Aiuto eliminazione virus

derek1939

Utente Attivo
267
1
CPU
intel i5 3450
Scheda Madre
MSI ZH77A-G43
Hard Disk
SDD 128gb cortex +2TB +1TB
RAM
8 GB 1600Mhz
Scheda Video
radon HD 7850 2GB
Scheda Audio
5.1 logitech
Monitor
LG E2251
Alimentatore
XFX proseries 450W
Case
Cooler Master Silencio 550 ATX
Sistema Operativo
WIN 7 ultimate
Salve a tutti,
come da oggetto temo di aver contratto un bel virus (o malware o altro) con il mio pc desktop.

Penso questo perchè un pò di tempo fa, tentando di aprire un pdf su internet con il browser mi era successo che il pc si bloccasse e poi non ripartisse. Messaggi strani, finestro pop up su finestre pop up etc..

Ho risolto mediante scansione combofix unita a ripristino configurazione di sistema.

Adesso apparentemente il S.O. funziona correttamente ma ho notato questi due problemi, che vi vado ad elencare di seguito che mi fanno pensare che ci sia qualcosa che non va:

- Se faccio una ricerca su google immagini, mi da solo 24 risultati e poi mi da 36 caselle grigie (come se non caricasse l'immagine) e basta. Ho provato con altri pc a fare le stesse ricerche ed ottengo molti piu risultati.
In piu non riesco ad entrare nei setting delle ricerche di google (safesearche e il pulsante dell'ingranaggio al suo fianco)

- Se attacco un HD esterno o una Pennetta USB, quando la vado a disattivare mi dice che è impossibile poichè qualcosa sta accedendo ancora alla periferica. Chiaramente ho chiuso tutto quando provo a disattivare.


Ho gia fatto scansione con:

antivirus NOD32, negativa
combofix (piu e piu volte, ci impiega sempre molto tempo a portarla a termine)
malwareBytes, negativa
spybot S&D, negativa
Hjackthis


Riporto nel post di seguito i report di tali scansioni.

Qualcuno sa darmi qualche consiglio per risolvere questi problemi che sembrano cose da niente ma sono piuttosto fastidiosi, dato che la ricerca delle immagini mi serve spessissimo.


Dimenticavo, il mio S.O. è Windows xp professional SP3

Grazie a tutti anticipatamente.
Di seguito i report:

Codice:
[B]SCANSIONE COMBOFIX:

[/B]ComboFix 12-03-08.02 - Intel 12/03/2012  19.39.43.6.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.3071.2117 [GMT 1:00]
Eseguito da: f:\internet download\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-02-12 al 2012-03-12  )))))))))))))))))))))))))))))))))))
.
.
2012-03-12 16:34 . 2012-03-12 16:34    --------    d-----w-    c:\programmi\Malwarebytes' Anti-Malware
2012-03-12 16:34 . 2011-12-10 14:24    20464    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-03-02 21:17 . 2012-03-02 21:17    --------    d-----w-    c:\windows\system32\wbem\Repository
2012-02-24 13:20 . 2012-02-25 14:37    --------    d-----w-    c:\programmi\JDownloader(2)
2012-02-24 13:19 . 2012-02-24 13:19    237    ----a-w-    C:\user.js
2012-02-21 10:58 . 2011-06-23 12:18    10833920    ----a-w-    c:\windows\system32\libmfxsw32.dll
2012-02-21 10:58 . 2011-06-23 12:18    10915840    ----a-w-    c:\windows\system32\libmfxhw32.dll
2012-02-15 12:58 . 2012-02-15 12:58    --------    d-----w-    c:\documents and settings\Intel\Dati applicazioni\Remote
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 11:10 . 2011-06-23 11:08    414368    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2009-02-24 19:34 . 2009-02-24 19:34    1044480    ----a-w-    c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34    200704    ----a-w-    c:\programmi\mozilla firefox\plugins\ssldivx.dll
2012-02-17 17:50 . 2011-11-12 10:12    134104    ----a-w-    c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-02-06_11.44.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-12 14:00 . 2012-03-12 14:00    16384              c:\windows\Temp\Perflib_Perfdata_418.dat
+ 2009-02-16 10:15 . 2008-04-14 02:14    51712              c:\windows\system32\dllcache\oobebaln.exe
+ 2009-02-16 10:15 . 2008-04-14 02:14    29184              c:\windows\system32\dllcache\msoobe.exe
+ 2011-10-02 11:08 . 2012-02-14 22:43    286052              c:\windows\system32\nvdrsdb1.bin
- 2011-10-02 11:08 . 2011-11-27 13:11    286052              c:\windows\system32\nvdrsdb1.bin
+ 2011-10-02 11:08 . 2012-02-14 22:43    286052              c:\windows\system32\nvdrsdb0.bin
- 2011-10-02 11:08 . 2011-12-07 20:29    286052              c:\windows\system32\nvdrsdb0.bin
+ 2012-02-20 11:10 . 2012-02-20 11:10    250016              c:\windows\system32\Macromed\Flash\FlashUtil11f_Plugin.exe
+ 2012-03-12 13:59 . 2012-03-12 13:59    389592              c:\windows\system32\FNTCACHE.DAT
+ 2012-03-09 20:55 . 2012-03-09 20:55    830976              c:\windows\Installer\772021f.msi
+ 2012-03-09 20:55 . 2012-03-09 20:55    323935               c:\windows\Installer\{39CB82CF-4B5D-4174-B2B3-C03DBE3CAFDE}\HD_Studio_12.exe
+ 2012-02-09 14:35 . 2012-02-09 14:35    974848               c:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a217254a2962cc8affce5fa4f8e1f350\Newtonsoft.Json.ni.dll
+ 2009-04-04 18:56 . 2012-03-02 21:18    7351992              c:\windows\system32\Restore\rstrlog.dat
+ 2010-01-27 01:07 . 2012-02-20 11:10    8527008              c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2012-01-04 13:13    8527008              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2012-02-09 14:35 . 2012-02-09 14:35    2572288               c:\windows\assembly\NativeImages_v4.0.30319_32\Songr\52e0641fbe1c28d61fc3798fb4a074ca\Songr.ni.exe
+ 2012-02-09 14:34 . 2012-02-09 14:34    1021952               c:\windows\assembly\NativeImages_v4.0.30319_32\Interop.WMPLib\766b1d7e5adecc860607c5859ed131f2\Interop.WMPLib.ni.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\programmi\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\programmi\Google\Google Talk\googletalk.exe" [2007-11-21 3293184]
"eMuleAutoStart"="c:\programmi\eMule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"itype"="c:\programmi\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-08 1451264]
"mylbx"="c:\programmi\My Lockbox\mylbx.exe" [2010-05-24 1614048]
"IntelliPoint"="c:\programmi\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17    64592    ----a-w-    c:\programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu  Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio  di AutoCAD.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione  automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=c:\windows\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Intel^Menu Avvio^Programmi^Esecuzione automatica^Azureus Ultra Accelerator.lnk]
path=c:\documents and settings\Intel\Menu Avvio\Programmi\Esecuzione automatica\Azureus Ultra Accelerator.lnk
backup=c:\windows\pss\Azureus Ultra Accelerator.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
2003-03-27 13:11    151552    ----a-w-    c:\windows\system32\stmctrl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
2009-09-17 00:25    1196032    ----a-w-    c:\programmi\ASUS\SmartDoctor\SmartDoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\basicsmssmenu]
2007-10-09 15:21    169328    ----a-w-    c:\programmi\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-02-24 12:41    321344    ----a-w-    c:\programmi\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40    687560    ----a-w-    c:\programmi\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-22 23:13    1591808    ----a-w-    c:\programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 13:25    136176    ----atw-    c:\documents and  settings\Intel\Impostazioni locali\Dati  applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50    155648    ----a-w-    c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50    16744256    ----a-w-    c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50    203072    ----a-w-    c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2003-11-10 16:06    406016    ------w-    c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18    413696    ----a-w-    c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42    32768    ----a-w-    c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator]
