Software / Utility

Eliminare file sospetti con hijackthis

Inviata da sacripante il 24 ottobre 2012 - alle ore 23:35:34

Giannimmu sono sempre io (bertozzi angelo) e ti rispondo usando IE dopo avere fatto una nuova registrazione con un nikname. Ti mando la copia del filelog di HijackThis di alcuni giorni fa.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:21, on 22/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Utente\Documents\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 204.9.178.11 typepad.com
O1 - Hosts: 74.13.12.32 istockphoto.com
O1 - Hosts: 208.914.0.38 yfrog.com
O1 - Hosts: 123.125.5.22 126.com
O1 - Hosts: 174.36.28.11 SlideShare.com
O1 - Hosts: 213.238.60.19 xing.com
O1 - Hosts: 59.16.98.139 seesaa.net
O1 - Hosts: 184.72.23.170 hootsuite.com
O1 - Hosts: 211.151.160.16 soku.com
O1 - Hosts: 72.321.12.222 metacafe.com
O1 - Hosts: 204.11.19.13 tribalfusion.com
O1 - Hosts: 207.154.104.31 tripadvisor.com
O1 - Hosts: 216.52.20.133 ustream.tv
O1 - Hosts: 174.36.24.132 linkwithin.com
O1 - Hosts: 121.67.23.61 scan.novirusthanks.org
O1 - Hosts: 209.172.34.139 imagevenue.com
O1 - Hosts: 91.206.212.220 booking.com
O1 - Hosts: 118.69.21.6 vnexpress.net
O1 - Hosts: 208.85.40.80 pandora.com
O1 - Hosts: 194.16.21.157 softonic.com
O1 - Hosts: 208.83.23.15 match.com
O1 - Hosts: 202.57.69.84 nwt.com
O1 - Hosts: 65.1.03.80 nttnavi.com
O1 - Hosts: 72.51.41.235 nrk.no
O1 - Hosts: 110.16.19.17 nozonedata.com
O1 - Hosts: 76.16.3.21 nachtagenten.com
O1 - Hosts: 195.82.240.124 musicmatch.com
O1 - Hosts: 70.52.56.13 moscowtimes.com
O1 - Hosts: 124.217.235.76 gsn.com
O1 - Hosts: 61.178.63.198 mgd.com
O1 - Hosts: 174.142.24.25 mediastorm.hu
O1 - Hosts: 38.113.207.59 media-servers.com
O1 - Hosts: 116.66.206.161 m5prod.com
O1 - Hosts: 74.175.65.66 lupa.com
O1 - Hosts: 207.20.66.53 liveintercom.com
O1 - Hosts: 71.96.135.201 keenspace.com
O1 - Hosts: 202.51.17.37 jetsoftware.com
O1 - Hosts: 60.21.54.08 jamba.com
O1 - Hosts: 222.161.3.13 ir.com
O1 - Hosts: 200.24.22.70 investopedia.com
O1 - Hosts: 202.19.24.216 choiceradio.com
O1 - Hosts: 91.206.213.22 booking.com
O1 - Hosts: 118.69.251.6 vnexpress.net
O1 - Hosts: 141.76.5.18 chip.com
O1 - Hosts: 128.06.192.15 redv.net
O1 - Hosts: 194.42.170.124 cgi.com
O1 - Hosts: 199.26.24.66 centcomm.com
O1 - Hosts: 202.19.241.26 digitalnook.com
O1 - Hosts: 60.251.19.134 domainfactory.com
O1 - Hosts: 222.161.5.103 dvdfocomm.nu
O1 - Hosts: 157.95.58.15 e-kolay.com
O1 - Hosts: 85.29.231.15 eurosport.com
O1 - Hosts: 189.104.19.61 f1cd.com
O1 - Hosts: 125.162.912.234 free6.com
O1 - Hosts: 80.81.19.20 cdsoftware.com
O1 - Hosts: 85.29.23.115 adware-delete.com
O1 - Hosts: 69.89.221.135 hbv.com
O1 - Hosts: 92.48.210.39 protectorsuite.com
O1 - Hosts: 128.31.3.16 howstuffworks.com
O1 - Hosts: 85.249.23.17 hyena.com
O1 - Hosts: 219.19.180.59 zinfo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TBSB09850 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsa4CBF.tmp\tbcore3.dll
O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O3 - Toolbar: ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files (x86)\ChatZum Toolbar\tbunsa4CBF.tmp\tbcore3.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [E08IXLRD_25020407] "C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m
O8 - Extra context menu item: Free YouTube Download - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{913CAD1B-C27C-470C-B993-43641962AB9B}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDA6BD6-D15F-43B8-9952-E51EB495126E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB7F3364-9484-4420-8315-2E8148C780A1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Utente\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13255 bytes

Soluzioni della community
Inviato il 25 ottobre 2012 alle ore 0:21:14

Ok; ho ricevuto il file e lo esaminerò domani, ora è troppo tardi. A risentirci, buona notte.

