Sicurezza & Privacy
Il forum é stato trasferito su un nuovo dominio. Novità e tanto altro vi aspettano al nuovo indirizzo del forum, www.sicurezzaeprivacy.net/forum.

Grazie , Lo staff.



log hijackthis - pagine internet che si aprono da sole

Pagina 2 di 2 Precedente  1, 2

Vedere l'argomento precedente Vedere l'argomento seguente Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Gio Gen 15, 2009 12:05 am

((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 20:10 --------- d-----w c:\programmi\Hp
2009-01-13 20:10 --------- d-----w c:\programmi\Hewlett-Packard
2009-01-13 18:57 --------- d-----w c:\programmi\eMule
2009-01-12 04:55 --------- d-----w c:\documents and settings\franco\Application Data\uTorrent
2009-01-11 18:39 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-01-11 09:22 --------- d-----w c:\programmi\NOS
2009-01-11 09:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NOS
2009-01-10 12:12 --------- d-----w c:\documents and settings\franco\Application Data\AdobeUM
2009-01-06 15:12 --------- d-----w c:\documents and settings\franco\Application Data\HP
2009-01-05 11:39 --------- d-----w c:\documents and settings\franco\Application Data\dvdcss
2009-01-04 20:17 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\UDL
2009-01-04 20:14 --------- d-----w c:\programmi\ABBYY FineReader 6.0 Sprint
2009-01-04 20:12 --------- d-----w c:\programmi\epson
2008-12-23 16:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Bluetooth
2008-12-21 09:29 --------- d-----w c:\programmi\Google
2008-12-16 17:47 --------- d-----w c:\programmi\Microsoft Works
2008-12-14 08:41 --------- d-----w c:\programmi\File comuni\Nero
2008-12-13 21:37 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Nero
2008-12-13 12:30 --------- d-----w c:\documents and settings\franco\Application Data\Nero
2008-12-13 06:36 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-12 21:23 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-12 21:23 --------- d-----w c:\programmi\Avira GmbH
2008-12-12 21:19 --------- d-----w c:\programmi\Avira
2008-12-12 21:19 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avira
2008-12-12 20:54 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-12 16:53 --------- d-----w c:\programmi\uTorrent
2008-12-12 00:02 --------- d-----w c:\programmi\Servizi in linea
2008-12-12 00:01 --------- d-----w c:\programmi\NetWaiting
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\SureThing Shared
2008-12-11 23:59 --------- d-----w c:\programmi\File comuni\Sonic Shared
2008-12-11 23:58 --------- d-----w c:\programmi\File comuni\LightScribe
2008-12-11 23:58 --------- d-----w c:\programmi\CONEXANT
2008-12-11 23:55 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Sonic
2008-12-11 18:28 --------- d-----w c:\programmi\Windows Live
2008-12-11 18:06 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-11 17:38 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-12-11 17:38 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Symantec
2008-12-11 17:37 --------- d-----w c:\documents and settings\franco\Application Data\vlc
2008-12-11 17:27 --------- d-----w c:\documents and settings\franco\Application Data\Vso
2008-12-11 15:27 1,749 --sha-r c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv5000 (RG956EA#ABZ)_YN_0Pavi_QCND6321M18_E413900062_46_I30A7_SHP_V56.47_BF.22_T061211_WXH2_L410_M2047_J120_7Intel_8T2050_91.6_#081211_N80861092_(RG956EA#ABZ)_XMOBILE_CN10_Z_2F.22_G10DE01D8.MRK
2008-12-11 15:22 --------- d-----w c:\programmi\HPQ
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-09 16:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Google Updater
2008-12-08 16:51 --------- d-----w c:\programmi\Messenger Plus! Live
2008-12-06 19:58 --------- d-----w c:\programmi\Mindscape
2008-12-05 12:53 --------- d-----w c:\programmi\Memory Loops
2008-12-05 12:53 --------- d-----w c:\programmi\File comuni\Audio
2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll
2008-11-30 14:04 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Avg8
2008-11-29 17:22 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\McAfee
2008-11-29 13:25 --------- d-----w c:\programmi\File comuni\AVSMedia
2008-11-29 12:12 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-20 14:22 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-11-20 14:21 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\xing shared
2008-11-20 07:22 --------- d-----w c:\programmi\File comuni\Real
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:36 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-13_21.48.47,42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-09 14:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-01-14 18:04:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6ac.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-14 68856]
"AlcoholAutomount"="c:\programmi\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 203720]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"EPSON Stylus DX8400 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"Uniblue RegistryBooster 2009"="c:\programmi\Uniblue\RegistryBooster\RegistryBooster.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"hpWirelessAssistant"="c:\programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-15 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-15 86016]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\programmi\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
"QlbCtrl"="c:\programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2008-11-20 185872]
"avgnt"="c:\programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"ISUSPM Startup"="c:\progra~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2008-12-08 453984]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PrinterSecurityLayer"="c:\windows\system32\LSHPRN.EXE" [2009-01-11 15377]
"HP Software Update"="c:\programmi\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nwiz"="nwiz.exe" [2006-04-15 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido HP Photosmart Premier.lnk - c:\programmi\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]
BlueSoleil.lnk - c:\programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-30 691720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Documents and Settings\\franco\\Desktop\\utorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\uusee\\UUSeePlayer.exe"=
"c:\\Programmi\\PPLive\\PPLive.exe"=
"c:\\Programmi\\File comuni\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-09 55136]
R4 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
R4 Start BT in service;Start BT in service;c:\programmi\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-09-30 51816]
S1 a792f4dc;a792f4dc;c:\windows\system32\drivers\a792f4dc.sys --> c:\windows\system32\drivers\a792f4dc.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-14 38496]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\SophosMEMSWEEP.SYS --> c:\windows\system32\SophosMEMSWEEP.SYS [?]
.
.
------- Scansione supplementare -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://virgilio.alice.it/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=IT_IT&c=Q306&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: {658DA6AA-B506-4C7F-A120-98EA674CEA7A} = 192.168.0.1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 21:24:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????]??????(?@???????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Gio Gen 15, 2009 12:06 am

