Lettura HijackThis ...c'è qualcosa che non va?

**digmonica** · 18-08-2010, 15:01

Il mio pc si carica in continuazione, chi mi aiuta. C'è qualcosa che non va in questa scansione?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.40.22, on 18/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\DivX\DivX Update\DivXUpdate.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\config\systemprofile\Impostazi oni locali\Dati applicazioni\Windows Network Name Service\wnns.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: revenuebuster browser enhancer - {5B2453DB-A32A-2F8A-DF01-145217F70B8D} - C:\WINDOWS\system32\vnmzkmtoznc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programmi\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ihfgogfqjhftnpge] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\vnmzkmtoznc.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Windows Network Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Impostazi oni locali\Dati applicazioni\Windows Network Name Service\wnns.exe

--
End of file - 6147 bytes

**menatwork** · 18-08-2010, 15:16

ciao

hai delle infezioni da togliere, segui questi passaggi

Lancia HiJackThis -> Clicca Do a scan only -> Metti la spunta a fianco della riga che ti segnalo qui sotto -> Clicca su Fix Checked

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: revenuebuster browser enhancer - {5B2453DB-A32A-2F8A-DF01-145217F70B8D} - C:\WINDOWS\system32\vnmzkmtoznc.dll

O4 - HKLM\..\Run: [ihfgogfqjhftnpge] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\vnmzkmtoznc.dll"

scarica avenger sul desktop

Avvia il file avenger.exe

Copi e incolli nella finestra: "Imput script here" il SEGUENTE testo COSI' come l'ho scritto CON la dicitura files to delete:

Files to delete:
C:\WINDOWS\system32\config\systemprofile\Impostazi oni locali\Dati applicazioni\Windows Network Name Service\wnns.exe
C:\WINDOWS\system32\vnmzkmtoznc.dll

Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

disattiva l'antivirus

scarica combofix sul desktop (non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta

**digmonica** · 18-08-2010, 20:17

Ciao, prima di tutto ti ringrazio per la disponibilità.
Ho seguito i tuoi consigli e ti allego qui il primo risultato

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\config\systemprofile\Impostaz ioni locali\Dati applicazioni\Windows Network Name Service\wnns.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\vnmzkmtoznc.dll" not found!
Deletion of file "C:\WINDOWS\system32\vnmzkmtoznc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Ora continuo il procedimento

a dopo
ciao

**digmonica** · 18-08-2010, 20:19

Per disattivazione di antivirus intendi disinstallazione????

**menatwork** · 18-08-2010, 20:32

Per disattivazione di antivirus intendi disinstallazione????

no assolutamente. devi solo disattivarlo momentaneamente, sospendere la sua attivita' dopo la scansione lo riattivi

**digmonica** · 18-08-2010, 21:00

Ok finito ecco il risultato....

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.263 [GMT 2:00]
Eseguito da: C:\Documents and Settings\di gioia\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-07-18 al 2010-08-18 )))))))))))))))))))))))))))))))))))
.

