC96-4B08-A58C-D97D3AE12C52}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\48rrf6ch.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 2
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKCU-Run-L09IXLRD_23890468 - c:\programmi\Microsoft Student\Microsoft Encarta 2009 - Premium + Student DVD\EDICT.EXE
HKCU-Run-MediaGet2 - c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\MediaGet2\mediaget.exe
HKCU-Run-ares - c:\programmi\Ares\Ares.exe
AddRemove-1ClickDownloader - c:\programmi\1ClickDownload\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-26 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
? [42184]
? [44864]
? [43272]
? [44456]
? [44896]
? [44172]
? [46480]
? [47668]
? [51116]
? [56236]
? [57184]
? [52852]
? [58752]
? [57728]
? [40348]
? [53640]
? [53556]
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-07-26 16:56:04
ComboFix-quarantined-files.txt 2012-07-26 14:55
.
Pre-Run: 5.716.217.856 byte disponibili
Post-Run: 6.042.554.368 byte disponibili
.
- - End Of File - - D647364B7B0498E045D045CE48594BD9

Torna in alto

zakyel

Inviato: Thursday, July 26, 2012 5:26:38 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

Torna in alto

shapiro

Inviato: Thursday, July 26, 2012 7:07:37 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Apri il Blocco Note copia e incolla questa righe:

Code:

file::
c:\programmi\Wajam\Updater\WajamUpdater.exe
c:\programmi\Application Updater\ApplicationUpdater.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

folder::
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
c:\programmi\Wajam
c:\programmi\File comuni\Spigot
c:\programmi\pdfforge Toolbar
c:\programmi\Application Updater
c:\programmi\Veoh Networks\VeohWebPlayer

driver::
WajamUpdater
ServUpdater
Application Updater

registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VeohPlugin"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=-

salva il file sul Desktop come CFScript.txt

Trascina il file appena creato ovvero CFScript.txt sull'icona di ComboFix

al termine il PC si dovrebbe ravviare, eventualmente riavvia tu manualmente, allega il log che trovi in C:\ComboFix.txt

conosci questo?

c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe

Torna in alto

zakyel

Inviato: Saturday, July 28, 2012 2:57:27 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

no non lo conosco, cmq la prima volta che ho usato combo fix il problema sembrava sparito, invece oggi sembra ancora + accentuato cambia continuamente pagina, cmq dp aver fatto il file con i dati che mi hai detto, quando lo spostato su combofix nn ha lanciato il programma per intere e nn si è neanche riavviato il pc

Torna in alto

jessy42

Inviato: Saturday, July 28, 2012 3:04:45 PM

Rank: AiutAmico

Iscritto dal : 4/17/2010
Posts: 607

Ciao zakyel,per cortesia, in attesa del nostro esperto di sezione shapiro, mi posti un log di

HijackThis attuale?

Ciao!

p.s. Comunque, penso di aver capito qual'è il tuo problema.

Torna in alto

r16

Inviato: Saturday, July 28, 2012 3:13:52 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

jessy42 ha scritto:

Ciao zakyel,per cortesia, in attesa del nostro esperto di sezione shapiro, mi posti un log di
HijackThis attuale?
Ciao!
p.s. Comunque, penso di aver capito qual'è il tuo problema.

Per favore, vuoi lasciare a Shapiro, il compito di proseguire con la sua strategia di bonifica?
Per tua norma e regola, intervenire durante una bonifica in corso, cambiando la strategia in corso, non è nè auspicabile, nè elegante, e tantomeno rispettoso nei confronti di chi stà seguendo l'utente.

Commenta:

p.s. Comunque, penso di aver capito qual'è il tuo problema.

Non preoccuparti.
Vedrai che Shapiro in caso di bisogno, chiederà il tuo aiuto. Whistle

(forse)

Torna in alto

shapiro

Inviato: Saturday, July 28, 2012 6:45:25 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

non far passare troppo tempo per eseguire quello che ti ho richiesto

rimuovi combofix con OTL
http://oldtimer.geekstogo.com/OTL.exe
Clicca sul tab Cleanup.Verrà richiesto un riavvio.Al termine ogni traccia di combofix e OTL verrà rimossa.

scarica nuovamente combofix da qui e metttilo sul desktop

ora esegui nuovamente lo script da trascinare su combofix con le indicazioni del post precedente

Torna in alto

zakyel

Inviato: Monday, July 30, 2012 4:13:49 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

Scusami se c ho messo tempo...