-------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-1838406240-2437167716-3095067128-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Collegamenti]
@DACL=(02 0000)
@SACL=
"Order"=hex:08,00,00,00,02,00,00,00,8e,02,00,00,01,00,00,00,06,00,00,00,6a,00,
00,00,00,00,00,00,5c,00,32,00,71,00,00,00,51,36,21,56,20,00,48,4f,54,4d,41,\

[HKEY_LOCAL_MACHINE\software\Classes\.dat\ShellEx]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.DIVX\ShellEx]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.m1v\ShellEx]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.M2V\ShellEx]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\.mpe\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"

[HKEY_LOCAL_MACHINE\software\Classes\.mpeg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"

[HKEY_LOCAL_MACHINE\software\Classes\.mpg\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}\Previous]
@DACL=(02 0000)
@SACL=
@="{c5a40261-cd64-4ccf-84cb-c394da41d590}"

[HKEY_LOCAL_MACHINE\software\Classes\.VOB\ShellEx]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\Programmable]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3EDD01C5-E428-4C5F-945D-00D9949118D9}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.ProgressBar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\Programmable]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5D89D319-9BF6-4B2E-8748-72941E6633EE}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Destroy"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\Programmable]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{723F8F32-213D-47E1-B412-688F305076AD}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.MultipleIconToaster"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\LocalServer32]
@DACL=(02 0000)
@SACL=
@="c:\\PROGRA~1\\HPQ\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\ProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{2EF6BE52-B729-4C3A-9588-7807DECDF3DF}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D6D754B6-C211-4920-92EA-FD714A13246B}\VersionIndependentProgID]
@DACL=(02 0000)
@SACL=
@="HpqToaster.Toaster"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9781-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\ProxyStubClsid32]
@DACL=(02 0000)
@SACL=
@="{00020420-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{CA8A9782-280D-11CF-A24D-444553540000}\TypeLib]
@DACL=(02 0000)
@SACL=
@="{CA8A9783-280D-11CF-A24D-444553540000}"
"Version"="1.3"

[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{C523F390-9C83-11D3-9094-00104BD0D535}\2.0]
@DACL=(02 0000)
@SACL=
@="Acrobat Access 2.0 Type Library"

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services]
@DACL=(02 0000)
@SACL=
"NoServices"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"

[HKEY_LOCAL_MACHINE\software\SoftThinks\HP Taipei PC Recovery - Release 1.85.4 (6.0E1.62)]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Symantec\CCPD-LC]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Symantec\Shared Technology]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Symantec\SharedUsage]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\UIU\INSTALL_HISTORY]
@DACL=(02 0000)
@SACL=
.
Ora fine scansione: 2009-01-14 21.25.57
ComboFix-quarantined-files.txt 2009-01-14 20:25:55
ComboFix2.txt 2009-01-14 17:56:43

Pre-Run: 32.821.747.712 byte disponibili
Post-Run: 32,809,205,760 byte disponibili

513 --- E O F --- 2009-01-14 20:18:05




E questo e'quanto ..... ho riavviato il pc ....ma per adesso niente.... ciao Steve

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Gio Gen 15, 2009 10:20 am

Ciao e buongiorno , visto che ci siamo , posto anche il log di navilog1

Search Navipromo version 3.7.1 began on 15/01/2009 at 8.13.38,87

EDIT By Steve75
Ciao,
non postare log non richiesti per cortesia, navilog non serve a niente in questi casi...

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  Steve75 il Gio Gen 15, 2009 12:45 pm

hai ancora problemi?