2009-11-03 20:45    1435240    ----a-w-    c:\programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-01-07 01:36    81920    ----a-w-    c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43    248040    ----a-w-    c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\DNA\\btdna.exe"=
"c:\\Programmi\\Vuze\\Azureus.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Google\\Google Talk\\googletalk.exe"=
"c:\\Programmi\\Opera\\opera.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Programmi\\Cerberus LLC\\Cerberus FTP Server\\CerberusGUI.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7001:TCP"= 7001:TCP:BitTorrent 
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"54010:TCP"= 54010:TCP:Samsung AllShare SlideShow Service
.
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [25/05/2010 11.04.17 43792]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23/06/2008 23.21.48 150568]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [08/10/2008 7.50.14 34312]
R2 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [27/02/2009 2.20.17 464264]
R2 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [27/02/2009 2.20.27 234888]
R2 ekrn;Eset Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [08/10/2008 7.47.58 468224]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [25/05/2010 11.04.18 142648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA  Corporation\NVIDIA Updatus\daemonu.exe [02/10/2011 12.08.37 2253120]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [23/02/2009 18.33.20 59466]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN  v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe  [18/03/2010 12.16.28 130384]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [10/06/2010 15.06.46 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [31/08/2001 10.00.00 3584]
S2  VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe  -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe  -start -scm [?]
S3 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [10/06/2010 15.06.46 136176]
S3 pcPAD16;pcPAD Filter Service 16;c:\windows\system32\drivers\PCPAD16.sys [20/09/2010 18.11.10 33374]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network  Adapter;c:\windows\system32\drivers\rtl8192su.sys [20/08/2010 18.52.35  588032]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\drivers\torususb.sys [23/02/2009 18.33.20 538925]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache  4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe  [18/03/2010 12.16.28 753504]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23/02/2009 21.53.08 717296]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-10 14:06]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-06-10 14:06]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-725345543-1003Core.job
- c:\documents and settings\Intel\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-27 13:25]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-308236825-725345543-1003UA.job
- c:\documents and settings\Intel\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2010-06-27 13:25]
.
2012-03-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-15 20:18]
.
.
------- Scansione supplementare -------
.
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\progra~1\SPEEDB~2\sblsp.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/IG
FF - prefs.js: keyword.URL -  hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=945525480000000000000022159f50dd&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 945525480000000000000022159f50dd
FF - user.js: extensions.BabylonToolbar_i.hardId - 945525480000000000000022159f50dd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [URL="http://www.gmer.net/"]GMER - Rootkit Detector and Remover[/URL]
Rootkit scan 2012-03-12 20:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ... 
.
scansione entrate autostart nascoste ... 
.
Scansione files nascosti ... 
.
.
c:\docume~1\Intel\IMPOST~1\Temp\catchme.dll 53248 bytes executable
.
Scansione completata con successo
Files nascosti: 1
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-343818398-308236825-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:ac,1b,7f,be,21,1e,a4,e9,49,63,a1,1c,d3,35,d1,bf,f2,57,e3,2e,87,4d,8a,
   d2,d4,a3,00,c0,67,a6,2a,e9,e9,e8,0b,96,54,7c,ed,d7,ee,9c,fb,a9,da,81,98,b5,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74
.
[HKEY_USERS\S-1-5-21-343818398-308236825-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:bd,fa,fb,b5,1b,f3,cc,37,b0,77,0c,82,c4,54,9f,91,53,55,2a,11,19,
   c2,6f,2d,69,12,99,ca,f1,46,83,2d,77,08,cd,c6,21,88,4d,3a,f6,24,83,ed,26,3a,\
"rkeysecu"=hex:2b,af,8e,5e,98,1e,5d,dd,99,de,12,1c,fc,95,8b,17
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\04\1d\0b\10)?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140710900063D11C8EF10054038389C"="C?\\windows\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(848)
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\windows\system32\WININET.dll
c:\programmi\SpeedBit Video Accelerator\CommPipe.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
.
- - - - - - - > 'explorer.exe'(4460)
c:\windows\system32\WININET.dll
c:\programmi\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\programmi\NVIDIA Corporation\nView\nview.dll
c:\programmi\NVIDIA Corporation\nView\NVWRSIT.DLL
c:\programmi\SpeedBit Video Accelerator\Accelerator.dll
c:\programmi\SpeedBit Video Accelerator\CommPipe.dll
c:\programmi\SpeedBit Video Accelerator\Collector.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2012-03-12  20:29:04
ComboFix-quarantined-files.txt  2012-03-12 19:28
ComboFix2.txt  2012-03-08 19:54
ComboFix3.txt  2012-03-02 22:46
ComboFix4.txt  2012-03-02 21:04
ComboFix5.txt  2012-03-12 18:34
.
Pre-Run: 36.891.799.552 byte disponibili
Post-Run: 36.867.092.480 byte disponibili
.
- - End Of File - - 32A40E8CB5A017E649FCF006DED03CCE[COLOR=Silver]
[/COLOR]