Commenta:

ComboFix 12-07-30.01 - Utente 30/07/2012 15.27.51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2368 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\Downloads\ComboFix.exe
Opzioni usate :: c:\documents and settings\Utente\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
FILE ::
"c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe"
"c:\programmi\Application Updater\ApplicationUpdater.exe"
"c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
"c:\programmi\Wajam\Updater\WajamUpdater.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\7z.dll
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\AppLib.Zip.dll
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallLog
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.InstallState
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings.ini
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\settings\settings.ini
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\ServUpdater\upd.exe
c:\programmi\Application Updater
c:\programmi\Application Updater\ApplicationUpdater.exe
c:\programmi\Application Updater\config.ini
c:\programmi\File comuni\Spigot
c:\programmi\File comuni\Spigot\Search Settings\baidu_ff.xml
c:\programmi\File comuni\Spigot\Search Settings\baidu_ie.xml
c:\programmi\File comuni\Spigot\Search Settings\config.ini
c:\programmi\File comuni\Spigot\Search Settings\Lang\res1031.ini
c:\programmi\File comuni\Spigot\Search Settings\Lang\res1033.ini
c:\programmi\File comuni\Spigot\Search Settings\Lang\res1034.ini
c:\programmi\File comuni\Spigot\Search Settings\Lang\res1036.ini
c:\programmi\File comuni\Spigot\Search Settings\Lang\res1040.ini
c:\programmi\File comuni\Spigot\Search Settings\SearchSettings.exe
c:\programmi\File comuni\Spigot\Search Settings\wth.dll
c:\programmi\File comuni\Spigot\Search Settings\yahoo_ff.xml
c:\programmi\File comuni\Spigot\Search Settings\yahoo_ie.xml
c:\programmi\File comuni\Spigot\Search Settings\yandex_ff.xml
c:\programmi\File comuni\Spigot\Search Settings\yandex_ie.xml
c:\programmi\File comuni\Spigot\wtxpcom\chrome.manifest
c:\programmi\File comuni\Spigot\wtxpcom\chrome\content\listener.js
c:\programmi\File comuni\Spigot\wtxpcom\chrome\content\listener.xul
c:\programmi\File comuni\Spigot\wtxpcom\chrome\content\shared.jsm
c:\programmi\File comuni\Spigot\wtxpcom\components\chrome.manifest
c:\programmi\File comuni\Spigot\wtxpcom\components\IFBHOHelperWidgiToolbar.xpt
c:\programmi\File comuni\Spigot\wtxpcom\components\IFBHOWidgiToolbar.xpt
c:\programmi\File comuni\Spigot\wtxpcom\components\install.rdf
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8
c:\programmi\File comuni\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9
c:\programmi\File comuni\Spigot\wtxpcom\install.rdf
c:\programmi\pdfforge Toolbar
c:\programmi\pdfforge Toolbar\FF\chrome.manifest
c:\programmi\pdfforge Toolbar\FF\chrome\chrome.jar
c:\programmi\pdfforge Toolbar\FF\install.rdf
c:\programmi\pdfforge Toolbar\IE\6.0\config.ini
c:\programmi\pdfforge Toolbar\Res\amazon.gif
c:\programmi\pdfforge Toolbar\Res\ebay.gif
c:\programmi\pdfforge Toolbar\Res\facebook.gif
c:\programmi\pdfforge Toolbar\Res\googleplus.gif
c:\programmi\pdfforge Toolbar\Res\icon_settings.gif
c:\programmi\pdfforge Toolbar\Res\Lang\res1031.ini
c:\programmi\pdfforge Toolbar\Res\Lang\res1033.ini
c:\programmi\pdfforge Toolbar\Res\Lang\res1034.ini
c:\programmi\pdfforge Toolbar\Res\Lang\res1036.ini
c:\programmi\pdfforge Toolbar\Res\Lang\res1040.ini
c:\programmi\pdfforge Toolbar\Res\pdfc_branding.gif
c:\programmi\pdfforge Toolbar\Res\pdfc_branding_hover.gif
c:\programmi\pdfforge Toolbar\Res\pdfc_icon.gif
c:\programmi\pdfforge Toolbar\Res\pdfc_portal_logo.gif
c:\programmi\pdfforge Toolbar\Res\radio-close.gif
c:\programmi\pdfforge Toolbar\Res\radio-minimize.gif
c:\programmi\pdfforge Toolbar\Res\radiobeta.gif
c:\programmi\pdfforge Toolbar\Res\search-button-hover.gif
c:\programmi\pdfforge Toolbar\Res\search-button.gif
c:\programmi\pdfforge Toolbar\Res\search-chevron-hover.gif
c:\programmi\pdfforge Toolbar\Res\search-chevron.gif
c:\programmi\pdfforge Toolbar\Res\search_amazon.gif
c:\programmi\pdfforge Toolbar\Res\search_baidu.gif
c:\programmi\pdfforge Toolbar\Res\search_ebay.gif
c:\programmi\pdfforge Toolbar\Res\search_yahoo.gif
c:\programmi\pdfforge Toolbar\Res\search_yandex.gif
c:\programmi\pdfforge Toolbar\Res\twitter.gif
c:\programmi\pdfforge Toolbar\Res\widgets.xml
c:\programmi\pdfforge Toolbar\WidgiHelper.exe
c:\programmi\Veoh Networks\VeohWebPlayer
c:\programmi\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
c:\programmi\Veoh Networks\VeohWebPlayer\fullscreen_client.swf
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-15_(14-44-31-125000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-17_(16-42-29-968750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-18_(02-57-18-390625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-18_(03-14-09-921875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-18_(14-15-38-593750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-18_(17-24-27-250000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-19_(01-26-00-718750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-20_(04-19-17-281250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-21_(00-34-31-968750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-22_(00-16-58-171875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-22_(12-29-52-640625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-22_(12-46-01-484375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-23_(21-08-57-406250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-25_(17-34-04-890625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-26_(03-47-57-140625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-27_(03-26-46-437500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-28_(00-46-26-691330).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-29_(00-37-44-203125).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-30_(00-44-11-562500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-31_(02-32-41-281250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-05-31_(02-47-17-281250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-01_(10-38-27-250000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-04_(01-04-46-468750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-04_(02-03-55-31250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-04_(14-19-26-203125).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-04_(15-08-55-781250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-05_(21-12-52-375000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-06_(00-26-55-406250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-06_(14-52-13-250000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-07_(15-20-00-250000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-08_(15-07-05-000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-11_(16-07-32-421875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-12_(14-58-44-343750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-13_(14-44-07-360433).