PDA

View Full Version : Scansione con combofix

dc_gem
16-10-2012, 16:32
Ciao a tutti...avrei bisogno di una consulenza...ho fatto la scansione con combofix...qualcuno può dirmi se è tutto a posto e posso disinstallarlo?

Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede...

Grazie e vi posto qui il file di log.

ComboFix 12-10-12.01 - dc_gem 12/10/2012 17:34:06.2.1 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1790.972 [GMT 2:00]
Eseguito da: c:\users\dc_gem\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-12 al 2012-10-12 )))))))))))))))))))))))))))))))))))
.
.
2012-10-12 15:48 . 2012-10-12 15:48 -------- d-----w- c:\users\Il Fabius\AppData\Local\temp
2012-10-12 15:48 . 2012-10-12 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 09:52 . 2012-10-12 09:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D37C7C-8BFD-4841-BCC8-E4A5B6E88276}\offreg.dll
2012-10-12 08:17 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D37C7C-8BFD-4841-BCC8-E4A5B6E88276}\mpengine.dll
2012-10-10 13:50 . 2012-10-10 14:10 -------- d-----w- c:\users\dc_gem\AppData\Local\Smartbar
2012-10-10 07:54 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 07:54 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 07:54 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 07:54 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 07:54 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 07:54 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 07:54 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 08:36 . 2012-09-26 08:36 -------- d-----w- c:\users\dc_gem\AppData\Local\PowerOffer
2012-09-26 08:28 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:34 . 2012-04-03 07:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:34 . 2011-06-18 15:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-09-24 10:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 16:00 . 2012-09-04 16:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 16:00 . 2012-06-17 17:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-04 16:00 . 2012-02-03 14:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 08:08 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 08:08 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 08:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 08:08 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-13 11:28 . 2011-12-16 14:31 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-13 11:28 . 2011-12-16 14:31 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-02 16:57 . 2012-09-12 08:08 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 08:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Infrastructure Helper"="c:\users\dc_gem\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-09-02 18800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-03-03 1300560]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-05-23 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 715296]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-01-20 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-01-20 302240]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-02-05 233472]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\Il Fabius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-5-11 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 15:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OlStatusMon]
2007-06-08 14:59 253952 ----a-w- c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 PowerOffer Service;Pos Service;c:\users\dc_gem\AppData\Local\PosService\Pos.exe [x]
R2 ServUpdater;Serv Updater;c:\users\dc_gem\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 bthathfax;Bluetooth Fax Modem;c:\windows\system32\DRIVERS\bthathfax.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter3\nnfwdk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
S2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
S2 olMntrService;Olivetti Monitor Service;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:34]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 15:23]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1000Core.job
- c:\users\dc_gem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1000UA.job
- c:\users\dc_gem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1003Core.job
- c:\users\Il Fabius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 23:39]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1003UA.job
- c:\users\Il Fabius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 23:39]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=hp&searchtype=hp&t=a0902
mStart Page = hxxp://search.findeer.com
uSearchAssistant = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}\14C6963656D27353132313534373: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}\D414C4340275946494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3333024740-1975969404-2652747742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3333024740-1975969404-2652747742-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3333024740-1975969404-2652747742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5504)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Ora fine scansione: 2012-10-12 17:51:21
ComboFix-quarantined-files.txt 2012-10-12 15:51
ComboFix2.txt 2012-10-12 14:18
.
Pre-Run: 51.827.994.624 byte disponibili
Post-Run: 51.771.600.896 byte disponibili
.
- - End Of File - - F61ED10F9D1D562748A5345D559507C8
Chill-Out
18-10-2012, 13:52
Comincia con l'istallare il SP1 e relativi aggiornamenti, poi allega un log di HiJackThis su uno dei Server Remoti qui indicati http://www.hwupgrade.it/forum/showthread.php?t=1751598
dc_gem
18-10-2012, 14:00
Ma ho già il service pack uno...e il pc è sempre aggiornato...vorrei sapere solo se qualcuno mi può dire se è tutto a posto leggendo il log di combofix...

hijack non so cosa sia
Chill-Out
18-10-2012, 14:42
Ma ho già il service pack uno...e il pc è sempre aggiornato...vorrei sapere solo se qualcuno mi può dire se è tutto a posto leggendo il log di combofix...