2010-08-18 18:28:56 . 2010-08-18 18:30:04 44089904 ----a-w- C:\avira_antivir_personal_en_1000567.exe
2010-08-18 12:40:00 . 2010-08-18 12:40:00 -------- d-----w- C:\Programmi\Trend Micro
2010-08-16 09:44:32 . 2010-08-16 09:44:32 50390 ----a-w- C:\WINDOWS\system32\vqrflnxzfdiyfh.exe
2010-08-13 12:37:24 . 2010-08-13 12:37:25 57344 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-13 12:32:41 . 2010-08-13 12:27:14 1062184 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Setup\Resource.dll
2010-08-13 12:32:41 . 2010-08-13 12:27:10 895256 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Setup\DivXSetup.exe
2010-08-13 12:32:40 . 2010-08-13 12:32:40 56765 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DivXPlusShortcuts\Uninstaller.ex e
2010-08-13 12:32:39 . 2010-08-13 12:32:39 56997 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\WebPlayer\Uninstaller.exe
2010-08-13 12:32:31 . 2010-08-13 12:32:31 53600 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Update\Uninstaller.exe
2010-08-13 12:32:30 . 2010-08-13 12:32:30 57715 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Player\Uninstaller.exe
2010-08-13 12:32:17 . 2010-08-13 13:03:24 -------- d-----w- C:\Documents and Settings\di gioia\Dati applicazioni\DivX
2010-08-13 12:30:52 . 2010-08-13 12:30:52 52963 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-13 12:29:34 . 2010-08-13 12:29:34 54073 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Qt4.5\Uninstaller.exe
2010-08-13 12:29:16 . 2010-08-13 12:29:35 -------- d-----w- C:\Programmi\File comuni\DivX Shared
2010-08-13 12:29:14 . 2010-08-13 12:29:14 56969 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\ASPEncoder\Uninstaller.exe
2010-08-13 12:27:38 . 2010-08-13 12:32:40 -------- d-----w- C:\Programmi\DivX
2010-08-13 12:26:56 . 2010-08-13 12:32:40 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\DivX
2010-08-09 13:18:51 . 2010-08-09 15:52:42 -------- d-----w- C:\Programmi\Malwarebytes' Anti-Malware
2010-08-09 13:12:32 . 2009-11-25 10:19:02 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-08-09 13:12:18 . 2010-08-09 13:12:18 -------- d-----w- C:\Programmi\Avira
2010-08-09 09:38:29 . 2010-08-09 09:38:31 -------- d-----w- C:\WINDOWS\system32\XPSViewer
2010-08-09 09:38:22 . 2010-08-09 09:38:23 -------- d-----w- C:\Programmi\MSBuild
2010-08-09 09:38:10 . 2010-08-09 09:38:10 -------- d-----w- C:\Programmi\Reference Assemblies
2010-08-09 09:37:47 . 2008-07-06 12:06:10 89088 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-08-09 09:37:23 . 2008-07-06 12:06:10 89088 -c----w- C:\WINDOWS\system32\dllcache\filterpipelineprintpr oc.dll
2010-08-09 09:37:23 . 2008-07-06 12:06:10 575488 -c----w- C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2010-08-09 09:37:23 . 2008-07-06 12:06:10 575488 ------w- C:\WINDOWS\system32\xpsshhdr.dll
2010-08-09 09:37:23 . 2008-07-06 12:06:10 117760 ------w- C:\WINDOWS\system32\prntvpt.dll
2010-08-09 09:37:23 . 2008-07-06 10:50:03 597504 -c----w- C:\WINDOWS\system32\dllcache\printfilterpipelinesv c.exe