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-13_(17-38-20-812500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-14_(15-18-40-761375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-15_(05-14-12-890625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-16_(01-42-43-281250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-16_(04-35-34-000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-16_(13-04-10-671875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-17_(03-18-44-265625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-17_(04-46-37-390625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-17_(14-55-02-000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-18_(01-29-03-484375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-19_(02-33-50-875000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-21_(10-29-37-625000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-22_(01-21-08-593750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-22_(12-09-39-15625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-23_(02-17-56-484375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-23_(13-55-38-843750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-25_(01-27-32-140625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-27_(15-54-53-93750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-28_(02-08-39-312500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-29_(14-12-39-468750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-06-30_(12-57-32-109375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-01_(02-20-41-984375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-01_(15-07-16-531250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-01_(17-22-57-875000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-02_(03-08-18-984375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-02_(14-43-45-390625).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-05_(03-38-09-453125).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-08_(03-24-17-703125).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-09_(01-03-45-859375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-09_(01-38-19-843750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-09_(13-50-17-625000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-10_(00-44-10-000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-11_(10-37-01-203125).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-12_(19-57-39-46875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-13_(15-35-39-718750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-16_(12-53-35-687500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-17_(00-14-52-562500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-17_(14-27-02-250000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-18_(14-48-14-937500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-18_(15-03-41-656250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-19_(18-17-52-312500).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-20_(14-15-44-171875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-21_(02-34-38-734375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-23_(00-47-58-609375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-23_(13-52-39-46875).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-28_(04-17-15-843750).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-28_(04-38-55-656250).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-28_(14-10-53-875000).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-30_(03-05-30-359375).log
c:\programmi\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-07-30_(15-12-05-734375).log
c:\programmi\Veoh Networks\VeohWebPlayer\GoogleAnalizerConnector.exe
c:\programmi\Veoh Networks\VeohWebPlayer\imageformats\Microsoft.VC90.CRT.manifest
c:\programmi\Veoh Networks\VeohWebPlayer\imageformats\msvcr90.dll
c:\programmi\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\IPCClient.exe
c:\programmi\Veoh Networks\VeohWebPlayer\libeay32.dll
c:\programmi\Veoh Networks\VeohWebPlayer\linker.dll
c:\programmi\Veoh Networks\VeohWebPlayer\Microsoft.VC90.CRT.manifest
c:\programmi\Veoh Networks\VeohWebPlayer\modern_smalldesc.exe
c:\programmi\Veoh Networks\VeohWebPlayer\msvcm90.dll
c:\programmi\Veoh Networks\VeohWebPlayer\msvcp90.dll
c:\programmi\Veoh Networks\VeohWebPlayer\msvcr90.dll
c:\programmi\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll
c:\programmi\Veoh Networks\VeohWebPlayer\phonon4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\qlipso_GirafficInstall0.86.126.230.exe
c:\programmi\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe
c:\programmi\Veoh Networks\VeohWebPlayer\QtCore4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\QtGui4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\QtScript4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\qtveohtvplugin_jpn.qm
c:\programmi\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\close2.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_center.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_left.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_right.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_horiz.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_left.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_right.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_edit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_email.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large_white.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_small.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_white.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_left.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_right.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_TabButton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\AddVideosButton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\close.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\downloadsbutton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftBottomFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftTopFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\librarybutton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\logobutton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\maximize.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\menubutton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleBottomFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleLeftFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleRightFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleTopFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\minimize.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\RightBottomFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\RightTopFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\SpacerBottomFrame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\forms\uploadsbutton.