Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log hijackthis

Controllo log hijackthis Opzioni
Topic Precedente · Topic Sucessivo
douxnoir89
Inviato: Saturday, August 25, 2012 12:21:12 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
Buongiorno,

Da qualche giorno vedendo tra i componenti aggiuntivi di firefox mi è comparso un componente chiamato Datamngr 1.0,non so assolutamente cosa sia,ed inoltre all'improvviso mi esce scritto"Searcq" o una cosa del genere,ed ho letto che è un malware :( Ho effettuato la scansione con vari antivirus(Malware antiviru,spyware antivirus,avast) ma niente,quindi ho letto dal forum che forse con hijackthis potrei eliminare qsuesto benedetto searchq. Ho seguito la procedura ora vi linko il log di Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.20.24, on 25/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Launch Manager\dsiwmis.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Acer\Acer VCM\RS_Service.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Acer\Acer Updater\UpdaterService.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Programmi\Ask.com\Updater\Updater.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\genny\Documenti\Download\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aod260&r=0xph1011n105l0404wu75w4612t38p
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programmi\Outlook Express\msimn.exe" //mailurl:mailto:clienti@lafeltrinelli.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminatorShield] C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] C:\Programmi\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SuiteTray] "C:\Programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Programmi\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Programmi\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Programmi\Launch Manager\dsiwmis.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Programmi\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Programmi\Acer\Acer VCM\RS_Service.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Programmi\Spyware Terminator\st_rsser.exe
O23 - Service: Updater Service - Acer Group - C:\Programmi\Acer\Acer Updater\UpdaterService.exe

--
End of file - 9920 bytes







Ho effettuato anche una scansione con combofix non so quanto possa esser utile,poichè non ci capisco nulla.

Potreste aiutarmi?Vi ringrazio anticipatamente per le vostre eventuali risposte :D
Torna in alto
 
Sponsor
Inviato: Saturday, August 25, 2012 12:21:12 PM

 
Torna in alto
 
r16
Inviato: Saturday, August 25, 2012 12:29:48 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante search.
Finita la scansione, elimina il log che rilascia sul desktop, e clicca su "Delete".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Rifai la scansione con Combofix. (deve essere scaricato sul desktop)
Posta il log.
Torna in alto
 
douxnoir89
Inviato: Saturday, August 25, 2012 12:35:16 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
Ok Il tempo di avviare queste procedure e posto tutto :) Grazie=)
Torna in alto
 
douxnoir89
Inviato: Saturday, August 25, 2012 12:45:37 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
# AdwCleaner v1.801 - Logfile created 08/25/2012 at 12:36:12
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : genny - ACER-AE34D34C39
# Boot Mode : Normal
# Running from : C:\Documents and Settings\genny\Documenti\Download\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\genny\Dati applicazioni\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Ask
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\boost_interprocess
Folder Deleted : C:\Programmi\Ask.com
Folder Deleted : C:\Programmi\Conduit
Deleted on reboot : C:\Programmi\Searchqu Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Documents and Settings\All Users\Dati applicazioni\Partner
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Programmi\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933 --> hxxp://www.google.com

*************************

AdwCleaner[R1].txt - [6955 octets] - [25/08/2012 12:35:45]
AdwCleaner[S1].txt - [7072 octets] - [25/08/2012 12:36:12]

