Accedi per seguire   
Seguaci 0
ale_co

Problema Pagine Internet Che Si Aprono

Iniziato da ale_co,

36 messaggi in questa discussione

Inviato (modificato)

  • Apri il menù Start
  • Scegli Esegui
  • Digita cmd e conferma
  • Viene visualizzata la finestra dell'interprete dei comandi
  • Digitare sc delete ServiceUpd.exe
  • Lo stesso per Pos.exe

Fare ripartire il sistema (reboot)

Posta un nuovo log di HJT

nel fare questo mi dice : openservice OPERAZIONI NON RIUSCITE 1060

il servizio specificato non esiste come servizio installato

anche per Pos.exe

Modificato da la_teknò

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ok va benissimo. Lo script e' andato bene.

Posta il log che ti ha ridato combofix quando hai eseguito lo script ed un nuovo log di hijackthis.

Come va il pc?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ma il pc sembra andare bene ma il problema delle pagine si presenta non troppo spesso per cui ancora non so..............

combofix

ComboFix 12-02-25.02 - ale 27/02/2012 9:45.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.3016 [GMT 1:00]

Eseguito da: c:\users\ale\Desktop\Nuova cartella\ComboFix.exe

Opzioni usate :: c:\users\ale\Desktop\Nuova cartella\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2012-01-27 al 2012-02-27 )))))))))))))))))))))))))))))))))))

.

.

2012-02-27 08:50 . 2012-02-27 08:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll

2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit

2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit

2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit

2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes

2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes

2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira

2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira

2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira

2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-26_18.12.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-10 17:50 . 2012-02-27 08:43 46802 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-27 08:43 32248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-10 17:45 . 2012-02-27 08:53 14726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474293858-2899481260-1501051529-1001_UserData.bin

- 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:44 . 2012-02-27 08:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:44 . 2012-02-27 08:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 17:44 . 2012-02-27 08:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:44 . 2012-02-27 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 17:44 . 2012-02-27 08:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-02-27 08:51 . 2012-02-27 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-27 08:51 . 2012-02-27 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-02-26 18:11 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-27 08:50 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ServUpdater;Serv Updater;c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]

R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]

R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x]

R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]

R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x]

R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]

S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x]

S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x]

S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

.

--------- x86-64 -----------

.

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.it/

mLocal Page = c:\windows\SYSTEM32\blank.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\

FF - prefs.js: browser.search.selectedEngine - Cerca...

FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Ora fine scansione: 2012-02-27 09:55:40 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-02-27 08:55

ComboFix2.txt 2012-02-26 19:40

ComboFix3.txt 2012-02-26 18:16

ComboFix4.txt 2012-01-30 09:46

ComboFix5.txt 2012-02-27 08:44

.

Pre-Run: 197.381.799.936 byte disponibili

Post-Run: 197.366.939.648 byte disponibili

.

- - End Of File - - 2857484556BC68A98EB56FD7CADA7E90

hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:52:14, on 22/02/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Users\Public\Documents\AppData\PoApp\PService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\ale\AppData\Local\PosService\Pos.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\ale\AppData\Local\ServUpdater\ServiceUpd.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 5002 bytes

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao

Il problema rimane, dobbiamo eliminare questi due servizi

Apri il blocco note copia e salva questo testo, chiamandolo CFScript

KillAll::

Driver::
ServUpdater
PowerOffer 
Service


Folder::
C:\Users\ale\AppData\Local\ServUpdater\
C:\Users\ale\AppData\Local\PosService

col mouse trascina il file CFScript.txt sull'icona rossa di combofix

cfscript08oy6.gif

lascia lavorare il programma

finito verra creato un nuovo log combofix.txt, postalo insieme ad un log di hijackthis Nuovi

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:44:52, on 27/02/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 4755 bytes

ComboFix 12-02-25.02 - ale 27/02/2012 16:32:45.4.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4087.2920 [GMT 1:00]

Eseguito da: c:\users\ale\Desktop\Nuova cartella\ComboFix.exe

Opzioni usate :: c:\users\ale\Desktop\Nuova cartella\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ale\AppData\Local\PosService

c:\users\ale\AppData\Local\PosService\7z.dll

c:\users\ale\AppData\Local\PosService\AppLib.Zip.dll

c:\users\ale\AppData\Local\PosService\Pos.InstallLog

c:\users\ale\AppData\Local\PosService\Pos.InstallState

c:\users\ale\AppData\Local\ServUpdater

c:\users\ale\AppData\Local\ServUpdater\7z.dll

c:\users\ale\AppData\Local\ServUpdater\AppLib.Zip.dll

c:\users\ale\AppData\Local\ServUpdater\InstallHelper.exe

c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.exe

c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.InstallLog

c:\users\ale\AppData\Local\ServUpdater\ServiceUpd.InstallState

c:\users\ale\AppData\Local\ServUpdater\settings.ini

c:\users\ale\AppData\Local\ServUpdater\settings\settings.ini

c:\users\ale\AppData\Local\ServUpdater\upd.exe

.