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\add_content_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\added_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\border_bottom.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\border_left.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\border_right.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\border_top.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\clear_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_left.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_right.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\corner_top_right.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\defaultvideo.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_download.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_edit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_email.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete_Selected.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play_Selected.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\download_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Completed.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Downloading.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Paused.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\length_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\library_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\list_view_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\loadingscreen.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\logo.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\NavSub_Search.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\pause_all_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\playlist_drag.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\publish_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\resume_all_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\thumb_view_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\title_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\toaster_close.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\trayicon.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\try_again_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_edit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_find.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Lock.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Play.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Rate.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Unlock.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\videothumb.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\VideoThumb_New.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\images\visit_veoh_bu.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\download_frame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\LibraryMsg_frame.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Add.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ClearCompleted.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PauseAll.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Playlist.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistHide.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistShow.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ResumeAll.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Search.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists2.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs2.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_View.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\playlist_button_bar.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_Clear.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_PlayAll.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\PublishPleaseWait.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\SortArrow.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_New.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_Options.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\TrashIcon.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\UpDown.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_Default.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_List.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\video_saved.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_New.png
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_Shadow.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\Exit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Bg.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Exit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Bg.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Exit.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\FullScreen.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\mute.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\next.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\pause.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_Bg.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_ControlsStop.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeFilled.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeMute.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeNotFilled.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeRight.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeScrub.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeUnmute.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Duration_Background.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_AdMarker.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Downloaded.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Filled.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_NotFilled.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Scrub.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Top_Bg.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\play.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\previous.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\qlipso_GirafficInstall0.86.126.230.exe
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\Stop.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeDown.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeText.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeUp.jpg
c:\programmi\Veoh Networks\VeohWebPlayer\skins\black\skin.xml
c:\programmi\Veoh Networks\VeohWebPlayer\ssleay32.dll
c:\programmi\Veoh Networks\VeohWebPlayer\uninst.exe
c:\programmi\Veoh Networks\VeohWebPlayer\vcredist_x86.exe
c:\programmi\Veoh Networks\VeohWebPlayer\VeohCompassInstall.dll
c:\programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
c:\programmi\Veoh Networks\VeohWebPlayer\Win32ImageGrabber.exe
c:\programmi\Veoh Networks\VeohWebPlayer\Zugo.bmp
c:\programmi\Wajam\Updater
c:\programmi\Wajam\Updater\update.exe
c:\programmi\Wajam\Updater\wajamLogo.bmp
c:\programmi\Wajam\Updater\WajamUpdater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_APPLICATION_UPDATER
-------\Legacy_SERVUPDATER
