Delucidazioni per Hijackthis..!?

[karemmino]

Ciao a tutti. Il mio problema è che qualche giorno fa l'antivirus mi ha rilevato un infezione, sono corso ai ripari usando tutti gli anti-malaware in mio possesso; ma oggi guardando il log di Hijackthis ho notato delle voci ambigue e, visto che non sono pratico con i file di log, volevo sapere se qualcuno poteva aiutarmi a capire cosa sono...

Le voci che mi hanno insospettito sono verso la fine e come vedete le ho indicate con le faccine e la freccetta:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:19, on 21/04/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\WinPatrol\WinPatrol.exe
C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe
C:\Program Files\Switcher\Switcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\KAREM\memboost\MemBoost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
C:\PROGRAM FILES\MOUSE DRIVER\KMConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP 3D DRIVEGUARD\ACCELEROMETERST.EXE
C:\PROGRAM FILES\IDT\WDM\STTRAY.EXE
C:\Program Files\Namoroka\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.4\npchrome_frame.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe /s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CGFLoader] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZELOADER.EXE
O4 - HKCU\..\Run: [CalibrizeResume] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZERESUME.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'Default user')
O4 - Startup: Rizone Memory Booster.lnk = C:\KAREM\memboost\MemBoost.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7579008-2539-4718-80F4-811650267503}: NameServer = 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.366.4\npchrome_frame.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
:master: -->O23 - Service: DOFIVW - Unknown owner - C:\Windows\TEMP\DOFIVW.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
:master: -->O23 - Service: FZWATQAZ - Unknown owner - C:\Windows\TEMP\FZWATQAZ.exe (file missing)
:master: -->O23 - Service: GKTBU - Unknown owner - C:\Windows\TEMP\GKTBU.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
:master: -->O23 - Service: IGMBLMYGO - Unknown owner - C:\Windows\TEMP\IGMBLMYGO.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe


Grazie in anticipo a tutti.

[Nobody33]

Buona sera

1) Scaricati MALWAREBYTES e lo fai aggiornare.

2) sconnettiti da internet, vai in modalità provvisoria e gli fai fare una scansione COMPLETA (devi mettere la pallina nella schermata iniziale ).

3) tutto ciò che trova lo metti in quarantena (dopo la scansione trovi il pulsante in basso).

4) posta il log di malwarebytes ed esegui hijackthis in modalità normale; serve il log anche di esso. per una descrizione di hjt CLICCA QUI .



p.s.: di solito le cartelle TEMP non stanno mai dove sono da te, ovvero c:/windows/...lo hai modificato tu??

[karemmino]

Ciao e grazie per la disponibilità Nobody.
Ho fatto come mi hai detto tu ma malawarebytes ha trovato solo un file infetto in una cartella contenente dei file del mio vecchio computer che non uso (quindi non credo sia quello) e null'altro. Per quanto riguarda la posizione della cartella TEMP si l'ho spostata io, per un motivo che ora non ricordo più, ormai da molti mesi.
Comunque ti posto i log che mi sono venuti:



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 4021

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

22/04/2010 16:57:20
mbam-log-2010-04-22 (16-57-20).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 238734
Tempo trascorso: 30 minuti, 32 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Internet\Chrome Down_z[OLD]\Chrome_4\Find_Mac_KeyMaker.exe (Trojan.Downloader) -> No action taken.



-------



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:13:04, on 22/04/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\WinPatrol\WinPatrol.exe
C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe
C:\Program Files\Switcher\Switcher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Calibrize\CalibrizeResume.exe
C:\KAREM\memboost\MemBoost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\MOUSE DRIVER\STARTAUTORUN.EXE
C:\PROGRAM FILES\MOUSE DRIVER\KMConfig.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\PROGRAM FILES\HEWLETT-PACKARD\HP QUICK LAUNCH BUTTONS\QLBCTRL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP 3D DRIVEGUARD\ACCELEROMETERST.EXE
C:\PROGRAM FILES\IDT\WDM\STTRAY.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Luxand Blink!] C:\Program Files\Luxand\Blink!\LuxandBlinkTray.exe /s
O4 - HKCU\..\Run: [Switcher] "C:\Program Files\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [CGFLoader] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZELOADER.EXE
O4 - HKCU\..\Run: [CalibrizeResume] C:\PROGRAM FILES\CALIBRIZE\CALIBRIZERESUME.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Antanda] C:\Windows\TEMP\InstallValidator.exe (User 'Default user')
O4 - Startup: Rizone Memory Booster.lnk = C:\KAREM\memboost\MemBoost.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7579008-2539-4718-80F4-811650267503}: NameServer = 8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{244485FE-E682-4ADB-8608-36D32D95562F}: NameServer = 85.37.17.4,85.37.17.13,8.8.8.8,208.67.222.222
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.15\npchrome_frame.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DOFIVW - Unknown owner - C:\Windows\TEMP\DOFIVW.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FZWATQAZ - Unknown owner - C:\Windows\TEMP\FZWATQAZ.exe (file missing)
O23 - Service: GKTBU - Unknown owner - C:\Windows\TEMP\GKTBU.exe (file missing)
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IGMBLMYGO - Unknown owner - C:\Windows\TEMP\IGMBLMYGO.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe


Grazie ancora e spero mi aiuti a risolvere questo problema (sempre che ci sia)...

[Nobody33]

Dovresti rifare la scansione e mettere il file trovato da malwarebytes in quarantena, altrimenti lo elimini direttamente, perché cosi è come se non avessi fatto nulla;

Se ti vuoi accertare ulteriormente, scaricati A-SQUARED ed esegui una scansione completa con questo, con internet sconnesso ovviamente.

Dopo, creati un punto di ripristino (!!!!) ed elimini i file "sospetti" da hijackthis. Se il pc da problemi, basta ripristinare.

Per quanto riguarda quest'ultimi , penso che siano file dal tuo vecchio computer (file missing), ma non saprei; non penso che siano dei virus, ovvero non sono pericolosi.