########## EOF - C:\AdwCleaner[S1].txt - [7200 octets] ##########
Torna in alto
 
douxnoir89
Inviato: Saturday, August 25, 2012 1:16:59 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
ComboFix 12-08-25.04 - genny 25/08/2012 12.53.51.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.1013.522 [GMT 2:00]
Eseguito da: c:\documents and settings\genny\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-07-25 al 2012-08-25 )))))))))))))))))))))))))))))))))))
.
.
2012-08-24 12:10 . 2012-08-24 12:10 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\Sun
2012-08-24 11:22 . 2012-08-24 11:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-24 10:33 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-24 10:33 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-24 10:33 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-24 10:33 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-24 10:33 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-24 10:33 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-24 10:33 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-24 10:33 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-24 10:32 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-24 10:32 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-24 07:52 . 2012-08-24 07:52 -------- d-----w- c:\programmi\File comuni\Java
2012-08-24 07:50 . 2012-08-24 07:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-22 11:03 . 2012-08-22 11:04 -------- d-----w- c:\documents and settings\genny\Impostazioni locali\Dati applicazioni\Ilivid Player
2012-08-16 06:55 . 2012-08-16 06:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-16 06:54 . 2012-08-16 06:55 -------- d-----w- c:\programmi\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 07:49 . 2012-07-10 20:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 07:49 . 2012-07-10 20:48 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 07:49 . 2011-10-01 19:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-24 07:45 . 2012-03-29 09:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 07:45 . 2011-10-01 18:00 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:59 . 2010-06-23 00:42 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-22 15:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:26 . 2010-06-23 00:42 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2011-10-02 08:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:39 . 2010-06-23 00:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:39 . 2010-06-23 00:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:39 . 2010-06-23 00:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2010-06-23 00:42 385024 ----a-w- c:\windows\system32\html.iec
2012-06-05 15:49 . 2010-06-23 00:42 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2010-06-23 00:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2010-06-23 00:42 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-06-22 15:02 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-06-22 15:02 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-06-22 15:02 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-06-23 00:42 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-06-22 15:02 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-06-22 15:02 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-06-22 15:02 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-08-06 17:23 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:23 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-06-22 15:02 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2011-10-02 13:20 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-10-02 13:20 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2011-10-02 13:20 18672 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:21 . 2010-06-23 00:42 603136 ----a-w- c:\windows\system32\crypt32.dll
2012-07-18 18:36 . 2012-03-01 08:59 136672 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\programmi\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-22 39408]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"Advanced SystemCare 5"="c:\programmi\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"SpywareTerminatorShield"="c:\programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\programmi\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SuiteTray"="c:\programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\programmi\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acer VCM.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20 38872 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2009-12-11 05:59 59936 ----a-w- c:\programmi\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2009-12-24 16:45 401192 ----a-w- c:\programmi\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2009-12-24 16:44 201512 ----a-w- c:\programmi\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-11-16 14:56 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03 186904 ----a-w- c:\programmi\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-04-08 04:18 908368 ----a-w- c:\programmi\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-11-16 14:56 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-02-01 10:08 337264 ----a-w- c:\programmi\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-22 16:46 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\programmi\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminator.exe"=
"c:\\Programmi\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [06/05/2012 13.17.12 14776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24/08/2012 12.33.25 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24/08/2012 12.33.28 355632]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [23/12/2011 16.08.29 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16/08/2012 8.55.23 242240]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [22/12/2011 12.24.10 32768]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\programmi\IObit\Advanced SystemCare 5\ASCService.exe [06/05/2012 13.16.40 497496]
R2 AntiVirSchedulerService;Avira Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [23/12/2011 16.08.34 86224]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24/08/2012 12.33.28 21256]
R2 DsiWMIService;Dritek WMI Service;c:\programmi\Launch Manager\dsiwmis.exe [23/06/2010 2.43.20 312400]
R2 IMFservice;IMF Service;c:\programmi\IObit\IObit Malware Fighter\IMFsrv.exe [06/05/2012 13.16.45 821592]
R2 RS_Service;Raw Socket Service;c:\programmi\Acer\Acer VCM\RS_Service.exe [22/06/2010 18.59.55 260640]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\programmi\Spyware Terminator\st_rsser.exe [22/12/2011 12.23.57 482992]
R2 Updater Service;Updater Service;c:\programmi\Acer\Acer Updater\UpdaterService.exe [22/06/2010 18.37.00 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [22/04/2010 6.16.55 60456]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [01/10/2011 19.34.44 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [05/07/2012 18.41.46 3048136]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [05/04/2012 11.37.38 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [29/03/2012 11.23.56 250568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2010 18.18.40 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [22/06/2010 18.20.22 108752]
S3 FileMonitor;FileMonitor;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [15/05/2012 9.49.28 246816]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [01/10/2011 19.34.44 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programmi\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 15.08.20 113120]
S3 RegFilter;RegFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [15/05/2012 9.49.28 30368]
S3 UrlFilter;UrlFilter;c:\programmi\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [15/05/2012 9.49.28 16208]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 07:45]
.
2012-08-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-24 09:12]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-01 17:34]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-10-01 17:34]
.
2012-08-25 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2012-05-06 12:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aod260&r=0xph1011n105l0404wu75w4612t38p
uInternet Connection Wizard,ShellNext = "c:\programmi\Outlook Express\msimn.exe" //mailurl:mailto:clienti@lafeltrinelli.it
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\documents and settings\genny\Dati applicazioni\Mozilla\Firefox\Profiles\4gdd7y0u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - user.js: extensions.softonic_i.hmpg - true
FF - user.js: extensions.softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.softonic_i.dfltSrch - true
FF - user.js: extensions.softonic_i.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.softonic_i.keyWordUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.softonic_i.dnsErr - true
FF - user.js: extensions.softonic_i.newTab - true
FF - user.js: extensions.softonic_i.newTabUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00080/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - 3a92317800000000000088ae1d1a89df
FF - user.js: extensions.softonic_i.instlDay - 15406
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.512:59
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - it12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00080
FF - user.js: extensions.softonic_i.dfltLng - it
FF - user.js: extensions.softonic_i.excTlbr - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-25 13:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\13\0a\03»"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1584)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-08-25 13:14:01
ComboFix-quarantined-files.txt 2012-08-25 11:13
ComboFix2.txt 2012-08-25 09:58
ComboFix3.txt 2012-08-24 11:32
.
Pre-Run: 21.328.666.624 byte disponibili
Post-Run: 21.312.126.976 byte disponibili
.
- - End Of File - - FCD633CE031698CDC107C6C41FF139F5
Torna in alto
 
douxnoir89
Inviato: Saturday, August 25, 2012 1:18:01 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
Eseguito tutto alla lettera...almeno credo =)
Torna in alto
 
r16
Inviato: Saturday, August 25, 2012 1:25:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
I log sono a posto.
Dai una pulita (registro compreso)con CCleaner http://www.aiutamici.com/software?ID=11223
Disattiva il ripristino configurazione di sistema,
http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121
Riavvia il pc.
Riattiva il ripristino configurazione di sistema
Riscontri problemi?
Torna in alto
 
douxnoir89
Inviato: Saturday, August 25, 2012 2:13:22 PM
Rank: Newbie

Iscritto dal : 8/22/2012
Posts: 7
Mi sembra che non vi siano più problemi!!!*________* Grazie mille per avermi aiutato passo passo attraverso le procedure :) Buona giornata =D
Torna in alto
 
r16
Inviato: Saturday, August 25, 2012 2:39:24 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica OTL sul Desktop:
http://oldtimer.geekstogo.com/OTL.exe
Lo apri e clicca su "CleanUp".

Disistallerà correttamente Combofix, e lo stesso OTL.
Il pc si riavvierà.
Fai una pulizia con CCleaner.
Ciao.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.