-------\Legacy_WAJAMUPDATER
-------\Service_Application Updater
-------\Service_ServUpdater
-------\Service_WajamUpdater
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-28 al 2012-07-30 )))))))))))))))))))))))))))))))))))
.
.
2012-07-28 11:27 . 2012-07-28 11:27 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\wtxpcom
2012-07-27 13:55 . 2012-07-27 14:07 -------- d-----w- c:\documents and settings\Utente\saves
2012-07-27 13:55 . 2012-07-27 13:55 -------- d-----w- c:\documents and settings\Utente\screenshots
2012-07-27 13:55 . 2012-07-27 13:55 -------- d-----w- c:\documents and settings\Utente\cdimages
2012-07-27 13:55 . 2012-07-27 13:55 -------- d-----w- c:\documents and settings\Utente\cards
2012-07-26 15:43 . 2012-07-26 15:48 -------- d-----w- c:\programmi\PakkISO
2012-07-26 13:11 . 2012-07-26 13:11 388096 ----a-r- c:\documents and settings\Utente\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-26 13:11 . 2012-07-26 13:11 -------- d-----w- c:\programmi\Trend Micro
2012-07-14 08:49 . 2012-07-14 08:49 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\Search Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 13:58 . 2012-05-02 13:23 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-07-27 08:20 . 2012-03-29 13:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 08:20 . 2012-03-29 13:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2008-04-13 15:50 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 19:49 . 2012-06-12 19:49 249856 ------w- c:\windows\Setup1.exe
2012-06-12 19:49 . 2012-06-12 19:49 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-05 15:49 . 2008-04-13 16:13 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-04-13 16:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-13 16:13 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-02-24 17:07 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-02-24 17:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-02-24 17:07 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-02-24 17:07 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-02-24 17:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-04-13 16:13 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2011-02-24 17:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 18:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-02-24 17:07 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:21 . 2008-04-13 16:13 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2008-04-27 12:24 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-04-27 12:24 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-04-27 12:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-27 12:23 385024 ------w- c:\windows\system32\html.iec
2012-05-05 03:14 . 2008-04-13 18:55 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2008-04-13 15:54 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2011-02-24 17:05 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:38 . 2012-03-29 12:32 97208 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-12-28 . D5E120A3BA164D2E7307A6688FEB26B2 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-29 18671104]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"DivXUpdate"="c:\programmi\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"TkBellExe"="c:\programmi\Real\RealPlayer\update\realsched.exe" [2012-03-09 296056]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-01-18 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-29 108352]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
"_nltide_3"="advpack.dll" [2009-03-08 128512]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\WINDOWS\\KMSEmulator.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"e:\\bin\\javaw.exe"=
"c:\\Programmi\\Giraffic\\Veoh_Giraffic.exe"=
"c:\\Programmi\\Giraffic\\Veoh_GirafficWatchdog.exe"=
"e:\\BitTorrent.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/02/2012 17.47.05 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16/02/2012 17.47.08 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/02/2012 17.47.09 20568]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe --service --> c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [02/04/2012 18.05.36 2348352]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [16/02/2012 17.42.03 38656]
R3 osppsvc;Office Software Protection Platform;c:\programmi\File comuni\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22.37.50 4640000]
S2 PowerOffer Service;Pos Service;c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [03/04/2012 19.12.21 164352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 15.25.49 250056]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [24/02/2011 19.53.30 1684736]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programmi\Microsoft Office\Office14\GROOVE.EXE [25/03/2010 11.25.22 30969208]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 08:20]
.
2012-07-30 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-02-25 09:22]
.
2012-07-30 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-02-25 09:22]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-484061587-682003330-1003Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-06-12 13:43]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-484061587-682003330-1003UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2012-06-12 13:43]
.
2012-07-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-484061587-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
2012-07-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-484061587-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2012-01-30 16:45]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3282CB76-E2C4-4993-A9F7-1177F3A5D52F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{632402D2-F654-4386-953F-9CBB4632949D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{F5B04E3B-CC96-4B08-A58C-D97D3AE12C52}: NameServer = 176.31.229.24,176.31.229.25
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\48rrf6ch.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: network.proxy.type - 2
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Veoh Web Player Beta - c:\programmi\Veoh Networks\VeohWebPlayer\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-30 15:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1480)
c:\windows\system32\WININET.dll
c:\progra~1\FILECO~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1040\GrooveIntlResource.dll
c:\programmi\Windows Media Player\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\AVAST Software\Avast\AvastSvc.exe
c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe
e:\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Giraffic\Veoh_Giraffic.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexingService.exe
c:\programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-30 16:10:15 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-30 14:10
.
Pre-Run: 895.553.536 byte disponibili
Post-Run: 1.071.042.560 byte disponibili
.
- - End Of File - - 3F0A2D305C305B58F0CC95477D2933B7