2010-08-09 09:37:23 . 2008-07-06 10:50:03 597504 ------w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2010-08-09 09:37:22 . 2008-07-06 12:06:10 1676288 -c----w- C:\WINDOWS\system32\dllcache\xpssvcs.dll
2010-08-09 09:37:22 . 2008-07-06 12:06:10 1676288 ------w- C:\WINDOWS\system32\xpssvcs.dll
2010-08-08 14:51:07 . 2010-08-08 14:51:07 -------- d-----w- C:\Documents and Settings\di gioia\Dati applicazioni\Windows Search
2010-08-08 14:32:19 . 2010-08-08 14:36:40 -------- d-----w- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Adobe
2010-08-08 14:28:43 . 2010-08-08 17:57:56 -------- d-----w- C:\Programmi\Windows Desktop Search
2010-08-08 14:28:43 . 2010-08-08 14:28:43 -------- d-----w- C:\WINDOWS\system32\GroupPolicy
2010-08-08 14:26:49 . 2008-03-07 17:02:08 98304 -c----w- C:\WINDOWS\system32\dllcache\nlhtml.dll
2010-08-08 14:26:49 . 2008-03-07 17:02:08 29696 -c----w- C:\WINDOWS\system32\dllcache\mimefilt.dll
2010-08-08 14:26:49 . 2008-03-07 17:02:08 192000 -c----w- C:\WINDOWS\system32\dllcache\offfilt.dll
2010-08-05 07:35:39 . 2010-08-05 07:35:39 503808 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-4d53b537-n\msvcp71.dll
2010-08-05 07:35:39 . 2010-08-05 07:35:39 499712 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-4d53b537-n\jmc.dll
2010-08-05 07:35:38 . 2010-08-05 07:35:38 348160 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 \7ec4bf04-4d53b537-n\msvcr71.dll
2010-08-05 07:35:37 . 2010-08-05 07:35:37 61440 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-2b6f7ffb-n\decora-sse.dll
2010-08-05 07:35:37 . 2010-08-05 07:35:37 12800 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 2\4488892a-2b6f7ffb-n\decora-d3d.dll
2010-08-02 12:38:53 . 2010-08-02 12:38:53 -------- d-----w- C:\Documents and Settings\di gioia\Dati applicazioni\gtk-2.0
2010-08-02 12:38:09 . 2010-08-02 12:38:09 -------- d-----w- C:\Documents and Settings\di gioia\.thumbnails
2010-08-02 12:36:23 . 2010-08-02 12:39:17 -------- d-----w- C:\Documents and Settings\di gioia\.gimp-2.6
2010-07-31 18:50:22 . 2010-07-31 18:50:22 -------- d-sh--w- C:\Documents and Settings\Administrator\PrivacIE
2010-07-31 18:48:15 . 2010-07-31 18:48:15 -------- d-----w- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Ahead
2010-07-25 13:55:20 . 2010-07-25 13:55:20 -------- d-----w- C:\Documents and Settings\di gioia\Impostazioni locali\Dati applicazioni\PackageAware
2010-07-24 07:21:20 . 2010-08-18 17:53:40 10 ----a-w- C:\WINDOWS\system32\stamp.dat
2010-07-23 14:36:02 . 2010-07-23 14:36:02 49716 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-07-22 19:50:13 . 2009-05-18 11:17:00 26600 ----a-w- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2010-07-22 19:50:13 . 2008-04-17 10:12:54 107368 ----a-w- C:\WINDOWS\system32\GEARAspi.dll
2010-07-22 19:48:16 . 2010-07-22 19:48:17 -------- d-----w- C:\Programmi\iPod
2010-07-22 19:47:59 . 2010-07-22 19:50:09 -------- d-----w- C:\Programmi\iTunes

