aiuto eliminare searchnu.com/410

**John Fiorucci** · 16-09-2012, 17:07

Dopo aver scaricato un programma per convertire audio, la mia homepage firefox è cambiata in searchnu.com/410. Non riesco più a cambiarla e sta anche modificando altre cose di firefox. Ho letto che si tratta di un virus che può installare altro malware e anche spiare la mia navigazione online. Con avast non ho trovato nulla e nemmeno con altri programmi tipo antispyware. Non so come risolvere, è la prima volta che il mio laptop si becca un virus e non ho nemmeno il disco di ripristino per tornare ad avere il computer come appena comprato!!

Ho fatto una scansione con hijackthis, la posto. Per piacere aiutatemi!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:16, on 16/09/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\Stefano\AppData\Roaming\Dropbox\bin\Dropb ox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Dropbox.lnk = Stefano\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~2\SEARCH~1\SEARCH~1\IEBHO.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -

**John Fiorucci** · 16-09-2012, 17:08

C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12838 bytes

PS: ho spezzato in due perchè in un solo post il file log non ci stava.. Attendo pazientemente aiuto!!

**menatwork** · 16-09-2012, 17:26

ciao e benvenuto John Fiorucci

prima di cominciare con la disinfezione volevo chiederti se ti e' capitato di aprire una pagina simile a questa e' solo per capirci di piu'

fai questa scansione

scarica adwcleaner clicca su delete e posta il log

**John Fiorucci** · 16-09-2012, 17:44

Ciao e grazie per la risposta!! No, non mi sono mai imbattuto in siti di farmacie false o cose simili. Ho beccato il virus da un software per convertire formati audio. Free mp3 wma converter. Probabilmente ho preso un mirror poco affidabile. Ora faccio il test sul portatile che è offline. Posto il log il prima possibile..

Allora. Ho fatto delete con adware ora posto il log. Però mi spiace ma mi sa che servirà a poco perchè questa mattina ho fatto la stessa cosa sempre con adware, e aveva cancellato più cose. Però da stupido non ho il log di questa mattina!

Stavo cercando di sistemare le cose da solo ma non ho risolto niente.. Comunque in ogni caso questo è il log di un minuto fa..

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 17:45:40
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stefano - STEFANO-PC
# Boot Mode : Normal
# Running from : C:\Users\Stefano\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (it)

Profile name : default
File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5239 octets] - [16/09/2012 16:40:26]
AdwCleaner[S1].txt - [6032 octets] - [16/09/2012 16:41:09]
AdwCleaner[S2].txt - [871 octets] - [16/09/2012 17:45:40]

########## EOF - C:\AdwCleaner[S2].txt - [930 octets] ##########

**menatwork** · 16-09-2012, 18:07

cerca di non usare programmi se non li conosci bene ne guadagni di salute tua e del pc

ora fammi questa scansione

scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega , nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

**John Fiorucci** · 16-09-2012, 18:26

Ok sto aspettando che completi e poi posto il log. Non mi ha ancora chiesto del punto di ripristino, comunque se chiede non lo creo. Ho anche trovato i file log della scansione delete di stamattina con adwcleaner, dove aveva trovato molti più file e chiavi di registro. Se serve posto anche quelli..