Torna in alto

shapiro

Inviato: Monday, July 30, 2012 5:19:11 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

rimuovi combofix come ti ho indicato nel post precedente poi vai in C e se trovi la cartella qoobox eliminala

questi programmi li conosci?

c:\programmi\Giraffic\Veoh_GirafficWatchdog.exe

c:\programmi\PakkISO

Installa Ccleaner

ccleaner

durante l’installazione deseleziona l’opzione per la barra di Yahoo, lo apri, vai in Opzioni>Avanzate, togli la spunta a “Cancella file temp diwindows solo se più vecchi di 48 ore”, poi avvialo, seleziona "Analizza" ed alla fine dell'analisi premi "Avvia pulizia''

clicca su Registro, nella pagina successiva clicca Trova problemi, poi al termine dello scan clicca su Ripara selezionati , risposndi di sì alla richiesta di salvare il backup (salvalo in una cartella a piacimento) poi ripara tutti gli elementi trovati.

scarica http://www.atribune.org/ccount/click.php?id=1

non ha bisogno di installazione

Avvia ATF Cleaner.exe con un doppio click
http://www.helpinweb.it/index.php?ind=downloads&op=download_file&ide=178&file=ATF-Cleaner.zip
- clicca sul menu main
- seleziona la casella Select All
- clicca sul pulsante Empty selected
- aspetta l'avviso Done Cleaning.
(se non vuoi eliminare le password togli la spunta)
(se usi opera o firefox,spunta anche le loro sezioni)

Finite le pulizie, postami un nuovo log di hijackthis

Torna in alto

zakyel

Inviato: Monday, July 30, 2012 6:12:43 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.11.48, on 30/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe
E:\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Giraffic\Veoh_Giraffic.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\Real\RealPlayer\update\realsched.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2000478354-484061587-682003330-1005\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3282CB76-E2C4-4993-A9F7-1177F3A5D52F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{632402D2-F654-4386-953F-9CBB4632949D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5B04E3B-CC96-4B08-A58C-D97D3AE12C52}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A6B5AA7-2FF1-44CC-B786-70A6A7ADE26E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS3\Services\Tcpip\..\{01F75A26-6AA5-47F7-8D73-66A9375B09E4}: NameServer = 176.31.229.24,176.31.229.25
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe

--
End of file - 10343 bytes

Torna in alto

shapiro

Inviato: Monday, July 30, 2012 6:39:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

non hai risposto alla mia domanda

questo lo conosci? lo haii installato tu? >> C:\Programmi\Giraffic\Veoh_GirafficWatchdog.exe

elimina queste cartelle se sono ancora nel pc

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe

C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

da start esegui scrivi (fai copia incolla)

sc delete PowerOffer Service e dai ok

fixa queste voci con hjt

O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

questa fixala dopo il comando >>> sc delete PowerOffer Service

Code:

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\PosService\Pos.exe

Torna in alto

zakyel

Inviato: Tuesday, July 31, 2012 3:01:31 AM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

veoh è un programma che h istallato io ma giraffic non lo conosco, ho fatto quello che hai scritto nell'utlimo post

Torna in alto

shapiro

Inviato: Tuesday, July 31, 2012 6:28:46 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

decidi tu se farlo rimanere nel pc >>> leggi

Torna in alto

zakyel

Inviato: Tuesday, July 31, 2012 4:27:58 PM

Rank: Member

Iscritto dal : 7/26/2012
Posts: 12

guarda il problema persiste, anzi è anche aumentato, infatti ti sto scrivendo da un altro pc perché il mio è impraticabile, e stavo pensando di formattare ora se tu mi dici che è questo il file che mi da questo problema provo ad eliminarlo casomai dovesse non cambiare la situazione formatto.
grazie ancora dell'aiuto che mi stai dando.

Torna in alto

shapiro

Inviato: Tuesday, July 31, 2012 5:00:07 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

e tu formatti cosi' ? beato te che ne hai il tempo e la voglia

elimina quelle cartelle e poi vedi se il problema persiste

edit

controlla cosa contiene questa cartella

c:\documents and settings\Utente\Dati applicazioni\wtxpcom

Torna in alto

Utenti presenti in questo topic

Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Problema search finder

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded