HiJackThis - Analisi Log - leggere Regole di Sezione

[macchina.gialla]

Ho un po' di problemi con il pc... Avira mi segnala un programma nascosto potenzialmente pericoloso. Potete dare un'occhiata al log di hjackthis? Ve ne sarei immensamente grato!

Codice:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:25:31, on 27/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files (x86)\Onda Connection Manager\UIMain.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Emanuele\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27361010b106l0453z1k5i45k1u80q
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27361010b106l0453z1k5i45k1u80q
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=extensa_5635z&r=27361010b106l0453z1k5i45k1u80q
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [PcSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Emanuele\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Widget vodafone.lnk = C:\Program Files (x86)\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B656185-7625-4397-BFF2-F44A87748077}: NameServer = 193.70.152.25 212.52.97.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE440EAA-55EC-4CF5-B790-3847AC3FE35A}: NameServer = 212.52.97.25 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11012 bytes

[Eress]

Per iniziare ti consiglio di eliminare Spybot o comunque disattivare il TeaTimer.
Per il resto è a posto anche se personalmente roba del tipo pc suite e toolbar varie le eliminerei seduta stante

[macchina.gialla]

Non credo vada così bene visto che Avira mi segnala un virus nascosto... Come mai mi consigli di eliminare spybot?

[Riku]

Ciao, spybot è meglio eliminarlo perchè ci sono programmi migliori guarda qua:http://www.hwupgrade.it/forum/showthread.php?t=1825614

Per il file nascosto se vuoi fare un controllo approfondito segui questa guida:http://www.hwupgrade.it/forum/showthread.php?t=1599737

[fabioss]

Ho bisogno del vostro aiuto per analizzare il log che ho salvato:

http://www.mediafire.com/?8v86n6yrrto5cta

Il problema che ho è che da qualche giorno noto che casualmente, senza fare nessuna operazione particolare, la spia dell'hdd comincia a lampeggiare quindi è chiaro che il pc sta facendo qualcosa e noto un rallentamento piuttosto evidente, come se ci fosse qualche programma che va ad occupare buona parte della RAM.
La coincidenza strana poi è che Avira mi ha rilevato un file nascosto e non so se può essere quello che mi crea problemi.
Inizialmente avevo pensato ad AIDA64 ma anche disattivandolo dopo un po' la situazione si ripresenta.

Spero possiate aiutarmi.

[xcdegasp]

Quote:

Originariamente inviato da fabioss

Ho bisogno del vostro aiuto per analizzare il log che ho salvato:

http://www.mediafire.com/?8v86n6yrrto5cta

Il problema che ho è che da qualche giorno noto che casualmente, senza fare nessuna operazione particolare, la spia dell'hdd comincia a lampeggiare quindi è chiaro che il pc sta facendo qualcosa e noto un rallentamento piuttosto evidente, come se ci fosse qualche programma che va ad occupare buona parte della RAM.
La coincidenza strana poi è che Avira mi ha rilevato un file nascosto e non so se può essere quello che mi crea problemi.
Inizialmente avevo pensato ad AIDA64 ma anche disattivandolo dopo un po' la situazione si ripresenta.

Spero possiate aiutarmi.

log pulito, se vuoi fare un controllo al pc puoi seguire questa guida:
http://www.hwupgrade.it/forum/showthread.php?t=1599737

[Tizzy88]

salve a tutti, da qualche giorno avira mi rileva questo malware:

C:\Documents and Settings\mionome\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lwljp93a.default\Cache.Trash\6\79\1CFF2d01'

è stato rilevato un virus o programma indesiderato 'JS/Toieung.A' [virus].
Azione eseguita: Nega accesso

vi posto in allegato anche il log di hijack, se ci fosse bisogno procedo alla "disinfezione per infetti":

http://www.mediafire.com/?0uttp9mlznajilk

grazie

[atacry]

come creo ilo file di log con la versione per seven 64 bit ?


ho creato questo non so se va bene

Quote:

a2hijackfree.exe 3172 Normale C:\Program Files (x86)\Emsisoft HiJackFree\a2hijackfree.exe
AppleMobileDeviceService.exe 1660 Normale C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
armsvc.exe 1628 Normale C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
audiodg.exe 4240 N/A N/A
BJMYPRT.EXE 1396 Normale C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
csrss.exe 452 Normale C:\Windows\SysNative\csrss.exe
csrss.exe 532 Normale C:\Windows\SysNative\csrss.exe
dwm.exe 2448 Alta C:\Windows\SysNative\dwm.exe
explorer.exe 1840 Normale C:\Windows\explorer.exe
FABS.exe 2752 Normale C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
firefox.exe 4896 Normale C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FlashUtil11e_ActiveX.exe 4436 Normale C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
hkcmd.exe 2276 Normale C:\Windows\SysNative\hkcmd.exe
iexplore.exe 3304 Normale C:\Program Files (x86)\Internet Explorer\iexplore.exe
iexplore.exe 5076 Normale C:\Program Files (x86)\Internet Explorer\iexplore.exe
igfxpers.exe 1604 Normale C:\Windows\SysNative\igfxpers.exe
igfxtray.exe 1804 Normale C:\Windows\SysNative\igfxtray.exe
iPodService.exe 3660 Normale C:\Program Files\iPod\bin\iPodService.exe
iTunesHelper.exe 3384 Normale C:\Program Files (x86)\iTunes\iTunesHelper.exe
jusched.exe 2352 Normale C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LMS.exe 1688 Normale C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
lsass.exe 632 Normale C:\Windows\SysNative\lsass.exe
lsm.exe 640 Normale C:\Windows\SysNative\lsm.exe
mbam.exe 3320 Normale C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
MsMpEng.exe 884 Normale C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
msnmsgr.exe 2712 Normale C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
msseces.exe 1436 Normale C:\Program Files\Microsoft Security Client\msseces.exe
MxTray.exe 2032 Normale C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MxTray.exe
NisSrv.exe 1344 Normale C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
plugin-container.exe 4748 Normale C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
RAVCpl64.exe 1104 Normale C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
SDWinSec.exe 2044 Normale C:\Program Files (x86)\Spybot
SearchIndexer.exe 2932 Normale C:\Windows\SysNative\SearchIndexer.exe
services.exe 608 Normale C:\Windows\SysNative\services.exe
smss.exe 300 Normale C:\Windows\SysNative\smss.exe
soffice.bin 3188 Normale C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
soffice.exe 3116 Normale C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
spoolsv.exe 1488 Normale C:\Windows\SysNative\spoolsv.exe
sppsvc.exe 2832 Normale C:\Windows\SysNative\sppsvc.exe
svchost.exe 736 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 816 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 980 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 1016 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 264 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 1032 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 1368 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 1524 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 1928 Normale C:\Windows\SysNative\svchost.exe
svchost.exe 2792 Normale C:\Windows\SysNative\svchost.exe
System 4 N/A N/A
System Idle Processes 0 Bassa N/A
taskeng.exe 1716 Normale C:\Windows\SysNative\taskeng.exe
taskeng.exe 2308 Normale C:\Windows\SysNative\taskeng.exe
taskhost.exe 1260 Normale C:\Windows\SysNative\taskhost.exe
TeamViewer.exe 1980 Normale C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
TeamViewer_Service.exe 1772 Normale C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
tv_w32.exe 3020 Normale C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
tv_x64.exe 1936 Normale C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
UNS.exe 2860 Normale C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
Updater.exe 920 Normale C:\Program Files (x86)\Ask.com\Updater\Updater.exe
VSSVC.exe 1896 Normale C:\Windows\SysNative\VSSVC.exe
wininit.exe 520 Alta C:\Windows\SysNative\wininit.exe
winlogon.exe 584 Alta C:\Windows\SysNative\winlogon.exe
wlcomm.exe 3448 Normale C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
WLIDSVC.EXE 1960 Normale C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
WLIDSVCM.EXE 1232 Normale C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
wuauclt.exe 3956 Normale C:\Windows\SysNative\wuauclt.exe

[cica88]

Oggi ho preso il virus "windows 7 antivirus 2012" dopo aver fatto la scansione con Malwarebytes è tornato tutto a posto.
Ora facendo i vari scan risulta pulito, però ora non posso più avviare il centro sicurezza,andandolo a cercare nei "Servizi" non c'è più.
Non ho voglia di formattare, secondo voi posso fare qualcosa per risolvere il problema?
Allego il log di hijackthis

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:40, on 31/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\ASUS Xonar DS Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 210.107.100.251:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [D3DOverrider] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7825 bytes

[Eress]

Il log è pulito, però è chiaro che non puoi stare senza Centro sicurezza
Prova questo sistema, apri il promtp come amministratore, quindi digita

sfc /purgecache e dai invio

sfc /scannow invio

aspetta la fine delle procedure e poi vedi se il servizio fosse riapparso

[cica88]

Quote:

Originariamente inviato da Eress

Il log è pulito, però è chiaro che non puoi stare senza Centro sicurezza
Prova questo sistema, apri il promtp come amministratore, quindi digita

sfc /purgecache e dai invio

sfc /scannow invio

aspetta la fine delle procedure e poi vedi se il servizio fosse riapparso

Grazie per la disponibilità, anche lanciando i due comandi il servizio non è riapparso.
Ieri sera ci ho pensato su e ora sto per formattare

[atacry]

Quote:

Originariamente inviato da Eress

Il log è pulito, però è chiaro che non puoi stare senza Centro sicurezza
Prova questo sistema, apri il promtp come amministratore, quindi digita

sfc /purgecache e dai invio

sfc /scannow invio

aspetta la fine delle procedure e poi vedi se il servizio fosse riapparso

scusa e del mio non mi dici nulla ?

[Tizzy88]

Quote:

Originariamente inviato da Tizzy88

salve a tutti, da qualche giorno avira mi rileva questo malware:

C:\Documents and Settings\mionome\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\lwljp93a.default\Cache.Trash\6\79\1CFF2d01'

è stato rilevato un virus o programma indesiderato 'JS/Toieung.A' [virus].
Azione eseguita: Nega accesso

vi posto in allegato anche il log di hijack, se ci fosse bisogno procedo alla "disinfezione per infetti":

http://www.mediafire.com/?0uttp9mlznajilk

grazie

bump, grazie in anticipo

[Gigiok]

Ragazzi vi allego il log di hijackthis ... mi date qualche consiglio ...

sto impazzendo ....
(SINTOMI: cartella LP sotto program files che non riesco a rimuovere, redirect al click dalle pagine di ricerca google, messaggi del symantec di virus nella cartella temp ....)

GRAZIE

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:44:40, on 07/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\14020509\AppData\Roaming\F4795\0FF3C.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\HddLed\hddled.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\95235\lvvm.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\LP\2BCF\905.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Calibre2\calibre.exe
C:\Users\14020509\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://noiportal.telecomitalia.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://noiportal.telecomitalia.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Telecom Italia S.p.A.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Supporti Registrazione test Web Microsoft 10.0 - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [905.exe] C:\Program Files (x86)\LP\2BCF\905.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\14020509\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [hddled.exe] C:\Program Files (x86)\HddLed\hddled.exe s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = 14020509\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.3.13.0.cab
O16 - DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} (QuickMksAxCtl Class) - http://lcmbo1pvlm01.vm.telecomitalia...vmware-mks.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{489E5767-69ED-4AA7-A798-085922AA1280}: NameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E27B507D-B350-415E-92F3-03E1F8921B65}: NameServer = 217.200.200.42 213.230.129.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = telecomitalia.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = telecomitalia.local
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Servizio Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hddledd - Unknown owner - C:\Program Files (x86)\HddLed\hddledd.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14050 bytes

[Freddo69]

ciao scusate ma ho dei grossi problemi con mozilla firefox che non mi apre alcune pagine ulteriori da alcuni siti, ad esempio tutto ciò che è aggiuntivo in un sito non lo apre e alcune pagine zero, provo ad allegare logo di hjt forse mi trovate qualcosa che non va grazie mille

http://wikisend.com/download/994772/HiJackFree.log

http://wikisend.com/download/439070/Analyze.xml

[xcdegasp]

@ atacry e Gigiok: leggere in prima pagina, grazie!

[xcdegasp]

Quote:

Originariamente inviato da Freddo69

ciao scusate ma ho dei grossi problemi con mozilla firefox che non mi apre alcune pagine ulteriori da alcuni siti, ad esempio tutto ciò che è aggiuntivo in un sito non lo apre e alcune pagine zero, provo ad allegare logo di hjt forse mi trovate qualcosa che non va grazie mille

http://wikisend.com/download/994772/HiJackFree.log

http://wikisend.com/download/439070/Analyze.xml

log pulito

[Freddo69]

Quote:

Originariamente inviato da xcdegasp

log pulito

grazie

[The_Player]

Ciao qualcuno potrebbe controllarmi il log?

http://wikisend.com/download/956388/HiJackFree.log

Grazie

ho bisogno di una mano,o trovato una cartella AppData con questi 2 file

PLauncher.exe PService mi sapete dire se e un virus?

Log rimosso, leggere la guida in prima pagina