ale_co

Utenti
 Visualizza profilo  Vedi la sua attività

  • Numero contenuti

    91

  • Iscritto

  • Ultima visita

Su ale_co

  • Livello
    Apprendista
  1. grazie tante gran servizio nella procedura che mi hai detto di seguire c'è questo punto 13. Controlla l'Hard Disk per eventuali errori Procedura per Windows Vista e Windows Seven: ● clicca sul pulsante Start ● scegli la voce Tutti i programmi ● clicca su Accessori ● clicca su Esegui ● nello spazio bianco, copia ed incolla questa riga: cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt" ● clicca sul pulsante OK ● attendi pazientemente il termine delle operazioni ● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi ● allega il file checkhd.txt presente sul Desktop per un controllo ecco il file checkhd.txt mi dice Accesso negato. Privilegi insufficienti. Questa utilit… deve essere eseguita tramite un account con privilegi elevati. ok ora scarico il firewall come antivirus sto usando avira ma sinceramente non capisco se la versione free è sufficente........ ne sai qualcosa? è un buon antivirus tra l'altro? ciao e grazie
  2. ok ho completato le procedure........ dopo aver inserito la stringa lì in accessori-esegui, il file checkhd.txt mi dice questo: Accesso negato. Privilegi insufficienti. Questa utilit… deve essere eseguita tramite un account con privilegi elevati. e questo è il nuovo log i hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:30:43, on 01/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5291 bytes i vari programmi che ho installato (ccleaner,, defraggler..) consigli di tenerli o disinstallarli?
  3. ok grazie mille ho quasi finito.. sono alla deframmentazione...... dopo i vari programmi che ho installato (ccleaner,, defraggler..) consigli di tenerli o disinstallarli? a breve il log di hijackthis comunque dopo qualche giorno di utilizzo ti dico già che le pagine internet non si aprono +!!!
  4. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:44:52, on 27/02/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4755 bytes ComboFix 12-02-25.02 - ale 27/02/2012 16:32:45.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.2920 [GMT 1:00] Eseguito da: c:\users\ale\Desktop\Nuova cartella\ComboFix.exe Opzioni usate :: c:\users\ale\Desktop\Nuova cartella\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ale\AppData\Local\PosService c:\users\ale\AppData\Local\PosService\7z.dll c:\users\ale\AppData\Local\PosService\AppLib.Zip.dll c:\users\ale\AppData\Local\PosService\Pos.InstallLog c:\users\ale\AppData\Local\PosService\Pos.InstallState c:\users\ale\AppData\Local\ServUpdater c:\users\ale\AppData\Local\ServUpdater\7z.dll c:\users\ale\AppData\Local\ServUpdater\AppLib.Zip.dll c:\users\ale\AppData\Local\ServUpdater\InstallHelper.exe c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.InstallLog c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.InstallState c:\users\ale\AppData\Local\ServUpdater\settings.ini c:\users\ale\AppData\Local\ServUpdater\settings\settings.ini c:\users\ale\AppData\Local\ServUpdater\upd.exe . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ServUpdater . . ((((((((((((((((((((((((( Files Creati Da 2012-01-27 al 2012-02-27 ))))))))))))))))))))))))))))))))))) . . 2012-02-27 15:35 . 2012-02-27 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll 2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit 2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar 2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira 2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira 2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-02-26_18.12.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-10 17:50 . 2012-02-27 14:17 47214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-27 15:39 32288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-10 17:45 . 2012-02-27 15:39 14742 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474293858-2899481260-1501051529-1001_UserData.bin - 2010-12-10 17:37 . 2012-02-26 17:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:37 . 2012-02-27 10:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-23 15:10 . 2012-02-26 17:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-23 15:10 . 2012-02-27 10:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-02-26 17:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-02-27 10:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-27 14:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-27 14:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-10 17:44 . 2012-02-27 14:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-27 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-27 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-27 15:37 . 2012-02-27 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-27 15:37 . 2012-02-27 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:12 . 2012-02-26 17:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-02-27 10:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2012-02-26 18:11 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-27 15:36 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-12-13 20:05 . 2012-02-27 15:36 1456648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474293858-2899481260-1501051529-1001-8192.dat - 2010-12-13 20:05 . 2012-02-23 22:38 1456648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474293858-2899481260-1501051529-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x] R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x] R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224] S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x] S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x] S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF3745.3XE" [2010-11-20 345088] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Ora fine scansione: 2012-02-27 16:41:42 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-02-27 15:41 ComboFix2.txt 2012-02-27 08:55 ComboFix3.txt 2012-02-26 19:40 ComboFix4.txt 2012-02-26 18:16 ComboFix5.txt 2012-02-27 15:31 . Pre-Run: 194.118.406.144 byte disponibili Post-Run: 194.140.348.416 byte disponibili . - - End Of File - - 7C13472492E40F93B3B6E52D3E78DE92
