| Autore |
 Discussione  |
|
giuliosta
New Member
Città: salerno
48 Messaggi |
 Inserito il - 10/10/2011 : 20:46:14
|
Salve a tutti, mi chiamo giulio ed ho un problema alquanto noioso, mi spiego: da qualche giorno mentre navigo all'improvviso e sempre quando apro una nuova pagina net mi si aprono finestre di pubblicità nn richiesta e di non accettevole argomentazione...la quale io credo siano la causa conseguente di una sbirciatina da me fatta in alcuni siti discutibili, la curiosità e donna si dice ma si applica anche a noi uomini. Detto questo! Ho installato hijackthis dietro consiglio del forum e seguendo la direttiva o fatto tutta la procedura per individuare i file negativi:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = htt*://[www].crawler[.com]/search/ie.aspx?tb_id=66008
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
A questo punto dopo averli individuati e dopo aver barrato il quadratino indicante il file non sono in seguito riuscito a cancellarlo neanche dopo aver premuto (fix checker)....chi può darmi un aiutino per favore? Grazie a tutti
|
Modificato da - in Data
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 10/10/2011 : 21:23:11
|
ciao
puoi postare il log intero? |
 |
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 09:25:02
|
htt*://[www].savefile[.com]/dl/7VX89KYS
Spero di aver uplodato bene la direttiva riguardante il file log di hijackthis.....rispondetemi per favore....
htt*://[www].savefile[.com]/dl/UTFBY36S
|
Modificato da - giuliosta in data 11/10/2011 10:15:11 |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 11/10/2011 : 10:18:36
|
apri hijackthis e fixa queste voci, appena fatto postami un nuovo log vediamo se ci sono ancora
Citazione:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = htt*://[www].crawler[.com]/search/ie.aspx?tb_id=66008
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: IE BHO Helper - {b879dc47-7f5a-4973-a570-1e03a60c7c02} - C:\Program Files\WebPornoTV\adxloader.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
|
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 10:26:10
|
| Fatto, ma alla scansione successiva di hijackthis mi ridà di nuovo il file come esistente nel mio sistema, ivi devo dedurre che non me lo abbia eliminato.....? nessuno dei 4. |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 11/10/2011 : 10:31:11
|
| hai provato da modalita' provvisoria? (solo col tasto F8 ) quando effettui queste operazioni dovresti avere tutte le pagine chiuse |
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 10:53:27
|
ok ci provo
|
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 13:57:11
|
| mi sembra di esserci riuscito..... ti faccio sapere al prossimo riavvio, grazie mille! |
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 14:12:23
|
| OK, grazie shang, in modalità provvisoria me li ha tolti.....grazie del tuo tempo. |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 11/10/2011 : 15:03:31
|
aspetta non correre con quelle infezioni non vai lontano
scarica e installa malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto . |
Modificato da - shang in data 11/10/2011 15:04:21 |
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 20:44:11
|
ok, infatti nonostante li abbia tolti dopo ho effettuato una scansione con spybot e mi ha cmq rilevato tre infetti "babylon-sweti-etcc" dopo aver detto di cancellarli mi ha risposto che i file sono in memoria e che solo al riavvio del sistema me li avrebbe cancellati ma avevo gia fatto questa procedura altre volte e sono ancora qui......purtroppo.
Ora vado a scaricare il programma e ti faccio sapere .... |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 11/10/2011 : 20:47:41
|
| dobbiamo eliminare quelle infezioni altrimenti sarai sempre a chiedere aiuto |
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 22:37:48
|
Malwarebytes' Anti-Malware 1.51.2.1300
[www].malwarebytes.org
Versione database: 7924
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11/10/2011 22:19:38
mbam-log-2011-10-11 (22-19-38).txt
Tipo di scansione: Scansione completa (C:\|D:\|G:\|H:\|)
Elementi esaminati: 256989
Tempo impiegato: 1 ore, 26 minuti, 13 secondi
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0
Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)
Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)
Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)
Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)
Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)
Cartelle infette:
(Non sono stati rilevati elementi nocivi)
File infetti:
(Non sono stati rilevati elementi nocivi)
|
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 11/10/2011 : 22:39:16
|
Che mi dici? |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 11/10/2011 : 23:30:29
|
vedo che non ha rilevato niente, mi sembra strano o forse erano solo delle chiavi di registro che erano rimaste nel pc
si aprono ancora quelle finestre? per maggior sicurezza fai questa scansione con l'antivirus disattivato
scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
non usare il pc durante la scansione, nemmeno il mouse
|
Modificato da - shang in data 11/10/2011 23:51:39 |
|
|
|
giuliosta
New Member
Città: salerno
48 Messaggi |
Inserito il - 12/10/2011 : 13:47:22
|
ComboFix 11-10-11.05 - utente 12/10/2011 8:55.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1015.320 [GMT 2:00]
Eseguito da: c:\users\utente\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\utente\AppData\Roaming\.#
c:\users\utente\AppData\Roaming\3M
c:\users\utente\AppData\Roaming\3M\PSNotes\PSNData
c:\users\utente\AppData\Roaming\PCFix
c:\users\utente\AppData\Roaming\PCFix\log.dat
c:\users\utente\AppData\Roaming\PCFix\unresolvederrors.dat
c:\users\utente\Documents\pubAEFE.tmp
c:\users\utente\MyTorrentClient-setup.exe
c:\users\utente\SoftonicDownloader_per_jdvoicemail.exe
c:\windows\system32\service
c:\windows\system32\service\13102010_TIS17_PccScan.log
.