 
Ultima modifica:

derek1939

Utente Attivo
267
1
CPU
intel i5 3450
Scheda Madre
MSI ZH77A-G43
Hard Disk
SDD 128gb cortex +2TB +1TB
RAM
8 GB 1600Mhz
Scheda Video
radon HD 7850 2GB
Scheda Audio
5.1 logitech
Monitor
LG E2251
Alimentatore
XFX proseries 450W
Case
Cooler Master Silencio 550 ATX
Sistema Operativo
WIN 7 ultimate
SCANSIONE HIJACKTHIS:

Codice:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.09.51, on 12/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\AskBarDis\bar\bin\AskService.exe
C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\fsproflt.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\My Lockbox\mylbx.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\windows\system32\rundll32.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\windows\System32\svchost.exe
C:\Programmi\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmi\TechSmith\SnagIt 8\TSCHelp.exe
C:\windows\system32\PING.exe
C:\windows\system32\wuauclt.exe
C:\windows\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\msiexec.exe
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://it.msn.com/"]MSN Italia: Hotmail, Messenger, Skype, Windows Live[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mylbx] C:\Programmi\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run:  [WX1G5A9I3ZVZ5F9ARLOONOFDD] C:\winlogon\CD165098942.exe /q (User  'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration  - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -  C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -  {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network  Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - [URL]http://download.autodesk.com/esd/mapguide/SP1/ITA/mgaxctrl.cab[/URL]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [URL]http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235410607593[/URL]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti  - {8C7461EF-2B13-11d2-BE35-3078302C2030} -  C:\windows\system32\browseui.dll
O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\windows\system32\fsproflt.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision  Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel  32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA  Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 8985 bytes
 
Ultima modifica:

Federico83

UTENTE LEGGENDARIO
Utente Èlite
35,162
6,198
CPU
Ryzen 7 3700X
Dissipatore
NDH15
Scheda Madre
Gigabyte auros X570 elite
Hard Disk
4.5TB + 7 di NAS lol
RAM
16 GB G.Skill 3200
Scheda Video
RTX2070
Monitor
IIyama 28" 4K
Alimentatore
Cooler Master GX 650
Case
REV200
Sistema Operativo
Windows10x64pro
sposto in sicurezza
 

tecnico24

Utente Èlite
10,705
1,071
Da Hijackthis spunta e fixa queste voci:

O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe

O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [WX1G5A9I3ZVZ5F9ARLOONOFDD] C:\winlogon\CD165098942.exe /q (User 'UpdatusUser')

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll


Scarica AdwCleaner
Chiudi tutti i programmi aperti
Clicca sul pulsante Search
Attendi la scansione del programma
Al termine clicca sul pulsante Delete.
Il pc si riavvierà e il programma ti mostrera le pulizie effettuate , posta il suo report.
 

