Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log

controllo log Opzioni
Topic Precedente · Topic Sucessivo
lauraz
Inviato: Saturday, February 02, 2013 10:17:21 AM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
Per favore mi ricontrolli il log ??? grazie

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.15.37, on 02/02/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\system32\ChgService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Vtune\TBPanel.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX1000.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Java\Java Update\jucheck.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Programmi\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B38CC042-9883-4887-9260-8945F722EB2E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D202FF90-361B-4704-8672-BFE5CA874743}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9FAE593-1A0A-42BD-8203-62785BABC5A8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CD2965A-1789-4F0A-B5E7-A97D9B7D1FD7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: c:\progra~1\windows searchqu c:\progra~1\windows searchqu
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14024 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, February 02, 2013 10:17:21 AM

 
Torna in alto
 
cbbusto
Inviato: Saturday, February 02, 2013 6:15:40 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao lauraz, avevi già postato un log la scorsa settimana e aspettavi la risposta di shapiro ?

Comunque c'è l'infezione di PowerOffer e altre file inutili da eliminare.
Fai queste operazioni:

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi rifai la scansione con HJT e posta il nuovo log aggiornato così eliminiamo il resto.
Non hai detto che problemi hai, probabile pc rallentato, pagine web non richieste o pubblicità ecc....
Ci risentiamo, ciao.
Torna in alto
 
lauraz
Inviato: Saturday, February 02, 2013 8:09:25 PM

Rank: AiutAmico

Iscritto dal : 1/5/2005
Posts: 195
Scusa ,hai ragione,non ho scritto i problemi che ho...ma è come dici tu,pc rallentato e finestre che si aprono senza motivo,ecco il log di Adwcleaner

# AdwCleaner v2.109 - Logfile creato il 02/02/2013 alle 20:02:31
# Aggiornamento 26/01/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : Max Kia Lalla - MAX-6128F3031CD
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\Max Kia Lalla\Documenti\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\plugin@yontoo.com
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\Searchqutoolbar
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\SweetIMToolbarData
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\SweetPacksToolbarData
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\AddLyrics
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\APN
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Complitly
Cartella Eliminato : C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Tuto4pc
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\extensions\pricepeep@getpricepeep.com.xpi
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\searchplugins\Askcom.xml
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\searchplugins\SearchResults.xml
File Eliminato : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\searchplugins\Web Search.xml

***** [Registro] *****

Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registro Pulito.

-\\ Mozilla Firefox v [Impossibile rilevare la versione]

File : C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\prefs.js

C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\Mozilla\Firefox\Profiles\rqwtrq8h.default\user.js ... Eliminato !

Eliminata : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Eliminata : user_pref("browser.search.defaultenginename", "Web Search");
Eliminata : user_pref("browser.search.order.1", "Web Search");
Eliminata : user_pref("browser.search.selectedEngine", "Web Search");
Eliminata : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=32[...]
Eliminata : user_pref("extensions.BabylonToolbar.admin", false);
Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar.babExt", "");
Eliminata : user_pref("extensions.BabylonToolbar.babTrack", "affID=100478");
Eliminata : user_pref("extensions.BabylonToolbar.bbDpng", 11);
Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Eliminata : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Eliminata : user_pref("extensions.BabylonToolbar.hmpg", true);
Eliminata : user_pref("extensions.BabylonToolbar.id", "f8a9a84200000000000000116759693c");
Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15327");
Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100478&babsrc=adbar[...]
Eliminata : user_pref("extensions.BabylonToolbar.lastDP", 11);
Eliminata : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1720:27:07");
Eliminata : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "17.0");
Eliminata : user_pref("extensions.BabylonToolbar.newTab", true);
Eliminata : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Eliminata : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar.propectorlck", 93786780);
Eliminata : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Eliminata : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Eliminata : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Eliminata : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1720:27:07");
Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Eliminata : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", "");
Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100478");
Eliminata : user_pref("extensions.BabylonToolbar_i.hardId", "f8a9a84200000000000000116759693c");
Eliminata : user_pref("extensions.BabylonToolbar_i.id", "f8a9a84200000000000000116759693c");
Eliminata : user_pref("extensions.BabylonToolbar_i.instlDay", "15327");
Eliminata : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:27:07");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Eliminata : user_pref("extensions.facemoods.aflt", "stonicit");
Eliminata : user_pref("extensions.facemoods.dfltSrch", true);
Eliminata : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Eliminata : user_pref("extensions.facemoods.dnsErr", true);
Eliminata : user_pref("extensions.facemoods.firstRun", true);
Eliminata : user_pref("extensions.facemoods.hmpg", true);
Eliminata : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=stonicit");
Eliminata : user_pref("extensions.facemoods.id", "f8a9a84200000000000000116759693c");
Eliminata : user_pref("extensions.facemoods.instlDay", "15230");
Eliminata : user_pref("extensions.facemoods.newTab", true);
Eliminata : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=stonicit&f=2");
Eliminata : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Eliminata : user_pref("extensions.facemoods.searchProviderAdded", true);
Eliminata : user_pref("extensions.facemoods.sid", "1dc16bb68aa54352ae71c87c521e2ff6");
Eliminata : user_pref("extensions.facemoods.vrsn", "1.4.17.11");
Eliminata : user_pref("extensions.wajam.affiliate_id", "6447");
Eliminata : user_pref("extensions.wajam.firstrun", "false");
Eliminata : user_pref("extensions.wajam.log_send_info", "false");
Eliminata : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
Eliminata : user_pref("extensions.wajam.no_trace", "false");
Eliminata : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
Eliminata : user_pref("extensions.wajam.supported_sites.encryptedgoogle.wajam_google_js", "try {window['APP_LABE[...]
Eliminata : user_pref("extensions.wajam.trace_log", "1355226631907 - processInstallationUpgrade - version set to[...]
Eliminata : user_pref("extensions.wajam.unique_id", "E41D383A1CA80AD1B4631B967A2A7026");
Eliminata : user_pref("extensions.wajam.user_current_mapping_version", "0");
Eliminata : user_pref("extensions.wajam.version", "1.26");
Eliminata : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=");
Eliminata : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Eliminata : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1355227776150");
Eliminata : user_pref("sweetim.toolbar.Visibility.enable", "true");
Eliminata : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Eliminata : user_pref("sweetim.toolbar.cargo", "2.1001.75000");
Eliminata : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Eliminata : user_pref("sweetim.toolbar.cda.returnValue", "disable");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Eliminata : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Eliminata : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Eliminata : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Eliminata : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Eliminata : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Eliminata : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");
Eliminata : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Eliminata : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Eliminata : user_pref("sweetim.toolbar.mode.debug", "false");
Eliminata : user_pref("sweetim.toolbar.newtab.created", "false");
Eliminata : user_pref("sweetim.toolbar.newtab.enable", "true");
Eliminata : user_pref("browser.search.defaultenginename", "Web Search");
Eliminata : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
Eliminata : user_pref("browser.search.selectedEngine", "Web Search");
Eliminata : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=32[...]
Eliminata : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=");
Eliminata : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Eliminata : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Eliminata : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Eliminata : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Eliminata : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Eliminata : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Eliminata : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Eliminata : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Eliminata : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Eliminata : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.2.callback", "");
Eliminata : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Eliminata : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Eliminata : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Eliminata : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Eliminata : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Eliminata : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Eliminata : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Eliminata : user_pref("sweetim.toolbar.search.history.capacity", "10");
Eliminata : user_pref("sweetim.toolbar.searchguard.enable", "false");
Eliminata : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Eliminata : user_pref("sweetim.toolbar.simapp_id", "{9F44A2BA-9D17-4573-9DB2-2BFEAE231860}");
Eliminata : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=5&barid={B3786C8B-A109-11E0-[...]
Eliminata : user_pref("sweetim.toolbar.version", "1.7.0.3");
Eliminata : user_pref("browser.search.defaultengine", "Web Search");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