.
((((((((((((((((((((((((( Files Creati Da 2011-09-12 al 2011-10-12 )))))))))))))))))))))))))))))))))))
.
.
2011-10-12 07:09 . 2011-10-12 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-12 06:37 . 2011-10-12 06:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9370FFEF-3BD2-4BE0-9752-F54A846865B5}\offreg.dll
2011-10-12 06:37 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9370FFEF-3BD2-4BE0-9752-F54A846865B5}\mpengine.dll
2011-10-11 18:51 . 2011-10-11 18:51 -------- d-----w- c:\users\utente\AppData\Roaming\Malwarebytes
2011-10-11 18:51 . 2011-10-11 18:51 -------- d-----w- c:\programdata\Malwarebytes
2011-10-11 18:51 . 2011-10-11 18:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-11 18:51 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-10 19:22 . 2011-10-10 19:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-10 19:22 . 2011-10-10 19:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-10-10 15:28 . 2011-10-10 15:28 388096 ----a-r- c:\users\utente\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-10 15:28 . 2011-10-10 15:28 -------- d-----w- c:\program files\Trend Micro
2011-10-10 05:01 . 2011-10-10 05:01 -------- d-----w- c:\users\utente\AppData\Local\WebPornoTV
2011-10-08 21:27 . 2011-10-08 21:27 -------- d-----w- c:\users\utente\AppData\Local\IE_BHO_Helper
2011-10-08 21:27 . 2011-10-08 21:27 -------- d-----w- c:\users\utente\AppData\Local\assembly
2011-10-08 21:24 . 2011-10-10 06:46 -------- d-----w- c:\program files\WebPornoTV
2011-10-03 09:23 . 2011-10-03 09:23 -------- d-----w- c:\programdata\McAfee
2011-09-29 07:22 . 2011-10-03 06:28 -------- d-----w- c:\users\utente\AppData\Roaming\WINDEasyConnect
2011-09-29 07:21 . 2011-09-29 07:21 101760 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-09-29 07:21 . 2011-09-29 07:21 -------- d-----w- c:\program files\WINDEasyConnect
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 10:21 . 2011-06-04 22:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 10:34 . 2010-11-25 19:53 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-31 10:34 . 2010-11-25 19:53 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-16 15:47 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54 . 2011-08-11 01:15 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 01:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 01:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27 . 2011-08-10 05:36 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 05:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:36 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 05:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-08-17 402608]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-04 399736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"eMuleAutoStart"="d:\emule\emule.exe" [2010-04-07 5758976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"SuperHybridEngine"="AsusSender.exe" [2009-08-18 27648]
"HotkeyService"="AsusSender.exe" [2009-08-18 27648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-10-11 2429]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"EEESplendidAR"="c:\program files\ASUS\EPC\EeeSplendid\AutoRun.exe" [2009-08-05 84992]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 606208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-09-01 281768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\utente\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Efficient Diary.lnk - c:\program files\Efficient Diary\EfficientDiary.exe [2011-6-13 10251776]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2010-11-4 548016]
HotKeyMon.lnk - c:\program files\EeePC\HotkeyService\HotKeyMon.exe [2009-9-12 100328]
Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-10-15 2080768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 135664]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 135664]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-08-27 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-08-27 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-08-27 123648]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-08-27 100224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 5120]
S2 WTGService;WTGService;c:\program files\WINDEasyConnect\WTGService.exe [2011-09-29 267720]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:59]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:59]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://[www].google.it/
uDefault_Search_URL = hxxp://[www].google[.com]/ie
mStart Page = hxxp://home.sweetim[.com]
uSearchAssistant = hxxp://[www].google[.com]/ie
uSearchURL,(Default) = hxxp://[www].google[.com]/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\rhugqwq1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://it.search.*******[.com]/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://search.conduit[.com]/ResultsExt.aspx?ctid=CT2851640&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : engine conduit[.com] - %profile%\extensions\engineconduit[.com]
FF - Ext: Illimitux: illimituxillimitux.net - %profile%\extensions\illimituxillimitux.net
FF - Ext: uTorrentBar_IT Community Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - %profile%\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
FF - Ext: *******! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Softonic-IT Community Toolbar: {e3393495-8103-46a0-8181-270273eddd60} - %profile%\extensions\{e3393495-8103-46a0-8181-270273eddd60}
FF - user.js: *******.ytff.general.dontshowhpoffer - true
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{e3393495-8103-46a0-8181-270273eddd60} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{E3393495-8103-46A0-8181-270273EDDD60} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-ccleaner - c:\program files\CCleaner\CCleaner.exe
HKCU-Run-amsn - c:\program files\aMSN\amsn.exe
HKLM-Run-EfficientDiary - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\Samsung\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3050937776-903184038-1092108343-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
Denied: (2) (S-1-5-21-3050937776-903184038-1092108343-1000)
Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
Denied: (A) (Users)
Denied: (A) (Everyone)
Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-10-12 09:15:47
ComboFix-quarantined-files.txt 2011-10-12 07:15
.
Pre-Run: 76.268.462.080 byte disponibili
Post-Run: 76.035.932.160 byte disponibili
.
- - End Of File - - E2B96CCAB3B55478ECE9F7AD5A006CA1 |
|
|
|
Discussione |
|
aiuto pubblicity invadente...
Forum Bloccato