  5. ma il pc sembra andare bene ma il problema delle pagine si presenta non troppo spesso per cui ancora non so.............. combofix ComboFix 12-02-25.02 - ale 27/02/2012 9:45.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.3016 [GMT 1:00] Eseguito da: c:\users\ale\Desktop\Nuova cartella\ComboFix.exe Opzioni usate :: c:\users\ale\Desktop\Nuova cartella\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2012-01-27 al 2012-02-27 ))))))))))))))))))))))))))))))))))) . . 2012-02-27 08:50 . 2012-02-27 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll 2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit 2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar 2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira 2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira 2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-02-26_18.12.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-10 17:50 . 2012-02-27 08:43 46802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-27 08:43 32248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-10 17:45 . 2012-02-27 08:53 14726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474293858-2899481260-1501051529-1001_UserData.bin - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-27 08:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-27 08:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-27 08:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-27 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-27 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-27 08:51 . 2012-02-27 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-27 08:51 . 2012-02-27 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-26 18:11 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-27 08:50 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ServUpdater;Serv Updater;c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x] R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x] R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224] S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x] S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x] S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Ora fine scansione: 2012-02-27 09:55:40 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-02-27 08:55 ComboFix2.txt 2012-02-26 19:40 ComboFix3.txt 2012-02-26 18:16 ComboFix4.txt 2012-01-30 09:46 ComboFix5.txt 2012-02-27 08:44 . Pre-Run: 197.381.799.936 byte disponibili Post-Run: 197.366.939.648 byte disponibili . - - End Of File - - 2857484556BC68A98EB56FD7CADA7E90 hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:52:14, on 22/02/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\ale\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\ale\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5002 bytes
  6. nel fare questo mi dice : openservice OPERAZIONI NON RIUSCITE 1060 il servizio specificato non esiste come servizio installato anche per Pos.exe
  7. ok... le pagine internet continuano ad aprirsi.. x il resto è abbastanza scorrevole.............. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:52:14, on 22/02/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\ale\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\ale\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5002 bytes
  8. nuovo log ComboFix 12-02-25.02 - ale 26/02/2012 20:31:10.2.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.2927 [GMT 1:00] Eseguito da: c:\users\ale\Desktop\Nuova cartella\ComboFix.exe Opzioni usate :: c:\users\ale\Desktop\Nuova cartella\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\ale\AppData\Local\PosService\Pos.exe" "c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ale\AppData\Local\PosService\Pos.exe c:\users\Public\Documents\AppData\PoApp\PLauncher.exe . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_PowerOffer Service . . ((((((((((((((((((((((((( Files Creati Da 2012-01-26 al 2012-02-26 ))))))))))))))))))))))))))))))))))) . . 2012-02-26 19:34 . 2012-02-26 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll 2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit 2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar 2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira 2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira 2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-02-26_18.12.38 ))))))))))))))))))))))))))))))))))))))))) . + 2010-12-10 17:50 . 2012-02-26 19:08 46418 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-02-26 19:08 32152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-10 17:45 . 2012-02-26 19:38 14694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474293858-2899481260-1501051529-1001_UserData.bin - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-26 19:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-26 19:07 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-26 19:07 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-10 17:44 . 2012-02-26 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-10 17:44 . 2012-02-26 19:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-26 19:36 . 2012-02-26 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-26 19:36 . 2012-02-26 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-02-26 18:11 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-02-26 19:35 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ServUpdater;Serv Updater;c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x] R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x] R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224] S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x] S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x] S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF30490.3XE" [2010-11-20 345088] . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org . - - - - CHIAVI ORFANE RIMOSSE - - - - . Wow6432Node-HKLM-Run-PosService - c:\users\Public\Documents\AppData\PoApp\PLauncher.exe . . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Ora fine scansione: 2012-02-26 20:40:18 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-02-26 19:40 ComboFix2.txt 2012-02-26 18:16 ComboFix3.txt 2012-01-30 09:46 ComboFix4.txt 2012-01-30 08:50 . Pre-Run: 197.392.961.536 byte disponibili Post-Run: 197.363.249.152 byte disponibili . - - End Of File - - 97AE809F434190B110C50767D650366E