**digmonica** · 18-08-2010, 21:01

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-08-16 10:06:31 . 2010-04-28 10:40:00 -------- d-----w- C:\Programmi\File comuni\Apple
2010-08-16 10:06:08 . 2010-05-28 19:17:42 -------- d--h--w- C:\Programmi\InstallShield Installation Information
2010-08-13 12:31:47 . 2010-08-13 12:31:47 84054 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\TransferWizard\Uninstaller.exe
2010-08-13 12:31:36 . 2010-08-13 12:31:36 57054 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DSDesktopComponents\Uninstaller. exe
2010-08-13 12:31:35 . 2010-08-13 12:31:35 54166 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-13 12:31:34 . 2010-08-13 12:31:33 57532 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DSASPDecoder\Uninstaller.exe
2010-08-13 12:31:31 . 2010-08-13 12:31:31 56458 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DivXDecoderShortcut\Uninstaller. exe
2010-08-13 12:31:30 . 2010-08-13 12:31:30 54174 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DSAACDecoder\Uninstaller.exe
2010-08-13 12:31:28 . 2010-08-13 12:31:28 54153 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\DFXPlugin\Uninstaller.exe
2010-08-13 12:31:26 . 2010-08-13 12:31:26 54128 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\Converter\Uninstaller.exe
2010-08-13 12:31:21 . 2010-08-13 12:31:21 54644 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\TranscodeEngine\Uninstaller.exe
2010-08-13 12:31:00 . 2010-08-13 12:31:00 57409 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\ControlPanel\Uninstaller.exe
2010-08-13 12:31:00 . 2010-08-13 12:31:00 54101 ----a-w- C:\Documents and Settings\All Users\Dati applicazioni\DivX\MPEG2Plugin\Uninstaller.exe
2010-08-13 10:08:38 . 2004-08-19 17:27:00 80268 ----a-w- C:\WINDOWS\system32\perfc010.dat
2010-08-13 10:08:38 . 2004-08-19 17:27:00 481664 ----a-w- C:\WINDOWS\system32\perfh010.dat
2010-08-09 14:07:18 . 2010-06-14 12:43:43 -------- d-----w- C:\Programmi\Messenger Plus! Live
2010-08-09 12:05:06 . 2010-02-21 16:33:15 68832 ----a-w- C:\Documents and Settings\di gioia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-08-02 12:39:58 . 2010-03-04 14:50:37 -------- d-----w- C:\Programmi\Google
2010-07-24 07:13:19 . 2010-04-28 10:47:01 -------- d-----w- C:\Documents and Settings\di gioia\Dati applicazioni\Apple Computer
2010-07-13 10:58:00 . 2010-07-13 10:58:00 -------- d-----w- C:\Programmi\SEGA
2010-07-13 10:34:52 . 2010-07-13 10:34:52 -------- d-----w- C:\Programmi\MSXML 4.0
2010-07-12 10:22:35 . 2010-07-12 10:22:29 -------- d-----w- C:\Documents and Settings\di gioia\Dati applicazioni\Nero
2010-07-12 10:21:02 . 2010-07-12 10:19:16 -------- d-----w- C:\Programmi\File comuni\Nero
2010-07-12 10:20:23 . 2010-02-24 12:40:02 -------- d-----w- C:\Programmi\Nero
2010-07-12 10:19:21 . 2010-07-12 10:19:21 -------- d-----w- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2010-07-12 10:16:17 . 2010-07-12 10:16:17 -------- d-----w- C:\Programmi\Conduit
2010-07-12 10:12:57 . 2010-07-12 10:02:01 -------- d-----w- C:\Programmi\CDex
2010-07-06 14:06:00 . 2010-07-06 14:05:52 -------- d-----w- C:\Programmi\Direct MIDI to MP3 Converter
2010-06-30 12:31:30 . 2004-08-19 17:27:00 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-24 12:22:24 . 2004-08-19 17:27:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-06-24 09:02:11 . 2004-08-19 17:27:00 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2004-08-19 17:27:00 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:00 . 2004-08-19 17:27:00 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-14 14:31:20 . 2010-02-21 14:53:48 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:34 . 2004-08-19 17:27:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2010-06-09 23:01:10 . 2010-08-13 12:31:43 126448 ------w- C:\WINDOWS\system32\pxinsi64.exe
2010-06-09 23:01:10 . 2010-08-13 12:31:43 123888 ------w- C:\WINDOWS\system32\pxcpyi64.exe
2010-06-09 23:01:10 . 2010-04-28 11:03:29 9200 ------w- C:\WINDOWS\system32\drivers\cdralw2k.sys
2010-06-09 23:01:10 . 2010-04-28 11:03:29 9072 ------w- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2010-06-09 23:01:10 . 2010-04-28 11:03:29 45648 ------w- C:\WINDOWS\system32\drivers\PxHelp20.sys
2010-06-09 23:01:10 . 2010-04-28 11:03:29 133616 ------w- C:\WINDOWS\system32\pxafs.dll
2010-06-03 02:41:44 . 2010-06-03 02:41:44 3600384 ----a-w- C:\WINDOWS\system32\GPhotos.scr
2010-05-26 17:35:15 . 2010-05-26 17:35:15 503808 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-4ef923dc-n\msvcp71.dll
2010-05-26 17:35:15 . 2010-05-26 17:35:15 499712 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-4ef923dc-n\jmc.dll
2010-05-26 17:35:15 . 2010-05-26 17:35:14 348160 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\4 6\f84c6ae-4ef923dc-n\msvcr71.dll
2010-05-26 17:35:13 . 2010-05-26 17:35:13 61440 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-24f98dc6-n\decora-sse.dll
2010-05-26 17:35:13 . 2010-05-26 17:35:13 12800 ----a-w- C:\Documents and Settings\di gioia\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\5 0\5535ab32-24f98dc6-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 15:25:44 94208]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 12:36:08 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 09:50:42 155648]
"SunJavaUpdateSched"="C:\Programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2010-03-17 19:53:36 421888]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 02:04:47 35760]
"Adobe ARM"="C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.e xe" [2010-04-24 15:54:48 142120]
"DivXUpdate"="C:\Programmi\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 00:50:58 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:14:03 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\TeamViewer\\Version5\\TeamViewer.e xe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"22607:TCP"= 22607:TCP:BitComet 22607 TCP
"22607:UDP"= 22607:UDP:BitComet 22607 UDP