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_ServUpdater

.

.

((((((((((((((((((((((((( Files Creati Da 2012-01-27 al 2012-02-27 )))))))))))))))))))))))))))))))))))

.

.

2012-02-27 15:35 . 2012-02-27 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-25 16:34 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-02-25 16:34 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-25 16:34 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-02-25 16:34 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-25 16:34 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-24 13:07 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD4B6BFE-0B84-4DD6-8D1C-63007829A509}\mpengine.dll

2012-02-21 16:45 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-20 19:51 . 2012-02-20 19:51 388096 ----a-r- c:\users\ale\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-15 09:51 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 09:51 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-01-30 09:29 . 2012-01-30 09:29 -------- d-----w- c:\programdata\IObit

2012-01-30 08:28 . 2012-01-30 09:53 -------- d-----w- c:\program files (x86)\IObit Toolbar

2012-01-30 08:28 . 2012-01-30 08:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot

2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\users\ale\AppData\Roaming\IObit

2012-01-30 08:27 . 2012-01-30 08:27 -------- d-----w- c:\program files (x86)\IObit

2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\users\ale\AppData\Roaming\Malwarebytes

2012-01-29 21:10 . 2012-01-29 21:10 -------- d-----w- c:\programdata\Malwarebytes

2012-01-29 21:10 . 2012-02-21 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-29 13:07 . 2012-01-29 13:07 -------- d-----w- c:\users\ale\AppData\Roaming\Avira

2012-01-29 13:01 . 2012-02-15 15:46 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-01-29 13:01 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-01-29 13:01 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\programdata\Avira

2012-01-29 13:01 . 2012-01-30 09:52 -------- d-----w- c:\program files (x86)\Avira

2012-01-29 12:00 . 2012-01-29 04:10 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-29 11:17 . 2012-01-29 11:17 -------- d-----w- c:\program files (x86)\Trend Micro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 13:10 . 2011-05-18 18:32 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-22 18:55 . 2012-01-22 18:55 716318 ----a-w- c:\windows\unins000.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-02-26_18.12.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-12-10 17:50 . 2012-02-27 14:17 47214 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-02-27 15:39 32288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-12-10 17:45 . 2012-02-27 15:39 14742 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1474293858-2899481260-1501051529-1001_UserData.bin

- 2010-12-10 17:37 . 2012-02-26 17:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:37 . 2012-02-27 10:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-02-23 15:10 . 2012-02-26 17:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-02-23 15:10 . 2012-02-27 10:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-02-26 17:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-02-27 10:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 17:44 . 2012-02-27 14:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:44 . 2012-02-27 14:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 17:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-12-10 17:44 . 2012-02-27 14:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 17:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-12-10 17:44 . 2012-02-27 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-12-10 17:44 . 2012-02-27 15:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-12-10 17:44 . 2012-02-26 18:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-02-27 15:37 . 2012-02-27 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-02-26 18:12 . 2012-02-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-02-27 15:37 . 2012-02-27 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:12 . 2012-02-26 17:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2012-02-27 10:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-02-26 18:11 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-02-27 15:36 277296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-13 20:05 . 2012-02-27 15:36 1456648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474293858-2899481260-1501051529-1001-8192.dat

- 2010-12-13 20:05 . 2012-02-23 22:38 1456648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1474293858-2899481260-1501051529-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA&inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA∏=54&ver=9.0.894" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]

R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [x]

R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys [x]

R3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [x]

R3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]

S3 rrau0001;rrau0001;c:\windows\system32\Drivers\rrau0001.sys [x]

S3 rrwd0001;rrwd0001;c:\windows\system32\Drivers\rrwd0001.sys [x]

S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF3745.3XE" [2010-11-20 345088]

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.it/

mLocal Page = c:\windows\SYSTEM32\blank.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{118A1E5A-ED31-4E4D-8816-3307B42729EA}: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\ale\AppData\Roaming\Mozilla\Firefox\Profiles\rrcon7c6.default\

FF - prefs.js: browser.search.selectedEngine - Cerca...

FF - prefs.js: browser.startup.homepage - hxxp://search.findeer.com

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org

.

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

.

**************************************************************************

.

Ora fine scansione: 2012-02-27 16:41:42 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2012-02-27 15:41

ComboFix2.txt 2012-02-27 08:55

ComboFix3.txt 2012-02-26 19:40

ComboFix4.txt 2012-02-26 18:16

ComboFix5.txt 2012-02-27 15:31

.

Pre-Run: 194.118.406.144 byte disponibili

Post-Run: 194.140.348.416 byte disponibili

.