Evidentemente no


hijack non so cosa sia



http://www.hwupgrade.it/forum/showthread.php?t=937676
dc_gem
18-10-2012, 15:00
Nel senso che sono infetto? Cos'ho???
Chill-Out
18-10-2012, 15:11
Nel senso che sono infetto? Cos'ho???



Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede...



Questo

TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
dc_gem
18-10-2012, 15:20
Questo

TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25

E che sarebbe? Ce ne sono parecchie di quelle diciture...

comunque ho letto cos'è hijack..devo fare l'analisi?
Chill-Out
18-10-2012, 15:25
E che sarebbe? Ce ne sono parecchie di quelle diciture...

comunque ho letto cos'è hijack..devo fare l'analisi?

Si e allega il log
dc_gem
18-10-2012, 15:42
Si e allega il log

Mi è uscito questo:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:23, on 18/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=hp&searchtype=hp&t=a0902
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\dc_gem\AppData\Local\Smartbar\Application\Smartbar.exe startup
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\dc_gem\AppData\Local\PosService\Pos.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\dc_gem\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--
End of file - 14899 bytes


anche se durante l'esecuzione ho visualizzato questo messaggio a cui ho cliccato ok:

for some reason your system denied write access to the Hosts file. If any hijacked ecc........
Chill-Out
18-10-2012, 16:08
I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Esegui questo Fix http://support.microsoft.com/kb/972034

successivamente esegui nuovamente HJT, clicca su Do a system scan only, metti il segno di spunta nella casella bianca in corrispondenza delle seguenti voci

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h00p://feed.plusnetwork.com/?publish...ype=hp&t=a0902
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h00p://search.findeer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25

e clicca su Fix checked
dc_gem
18-10-2012, 16:31
I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Esegui questo Fix http://support.microsoft.com/kb/972034

successivamente esegui nuovamente HJT, clicca su Do a system scan only, metti il segno di spunta nella casella bianca in corrispondenza delle seguenti voci


e clicca su Fix checked

Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?
dc_gem
18-10-2012, 16:33
Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?

Se lo eseguo come amministratore non mi esce quel messaggio...posso evitare quel fix?

comunque ok...ho fatto quello che mi hai detto e cliccato su fix checked! Ora?
Chill-Out
19-10-2012, 13:29
Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?

Se non alleghi il log come faccio a verificare che la procedura è andata a buon fine? Tiro ad indovinare?

Tu stesso ha scritto: "Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede..."

Evidentemente hai installato un programma che monitora la navigazione.


Se lo eseguo come amministratore non mi esce quel messaggio...posso evitare quel fix?

comunque ok...ho fatto quello che mi hai detto e cliccato su fix checked! Ora?

Il Fix rilasciato dalla stessa Mcrosoft serve a ripristinare il file Hosts predefinito, male non fa. Se hai fatto quello che ho detto, non dovresti più vedere finestre pubblicitarie, allega il log di HJT.
dc_gem
19-10-2012, 16:17
Ecco il log:

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598
dc_gem
21-10-2012, 23:55
Ecco il log:

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Ah già dimenticavo...comunque le pagine mi si aprono ancora...e poi non ho capito...ma devo registrarmi per caricare su quei server?
Chill-Out
22-10-2012, 12:49
Ah già dimenticavo...comunque le pagine mi si aprono ancora...e poi non ho capito...ma devo registrarmi per caricare su quei server?

Ovviamente NO!
dc_gem
22-10-2012, 12:53
Ovviamente NO!

Sono andato su mediafire (che è l'unico che conoscevo di nome) e mi chiede di registrarmi...sbaglio qualcosa io?
dc_gem
22-10-2012, 20:07
;38340915']Per allegare i report utilizza questo: wikisend (http://wikisend.com/) (cosi è più semplice).

Grazie mille ecco il log...
hijackthis.log (http://wikisend.com/download/195996/hijackthis.log)
Chill-Out
23-10-2012, 16:19
Grazie mille ecco il log...
hijackthis.log (http://wikisend.com/download/195996/hijackthis.log)

1 Pannello di controllo - Programmi e disinstalla PowerOffer

2 Start - nel box "inizio ricerca" digita services.msc e batti invio

individua i seguenti servizi:

ServUpdater
PowerOffer Service

doppio click e modifica il Tipo di avvio in disabilitato per entrambi.
dc_gem
23-10-2012, 16:25
1 Pannello di controllo - Programmi e disinstalla PowerOffer

2 Start - nel box "inizio ricerca" digita services.msc e batti invio

individua i seguenti servizi:

ServUpdater
PowerOffer Service

doppio click e modifica il Tipo di avvio in disabilitato per entrambi.

ServUpdater cos'è? Comunque maledetto power offer...non mi ero accorto si fosse installato...
comunque il servizio power offer non c'è...(ho disinstallato power offer però)
Chill-Out
23-10-2012, 16:37
ServUpdater cos'è? Comunque maledetto power offer...non mi ero accorto si fosse installato...
comunque il servizio power offer non c'è...(ho disinstallato power offer però)

è inerente a PowerOffer per cui disabilitalo :)
dc_gem
23-10-2012, 16:50
è inerente a PowerOffer per cui disabilitalo :)

Fatto!
dc_gem
24-10-2012, 18:46
Scusate ora posso disinstallare combofix?
Chill-Out
24-10-2012, 20:09
Scusate ora posso disinstallare combofix?

Si
dc_gem
24-10-2012, 22:25
Si

Ok grazie mille per l'aiuto...comunque io pensavo di essere infetto...invece era solo quel maledetto power offer!!! Grrrrrrr

edit: scusa...la guida mi diceva di premere start...cercare combofix/uninstall e quindi disinstallarlo...ma non mi trova niente...come lo disinstallo?

edit2: ok...bisogna staccare lo slash...solo che facendolo è ripartito combofix e mi ha rifatto la scansione...boh...
dc_gem
28-10-2012, 18:49
Scusate qualcuno può rispondermi così disinstallo e poi potete archiviare il topic?
dc_gem
28-10-2012, 21:40
;38380352']vedi qui (http://www.bleepingcomputer.com/combofix/it/come-usare-combofix#uninstall)

Certo che una ricerca con Google la potreste anche fare.

se avessi letto su avresti notato che ho detto di aver usato la guida...ed è proprio la stessa che hai postato tu...
dc_gem
29-10-2012, 00:03
;38380897']Pensavo ti riferissi a qualche guida alla rimozione pubblicata sul forum, quindi scusa.

Esegui questo tool (http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/).

Ti ringrazio...comunque alla fin fine ci sono anche persone che si approcciano per la prima volta a queste cose...anche se non è questo il caso...e magari diffidano di una ricerca su google...perchè magari sono consci della loro ignoranza in materia...forum come questo servono proprio ad aiutare queste persone...quindi trovo sbagliato in ogni caso il tuo messaggio...scusa se te lo dico...e non è che voglia offendere nessuno...ancor più visto che capisco benissimo che può essere scocciante e frustrante ripetere sempre le stesse cose...
dc_gem
29-10-2012, 01:07
Ma non tutte le persone sono i pigri della situazione ecc...questo voglio dire...condivido in pieno che servono per apprendere...ma come lo possono fare se li si rimanda a google...oppure gli si dice di fare una cosa senza spiegare che cosa stia in effetti facendo?

in ogni caso rispetto la tua opinione e spero tu faccia lo stesso...

comunque...il tuo tool l'ho lanciato ma si è bloccato sulla scritta "...in progress..."
Ele_Lenny
21-01-2013, 00:21
Ciao a tutti,
mi sono accodata alla discussione perchè ho fatto una scansione con Combofix per eliminare Claro Search (prima Chatzum), che malwarebytes non era riuscito ad eliminare!
Siccome nemmeno combofix ce l'ha fatta, qualcuno potrebbe aiutarmi con la lettura del log e consigliarmi su cosa fare? Ho cercato parecchio su internet ma tutto quello che ho letto termina sempre con "allega il log", quindi ci provo... Grazie!

http://www.filedropper.com/log2001
kilyan82
24-03-2013, 16:46
EDIT:buongiorno,sono qui per far presente che combofix cancella anche files che servono, infatti adesso on mi va piu' nvidia inspector riportando il seguente messaggio....(vedere allegato)

dopo un riavvio supplementare che non era stato richiesto,pare sia tornato tutto alla normalita', phew:O