ComboFix 12-09-15.02 - Stefano 16/09/2012 18:19:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3948.2604 [GMT 2:00]
Eseguito da: c:\users\Stefano\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-16 al 2012-09-16 )))))))))))))))))))))))))))))))))))
.
.
2012-09-16 16:29 . 2012-09-16 16:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-16 15:47 . 2012-09-16 16:31 -------- d-----w- c:\programdata\boost_interprocess
2012-09-16 15:41 . 2012-09-16 15:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-16 15:41 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-09-16 15:40 . 2012-09-16 15:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-09-16 14:51 . 2012-09-16 14:51 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-16 11:28 . 2012-09-16 11:28 614400 ----a-w- c:\windows\AutoKMS.exe
2012-09-16 01:17 . 2012-09-16 01:17 -------- d-----w- c:\users\Stefano\AppData\Roaming\Malwarebytes
2012-09-16 01:17 . 2012-09-16 01:17 -------- d-----w- c:\programdata\Malwarebytes
2012-09-15 14:28 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:27 . 2012-09-15 14:27 -------- d-----w- c:\program files\iPod
2012-09-15 14:27 . 2012-09-15 14:28 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 14:27 . 2012-09-15 14:28 -------- d-----w- c:\program files\iTunes
2012-09-15 14:27 . 2012-09-15 14:28 -------- d-----w- c:\program files (x86)\iTunes
2012-09-14 19:43 . 2012-09-14 19:43 -------- d-----w- c:\users\Stefano\AppData\Roaming\Broad Intelligence
2012-09-14 19:43 . 2012-09-14 19:44 -------- d-----w- c:\program files\MediaCoder
2012-09-14 10:36 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38160D6E-A072-46EC-A507-C0D52BA875C5}\mpengine.dll
2012-09-14 01:01 . 2012-09-14 01:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-13 20:47 . 2012-09-13 20:47 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-12 18:34 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 18:34 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 18:33 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 18:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 18:33 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:33 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 18:33 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 12:07 . 2012-09-06 12:07 -------- d-----w- c:\program files (x86)\Western Digital
2012-09-06 12:07 . 2012-09-06 12:07 -------- d-----w- c:\program files\Western Digital
2012-09-06 11:35 . 2012-09-06 12:12 -------- d-----w- c:\users\Stefano\AppData\Local\Western_Digital
2012-09-06 11:32 . 2012-09-06 12:10 -------- d-----w- c:\programdata\Western Digital
2012-09-06 11:30 . 2012-09-06 11:38 -------- d-----w- c:\users\Stefano\AppData\Local\Western Digital
2012-09-06 11:30 . 2012-09-06 11:30 -------- d-----w- c:\program files\WDCSAM
2012-09-06 11:21 . 2012-09-06 11:21 -------- d-----w- c:\program files\DIFX
2012-09-05 22:13 . 2012-09-05 22:13 -------- d-----w- c:\programdata\Hewlett-Packard
2012-09-05 22:13 . 2012-04-24 04:51 476160 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp130.dl l
2012-09-05 21:25 . 2008-05-07 17:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DL L
2012-08-30 18:58 . 2012-08-30 18:58 -------- d-----w- c:\program files (x86)\The Little App Factory
2012-08-30 16:11 . 2012-08-21 11:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-30 16:11 . 2012-08-21 11:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-30 16:09 . 2012-08-30 16:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-08-30 16:09 . 2012-08-30 16:09 -------- d-----w- c:\program files\Common Files\Apple
2012-08-30 16:09 . 2012-09-15 14:27 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-08-30 15:49 . 2012-08-30 15:53 -------- d-----w- c:\program files (x86)\Winamp
2012-08-30 14:38 . 2012-08-30 14:38 -------- d-----w- c:\users\Stefano\AppData\Roaming\Nero
2012-08-30 14:35 . 2012-08-30 14:37 -------- d-----w- c:\programdata\Nero
2012-08-30 14:26 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-08-30 14:26 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-08-30 14:26 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-08-30 14:26 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-08-30 14:26 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-08-30 14:26 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-30 14:25 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-08-30 14:25 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-08-30 14:25 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-08-30 11:23 . 2012-08-30 11:23 -------- d-----w- c:\users\Stefano\AppData\Roaming\Canneverbe Limited
2012-08-30 11:23 . 2012-08-30 11:23 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-18 12:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-09-15 14:38 . 2012-04-13 16:12 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-15 14:38 . 2011-09-17 14:37 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 19:53 . 2011-09-20 10:40 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 18:24 . 2012-07-09 14:31 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2011-10-02 13:27 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 09:13 . 2011-09-17 13:16 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-09-17 13:16 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-09-17 13:16 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-24 13:04 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2011-09-17 13:16 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-09-17 13:16 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-09-17 13:15 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-09-17 13:15 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2011-09-17 13:16 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-26 15:40 . 2012-01-26 15:40 8313344 ----a-w- c:\program files (x86)\reaper.exe
2012-01-26 15:26 . 2012-01-26 15:26 1623040 ----a-w- c:\program files (x86)\reamote.exe
2011-06-08 03:51 . 2011-06-08 03:51 2239 ----a-w- c:\program files (x86)\reaper-to-usb.bat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_00.27.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-09-15 23:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-16 16:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-09-15 23:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-16 16:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-15 23:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2012-09-16 16:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2011-02-22 12:46 . 2012-09-16 15:48 59446 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-16 14:44 32076 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2011-09-16 20:40 . 2012-09-16 14:44 15732 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3145663728-878123940-2673587995-1000_UserData.bin
- 2011-03-27 17:20 . 2012-09-15 20:29 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-27 17:20 . 2012-09-16 08:53 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-27 17:20 . 2012-09-16 08:53 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-27 17:20 . 2012-09-15 20:29 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-16 08:53 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-09-15 20:29 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2011-09-16 20:41 . 2012-09-15 23:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 20:41 . 2012-09-16 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-16 20:41 . 2012-09-15 23:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