  9. ComboFix 12-02-25.02 - ale 26/02/2012 19:05:54.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.2807 [GMT 1:00] Eseguito da: c:\users\ale\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\ale\AppData\Roaming\cacaoweb c:\users\ale\AppData\Roaming\cacaoweb\cacaoweb.exe c:\windows\security\Database\tmp.edb c:\windows\SysWow64\system c:\windows\Tasks\Acrobat Update.job . . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_RkHit . . ((((((((((((((((((((((((( Files Creati Da 2012-01-26 al 2012-02-26 ))))))))))))))))))))))))))))))))))) . . 2012-02-26 18:10 . 2012-02-26 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll 2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit 2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar 2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit 2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes 2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes 2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira 2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira 2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira 2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 PowerOffer Service;Pos Service;c:\users\ale\AppData\Local\PosService\Pos.exe [2011-12-16 164352] R2 ServUpdater;Serv Updater;c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160] R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x] R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x] R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x] R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x] R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960] R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224] S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x] S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x] S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF13421.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.it/ mLocal Page = c:\windows\SYSTEM32\blank.htm TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\ FF - prefs.js: browser.search.selectedEngine - Cerca... FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org . . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe . ************************************************************************** . Ora fine scansione: 2012-02-26 19:16:59 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-02-26 18:16 ComboFix2.txt 2012-01-30 09:46 ComboFix3.txt 2012-01-30 08:50 . Pre-Run: 198.020.050.944 byte disponibili Post-Run: 197.379.457.024 byte disponibili . - - End Of File - - F4CF6098FDEFEBEA4E7FA2D32D5D3DBF questo è quanto dice combofix... ora però dopo combofix qualsiasi programma per avviarlo devo farlo come administrator (sia le cartelle nella barra applicazioni........ sia internet exlporer, firefox.. qualsiasi programma..)... se tento di avviarlo col normale doppio click mi dice: C.\Programfiles x86|Internet Explorer\iexplore.exe E' stata tentata un'operazione non consentita su una chiave di Registro di sistema segnata per l'eliminazione perchè???????
  10. inizio a postare il report.. non è stato necessario riavviare..... stasera o domani faccio andare combofix che ci impiega un pò mi pare di ricordare report.txt
  11. ok ora mi adopero... ma combofix devo lanciarlo da administrator?
  12. allego i due log di DDS il log di hicjackthis aveva l'ora sbagliata perchè come mi hai detto non avevo cancellato quello precedente quelle cartelle non le ho proprio..... n.b. pcsafedoctor sono riuscito a disinstallarlo da ''installazione applicazioni''... non ricordavo neanche di averlo installato... DDS.txt Attach.txt
  13. l'ora che il mio pc segna ora come anche prima è quella corretta! (ora segna le 12.46) ... ora vado col log come administrator e lo posto eccoci: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:52:14, on 22/02/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\ale\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\ale\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5002 bytes n.b nessuna delle cartelle che mi chiedevi c'è!
  14. la data era giusta........ ora ho cancellato tutti i log che avevo presente me quando faccio un nuovo scan al termine mi dice : impossibile trovare il file c:/program files x86/trend micro/ hijackthis/ hijacthis.log e il log è un documento bianco se faccio ''creare un documento nuovo'' sì... mi rimane comunque un documento di testo bianco... nessun log magari vi basta questa immagine che allego di hijackthis magari vi basta questa immagine che allego di hijackthis
  15. caspita ho sbagliato log allora! ecco il nuovo grazie mille Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:42, on 30/01/2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [pcsafedoctor.exe] Disable_By_C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894 O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\ale\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\ale\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4945 bytes caspita ma non so perchè ma come data mi mette un mese fa.. questo è stato appena fatto!!!!