derek1939

Utente Attivo
267
1
CPU
intel i5 3450
Scheda Madre
MSI ZH77A-G43
Hard Disk
SDD 128gb cortex +2TB +1TB
RAM
8 GB 1600Mhz
Scheda Video
radon HD 7850 2GB
Scheda Audio
5.1 logitech
Monitor
LG E2251
Alimentatore
XFX proseries 450W
Case
Cooler Master Silencio 550 ATX
Sistema Operativo
WIN 7 ultimate
Fatto,
ti metto i report:

adwcleaner:

Codice:
# AdwCleaner v1.501 - Logfile created 03/12/2012 at 23:33:02
# Updated 04/03/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Intel - UTENTE
# Running from : F:\Internet Download\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted :  : AskService
Stopped & Deleted :  : AskUpgrade

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Intel\Dati applicazioni\OpenCandy
Folder Deleted : C:\Programmi\AskBarDis
Folder Deleted : C:\Documents and Settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\Conduit
File Deleted : C:\Programmi\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Programmi\Windows live\messenger\msimg32.dll
File Deleted : C:\Documents and Settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\searchplugins\Conduit.xml

***** [H. Navipromo] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKLM\SOFTWARE\AskBarDis
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993a7c-e764-4172-9627-bfb5ea6897b2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128a6c66-ac6a-4617-8268-ab7f47b7215e}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715d7-3395-4df0-b43c-784836209e60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804a-f0b0-4a74-a550-fc0eef8a4362}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{d2e5fa06-dcc7-46f9-beff-bfd06f69b9b2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v10.0.2 (it)

Profile : ra6gkhwe.default
File : C:\Documents and Settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\prefs.js

C:\Documents and Settings\Intel\Dati applicazioni\Mozilla\Firefox\Profiles\ra6gkhwe.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109989");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "945525480000000000000022159f50dd");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "945525480000000000000022159f50dd");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15394");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=109989&babsrc=NT_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:19:29");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=109989&babsrc=adbartrp&mntrId=94552548000000[...]

-\\ Opera v11.60.1185.0

File : C:\Documents and Settings\Intel\Dati applicazioni\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7339 octets] - [12/03/2012 23:32:09]
AdwCleaner[R2].txt - [7399 octets] - [12/03/2012 23:32:59]
AdwCleaner[S1].txt - [7645 octets] - [12/03/2012 23:33:02]

########## EOF - C:\AdwCleaner[S1].txt - [7773 octets] ##########



e hijackthis:


Codice:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23.38.23, on 12/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\windows\system32\fsproflt.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorEngine.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\windows\RTHDCPL.EXE
C:\Programmi\Microsoft IntelliType Pro\itype.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\My Lockbox\mylbx.exe
C:\Programmi\Microsoft IntelliPoint\ipoint.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Programmi\Google\Google Talk\googletalk.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\windows\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\windows\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmi\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [itype] "C:\Programmi\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [mylbx] C:\Programmi\My Lockbox\mylbx.exe /a
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [googletalk] "C:\Programmi\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-21-343818398-308236825-725345543-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~2\sblsp.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://download.autodesk.com/esd/mapguide/SP1/ITA/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235410607593
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Programmi\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\windows\system32\fsproflt.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe

--
End of file - 8477 bytes

Ho ancora i problemi di cui sopra, rifaccio anche il combofix??
 

derek1939

Utente Attivo
267
1
CPU
intel i5 3450
Scheda Madre
MSI ZH77A-G43
Hard Disk
SDD 128gb cortex +2TB +1TB
RAM
8 GB 1600Mhz
Scheda Video
radon HD 7850 2GB
Scheda Audio
5.1 logitech
Monitor
LG E2251
Alimentatore
XFX proseries 450W
Case
Cooler Master Silencio 550 ATX
Sistema Operativo
WIN 7 ultimate

Entra

oppure Accedi utilizzando

Discussioni Simili

Hot del momento