Eliminata [l.13] : homepage = "hxxp://search.babylon.com/?affID=110183&tt=0113_2&babsrc=HP_ss&mntrId=f8a9a842000[...]
Eliminata [l.1693] : homepage = "hxxp://search.babylon.com/?affID=110183&tt=0113_2&babsrc=HP_ss&mntrId=f8a9a842000000[...]

*************************

AdwCleaner[R1].txt - [36067 octets] - [25/01/2013 12:53:50]
AdwCleaner[S1].txt - [36321 octets] - [25/01/2013 12:54:14]
AdwCleaner[S2].txt - [16650 octets] - [02/02/2013 20:02:31]

########## EOF - C:\AdwCleaner[S2].txt - [16711 octets] ##########

questo il log di HJT

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.08.36, on 02/02/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Programmi\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Vtune\TBPanel.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\vVX1000.exe
C:\Programmi\Microsoft Security Client\msseces.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ChgService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSC] "c:\Programmi\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Programmi\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Max Kia Lalla\Dati applicazioni\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{B38CC042-9883-4887-9260-8945F722EB2E}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{D202FF90-361B-4704-8672-BFE5CA874743}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9FAE593-1A0A-42BD-8203-62785BABC5A8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{3CD2965A-1789-4F0A-B5E7-A97D9B7D1FD7}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{063AA456-F2A7-4352-8F9C-A39D022E6D1A}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: c:\progra~1\windows searchqu c:\progra~1\windows searchqu
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\WINDOWS\system32\ChgService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 13126 bytes
Torna in alto
 
cbbusto
Inviato: Saturday, February 02, 2013 10:45:39 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ADW ha fatto una bella pulizia.
Ora fai queste operazioni, vai nel pannello di controllo, apri la lista dei programmi installati, cerca PowerOffer, e disinstallalo, poi bisogna disattivare dei servizi collegati, vai nel Pannello di controllo - Strumenti amministrazione - Servizi e cerca la voce Serv Updater fai doppio clic e modifica il suo Tipo di avvio in Disabilitato. Sempre nei servizi cerca Pos Service (PowerOffer Service) se c'è disattivalo anche lui, poi cerca anche Software Upd e Software Upd (SoftwareUpd) se li trovi disattiva anche loro.

Poi Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Gainward] C:\Programmi\Vtune\TBPanel.exe /A
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SE6.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Max Kia Lalla\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Programmi\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Utilità controllo supporti di Picture Motion Browser.lnk = C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O20 - AppInit_DLLs: c:\progra~1\windows searchqu c:\progra~1\windows searchqu
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

Poi fai una pulizia con Ccleaner compreso il Registro, per il registro spunta tutte le voci, acconsenti al backup quando richiesto.

Sempre in Ccleaner vai in Strumenti>Ripristino di sistema, seleziona tutte le voci, l'ultima non è selezionabile e rimane, poi clicca su rimuovi.
Poi vai in C:\windows cerca la cartella Prefetch la apri e cancella tutto il contenuto, non eliminare la cartella.

A questo punto rifai una scansione con HJT e posta il nuovo log aggiornato, vediamo se è rimasto qualcosa.
Il pc dovrebbe essere migliorato, fammi sapere. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.