- - End Of File - - 7C13472492E40F93B3B6E52D3E78DE92

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ok grazie mille ho quasi finito.. sono alla deframmentazione...... dopo i vari programmi che ho installato (ccleaner,, defraggler..) consigli di tenerli o disinstallarli?

a breve il log di hijackthis comunque dopo qualche giorno di utilizzo ti dico già che le pagine internet non si aprono +!!!

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato (modificato)

ok ho completato le procedure........

dopo aver inserito la stringa lì in accessori-esegui, il file checkhd.txt mi dice questo: Accesso negato. Privilegi insufficienti.

Questa utilit… deve essere eseguita tramite un account con privilegi elevati.

e questo è il nuovo log i hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:30:43, on 01/03/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAWABZAEYARAAtAEoAVQBWADcAMgAtADgAOQAyADIAUgAtAEYAVABEAE8AOAAtAFEARQBNAEIAUgA"&"inst=NwA2AC0ANgA0ADAANQA4ADMANwA3ADQALQBEADMAOAAxAEwAKwA1AC0AUABMACsAOQAtAFgATwAzADYAKwAxAC0ATgAxAEQAKwAxAC0AQwBJAFAAKwAyAC0ARABEAFQAKwAzADkANAAxADQALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0ARgBVAEkAKwAyAA"&"prod=54"&"ver=9.0.894

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 5291 bytes

i vari programmi che ho installato (ccleaner,, defraggler..) consigli di tenerli o disinstallarli?

Modificato da la_teknò

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao la_tekno' :laving4:

dopo aver inserito la stringa lì in accessori-esegui, il file checkhd.txt mi

dice questo: Accesso negato.

Mi sono perso qualcosa? Quale stringa? Quale file?:blink1:

i vari programmi che ho installato (ccleaner,, defraggler..) consigli di tenerli

o disinstallarli?

Certamente che li devi tenere.Fai una bella pulizia una volta alla settimana usando questi due tool Inoltre dovresti tenere Malwarebytes e fare una scansione almeno ogni 15 giorni

Scaricati un bel firewall Io ti consiglio Comodo firewall

Evita di usare programmi P2P, molti malintenzionati usano proprio i programmi di condivisione per mettere in rete i malware

Mantieni aggiornato il tuo antivirus e cerca di sapere dove navighi.

Per quel che mi riguarda sei libero, Per qualsiasi cosa Wininizio e' sempre a tua disposizione.

Ciao La_teknò :ciao::anna:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao la_tekno' :laving4:

Mi sono perso qualcosa? Quale stringa? Quale file?:blink1:

Certamente che li devi tenere.Fai una bella pulizia una volta alla settimana usando questi due tool Inoltre dovresti tenere Malwarebytes e fare una scansione almeno ogni 15 giorni

Scaricati un bel firewall Io ti consiglio Comodo firewall

Evita di usare programmi P2P, molti malintenzionati usano proprio i programmi di condivisione per mettere in rete i malware

Mantieni aggiornato il tuo antivirus e cerca di sapere dove navighi.

Per quel che mi riguarda sei libero, Per qualsiasi cosa Wininizio e' sempre a tua disposizione.

Ciao La_teknò :ciao::anna:

grazie tante gran servizio ;)

nella procedura che mi hai detto di seguire c'è questo punto

13. Controlla l'Hard Disk per eventuali errori

Procedura per Windows Vista e Windows Seven:

● clicca sul pulsante Start

● scegli la voce Tutti i programmi

● clicca su Accessori

● clicca su Esegui

● nello spazio bianco, copia ed incolla questa riga:

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

● clicca sul pulsante OK

● attendi pazientemente il termine delle operazioni

● una finestra DOS vuota si aprirà sul Desktop, per poi chiudersi automaticamente: nulla di cui preoccuparsi

● allega il file checkhd.txt presente sul Desktop per un controllo

ecco il file checkhd.txt mi dice

Accesso negato. Privilegi insufficienti.

Questa utilit… deve essere eseguita tramite un account con privilegi elevati.

ok ora scarico il firewall ;) come antivirus sto usando avira ma sinceramente non capisco se la versione free è sufficente........ ne sai qualcosa? è un buon antivirus tra l'altro?

ciao e grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao la_tekno'

ecco il file checkhd.txt mi dice

Accesso negato. Privilegi insufficienti.

Questa utilit… deve essere eseguita tramite un account con privilegi elevati.

No Problem

Per il controllo dell'hard disc puoi anche usare un tool di terze parti. Leggi Questo topic e seguine le indicazioni per usarlo.

come antivirus sto usando avira ma sinceramente non capisco se la versione free è sufficente........ ne sai qualcosa? è un buon antivirus tra l'altro?

Non ti dico che e' il migliore per non offendere chi non lo usa, però ti dico scaricalo e vai tranquillo :laving4:

A presto :ciao::anna:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log