**menatwork** · 16-09-2012, 18:29

si si posta anche quello

ora cerca di toccare il meno possibile mouse e tastiera fino a quando combofix non finisce

**John Fiorucci** · 16-09-2012, 18:48

+ 2011-09-16 20:41 . 2012-09-16 15:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-27 16:57 . 2012-09-15 23:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
+ 2011-03-27 16:57 . 2012-09-16 15:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\History\History.IE5\index. dat
- 2011-09-16 20:41 . 2012-09-16 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 20:41 . 2012-09-16 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-27 16:57 . 2012-09-16 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2011-03-27 16:57 . 2012-09-16 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2012-09-15 23:13 . 2012-09-15 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-09-16 16:29 . 2012-09-16 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-09-16 16:29 . 2012-09-16 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2012-09-15 23:13 . 2012-09-15 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2011-03-28 02:21 . 2012-09-16 14:41 742376 c:\windows\system32\perfh010.dat
+ 2009-07-14 02:36 . 2012-09-16 14:41 655318 c:\windows\system32\perfh009.dat
+ 2011-03-28 02:21 . 2012-09-16 14:41 147536 c:\windows\system32\perfc010.dat
+ 2009-07-14 02:36 . 2012-09-16 14:41 122190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-15 23:12 485420 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-16 16:29 485420 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2011-09-17 16:38 . 2012-09-15 23:12 49884848 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-3145663728-878123940-2673587995-1000-12288.dat
+ 2011-09-17 16:38 . 2012-09-16 15:46 49884848 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-3145663728-878123940-2673587995-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-02-24 1078352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Stefano\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb ox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\datam ngr.dll c:\progra~2\SEARCH~1\SEARCH~1\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-09-15 250568]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro .sys [2010-12-07 187912]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2011-09-17 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [2011-02-22 22912]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [2011-02-22 20328]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [2011-02-22 62584]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-08-21 71600]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-02-24 347216]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-06 868224]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-08-30 1074720]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-08-30 1358360]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-14 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-20 67624]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-20 19496]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScs iMSa.sys [2011-01-19 52264]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScs iSDa.sys [2011-01-13 85544]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

**John Fiorucci** · 16-09-2012, 18:49

.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-13 14:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Stefano\AppData\Roaming\Dropbox\bin\Dropb oxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-02-12 418328]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-06 860040]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\SEARCH~1\SEARCH~1\x64\d atamngr.dll c:\progra~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
************************************************** ************************
.
Ora fine scansione: 2012-09-16 18:38:11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-09-16 16:38
ComboFix2.txt 2012-09-16 00:34
.
Pre-Run: 528.016.334.848 byte disponibili
Post-Run: 527.790.604.288 byte disponibili
.
- - End Of File - - 51895E448519F62F5481457BB58C5187

**John Fiorucci** · 16-09-2012, 18:55

# AdwCleaner v2.001 - Logfile created 09/16/2012 at 10:41:09
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stefano - STEFANO-PC
# Boot Mode : Normal
# Running from : C:\Users\Stefano\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\Program Files (x86)\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Stefano\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\extensions\cacaoweb@cacao web.org
Folder Deleted : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\Searchqutoolbar
Folder Deleted : C:\Users\Stefano\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser. 1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControl ler
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControl ler.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_R ASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_R ASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Sear chqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Sear chqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6 F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435 878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/410 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (it)

Profile name : default
File : C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\prefs.js

C:\Users\Stefano\AppData\Roaming\Mozilla\Firefox\P rofiles\ejynyk3i.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "8");
Deleted : user_pref("aol_toolbar.surf.lastDate", "30");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "7");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "8");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "8");
Deleted : user_pref("aol_toolbar.surf.week", "8");
Deleted : user_pref("aol_toolbar.surf.year", "8");
Deleted : user_pref("browser.search.defaultenginename", "Searchqu Web Search");
Deleted : user_pref("browser.search.order.1", "Searchqu Web Search");
Deleted : user_pref("keyword.URL", "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=410&sr=0&q=");

*************************

AdwCleaner[R1].txt - [5239 octets] - [16/09/2012 10:40:26]
AdwCleaner[S1].txt - [5919 octets] - [16/09/2012 10:41:09]

########## EOF - C:\AdwCleaner[S1].txt - [5979 octets] ##########

Ok questi sono i txt di combofix e di adwcleaner di stamattina.
PS: non c'è un modo migliore di allegare i txt? Quello lungo ho dovuto dividerlo in 3 parti..

Discussione: aiuto eliminare searchnu.com/410

Strumenti discussione

Ricerca discussione

Visualizza

aiuto eliminare searchnu.com/410

Permessi di invio