R2 TomTomHOMEService;TomTomHOMEService;C:\Programmi\T omTom HOME 2\TomTomHOMEService.exe [07/05/2010 14.36.10 92008]
S2 gupdate;Servizio di Google Update (gupdate);C:\Programmi\Google\Update\GoogleUpdate. exe [03/05/2010 11.48.32 136176]
S2 Windows Network Name Service;Windows Network Name Service;"C:\WINDOWS\system32\config\systemprofile\ Impostazioni locali\Dati applicazioni\Windows Network Name Service\wnns.exe" --> C:\WINDOWS\system32\config\systemprofile\Impostazi oni locali\Dati applicazioni\Windows Network Name Service\wnns.exe [?]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
Contenuto della cartella 'Scheduled Tasks'

2010-07-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50:20 . 2009-10-22 09:50:20]

2010-08-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-05-03 09:48:32 . 2010-05-03 09:48:27]

2010-08-18 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Programmi\Google\Update\GoogleUpdate.exe [2010-05-03 09:48:32 . 2010-05-03 09:48:27]

2010-08-18 C:\WINDOWS\Tasks\OGALogon.job
- C:\WINDOWS\system32\OGAEXEC.exe [2009-08-03 14:07:42 . 2009-08-03 14:07:42]

2010-08-18 C:\WINDOWS\Tasks\User_Feed_Synchronization-{177B9548-63AD-4EFB-BFDB-2428E8D74D83}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 03:31:54 . 2009-03-08 03:31:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.virgilio.it/
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6 FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - C:\Documents and Settings\di gioia\Dati applicazioni\Mozilla\Firefox\Profiles\38htugmr.def ault\
FF - prefs.js: browser.startup.homepage - hxxp://www.virgilio.it/
FF - component: C:\Documents and Settings\di gioia\Dati applicazioni\Mozilla\Firefox\Profiles\38htugmr.def ault\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\FFExternalAlert.dll
FF - component: C:\Documents and Settings\di gioia\Dati applicazioni\Mozilla\Firefox\Profiles\38htugmr.def ault\extensions\{e3393495-8103-46a0-8181-270273eddd60}\components\RadioWMPCore.dll
FF - plugin: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Programmi\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Programmi\Google\Update\1.2.183.23\npGoogleOneC lick8.dll
FF - plugin: C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava 1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

**digmonica** · 18-08-2010, 21:02

---- FIREFOX POLICIES ----
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
C:\Programmi\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
C:\Programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
C:\Programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

**menatwork** · 18-08-2010, 21:08

manca la parte finale

se mi carichi il rapporto qui e' molto meglio, mi serve tutto senza interruzioni

**digmonica** · 18-08-2010, 21:12

ok ho fatto l'upload

Discussione: Lettura HijackThis ...c'è qualcosa che non va?

Strumenti discussione

Ricerca discussione

Visualizza

Lettura HijackThis ...c'è qualcosa che non va?

Permessi di invio