Steve75
Admin
Admin

Numero di messaggi : 614
Data d'iscrizione : 11.05.08

Vedere il profilo dell'utente http://pc-security.forumattivo.com

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Gio Gen 15, 2009 5:50 pm

Ciao steve , si gli stessi problemi , non e' cambiato nulla , queste pagine si aprono anche a connessione chiusa...... con indirizzo C:\windows\p1.htm.... , volendo aprendo windows i file si trovano e si possono cancellare , ma ovviamente si riaprono , posso solo dirti che il problema e' cominciato dopo una istallazione di Babylon.... pergiunta non riuscita.... e (non ricordo bene ) se nella stessa giornata o comunque giu di li , avevo anche cercato di istallare nero , non riuscendoci perche non trova delle librerie ......

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  Steve75 il Gio Gen 15, 2009 9:20 pm

fai cosi;

avvia hijackthis metti la spunta a queste voci e premi su fix checked:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Programmi\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SC2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Programmi\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - Global Startup: Avvio rapido HP Photosmart Premier.lnk = C:\Programmi\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe

scarica avenger
http://swandog46.geekstogo.com/avenger2/download.php

[IMPORTANTE]
disattiva tutti i programmi di sicurezza (chiusi completamente)
disattiva registrybooster e tutti gli altri programmi che potrebbero interferire
disconnettiti da internet
disinstalla gli sponsor di MSN+

Avvia con un doppio click il file "Avenger.exe"
Nella finestra "Input Script Here" incolla i comandi (script) che Avenger andrà ad eseguire (vedi esempio)

folders to delete:
c:\windows\Temp
c:\windows\Tasks

files to delete:
c:\windows\system32\drivers\a792f4dc.sys
C:\WINDOWS\system32\LSHPRN.EXE
c:\windows\p3.htm
c:\windows\p2.htm
c:\windows\p1.htm

registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe

Dopo aver incollato lo script clicca sul tasto "Execute"
Rispondi Si all'avviso e il computer verrà riavviato
Al riavvio il tool rilascrà un log con i dettagli delle operazioni, che troverai anche in C:\ con il nome Avenger.txt
postalo sul forum

Steve75
Admin
Admin

Numero di messaggi : 614
Data d'iscrizione : 11.05.08

Vedere il profilo dell'utente http://pc-security.forumattivo.com

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Ven Gen 16, 2009 4:02 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\windows\Temp" deleted successfully.
Folder "c:\windows\Tasks" deleted successfully.

Error: file "c:\windows\system32\drivers\a792f4dc.sys" not found!
Deletion of file "c:\windows\system32\drivers\a792f4dc.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\LSHPRN.EXE" deleted successfully.
File "c:\windows\p3.htm" deleted successfully.
File "c:\windows\p2.htm" deleted successfully.
File "c:\windows\p1.htm" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



ciao steve questo e' il log , su hijacthis comunque mi mancavano 2 chiavi -kernel fault check - uniblue registry booster

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  Steve75 il Ven Gen 16, 2009 4:04 pm

và meglio ora?

* Fai anche uno scan online Kaspersky

Steve75
Admin
Admin

Numero di messaggi : 614
Data d'iscrizione : 11.05.08

Vedere il profilo dell'utente http://pc-security.forumattivo.com

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  franz il Sab Gen 17, 2009 10:48 am

Ciao Steve ......SEI GRANDE .!!!!!!!!!!!!!

ma come hai fatto ??!! si va bene da ieri sera .... kasperspy non parte perche legge il mio antivirus anche se e' chiuso!!!

incredibile ...ma come fai a sapere tutte queste cose?

bene ti ringrazio ancora , ma cosa pensi sia stato e come protteggermi? quali programmi devo usare per difesa e disinfezione ?

un grande saluto ::::::!!!!!!!! cheers Very Happy

franz

Numero di messaggi : 22
Data d'iscrizione : 12.01.09

Vedere il profilo dell'utente

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  Steve75 il Sab Gen 17, 2009 12:13 pm

bene, contento che hai risolto... Smile

per proteggerti devi stare sopratuttto attento a dove clicchi, cosa apri, etc....

Come programmi, usa Antivir, ogni tanto uno scan con MalwareByte's e ogni tanto una ripulita generale con Ccleaner, se poi hai problemi sai dove trovarmi ....

Buona giornata

Steve75
Admin
Admin

Numero di messaggi : 614
Data d'iscrizione : 11.05.08

Vedere il profilo dell'utente http://pc-security.forumattivo.com

Tornare in alto Andare in basso

Re: log hijackthis - pagine internet che si aprono da sole

Messaggio  Contenuto sponsorizzato Oggi a 6:58 am


Contenuto sponsorizzato


Tornare in alto Andare in basso

Pagina 2 di 2 Precedente  1, 2

Vedere l'argomento precedente Vedere l'argomento seguente Tornare in alto

- Argomenti simili

 
Permesso di questo forum:
Non puoi rispondere agli argomenti in questo forum