Vota la soluzione:

Sto salvando...
Inviato il 25 ottobre 2012 alle ore 6:12:19

Ecco i risultati: in effetti di malware ce n'è, come chatzum; riporto qui sotto il file di log corretto: cancella tutte le righe in grassetto

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:54:21, on 22/10/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Users\Public\Documents\AppData\PoApp\PService.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Utente\Documents\Trend Micro\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.13.12.32 istockphoto.com

O1 - Hosts: 208.914.0.38 yfrog.com

O1 - Hosts: 123.125.5.22 126.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 213.238.60.19 xing.com

O1 - Hosts: 59.16.98.139 seesaa.net

O1 - Hosts: 184.72.23.170 hootsuite.com

O1 - Hosts: 211.151.160.16 soku.com

O1 - Hosts: 72.321.12.222 metacafe.com

O1 - Hosts: 204.11.19.13 tribalfusion.com

O1 - Hosts: 207.154.104.31 tripadvisor.com

O1 - Hosts: 216.52.20.133 ustream.tv

O1 - Hosts: 174.36.24.132 linkwithin.com

O1 - Hosts: 121.67.23.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.212.220 booking.com

O1 - Hosts: 118.69.21.6 vnexpress.net

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.16.21.157 softonic.com

O1 - Hosts: 208.83.23.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.1.03.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.17 nozonedata.com

O1 - Hosts: 76.16.3.21 nachtagenten.com

O1 - Hosts: 195.82.240.124 musicmatch.com

O1 - Hosts: 70.52.56.13 moscowtimes.com

O1 - Hosts: 124.217.235.76 gsn.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.24.25 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.20.66.53 liveintercom.com

O1 - Hosts: 71.96.135.201 keenspace.com

O1 - Hosts: 202.51.17.37 jetsoftware.com

O1 - Hosts: 60.21.54.08 jamba.com

O1 - Hosts: 222.161.3.13 ir.com

O1 - Hosts: 200.24.22.70 investopedia.com

O1 - Hosts: 202.19.24.216 choiceradio.com

O1 - Hosts: 91.206.213.22 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 141.76.5.18 chip.com

O1 - Hosts: 128.06.192.15 redv.net

O1 - Hosts: 194.42.170.124 cgi.com

O1 - Hosts: 199.26.24.66 centcomm.com

O1 - Hosts: 202.19.241.26 digitalnook.com

O1 - Hosts: 60.251.19.134 domainfactory.com

O1 - Hosts: 222.161.5.103 dvdfocomm.nu

O1 - Hosts: 157.95.58.15 e-kolay.com

O1 - Hosts: 85.29.231.15 eurosport.com

O1 - Hosts: 189.104.19.61 f1cd.com

O1 - Hosts: 125.162.912.234 free6.com

O1 - Hosts: 80.81.19.20 cdsoftware.com

O1 - Hosts: 85.29.23.115 adware-delete.com

O1 - Hosts: 69.89.221.135 hbv.com

O1 - Hosts: 92.48.210.39 protectorsuite.com

O1 - Hosts: 128.31.3.16 howstuffworks.com

O1 - Hosts: 85.249.23.17 hyena.com

O1 - Hosts: 219.19.180.59 zinfo.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)

O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: TBSB09850 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsa4CBF.tmp\tbcore3.dll

O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)

O3 - Toolbar: ChatZum Toolbar - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - C:\Program Files (x86)\ChatZum Toolbar\tbunsa4CBF.tmp\tbcore3.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe

O4 - HKCU\..\Run: [E08IXLRD_25020407] "C:\Program Files (x86)\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m

O8 - Extra context menu item: Free YouTube Download - C:\Users\Utente\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files (x86)\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{913CAD1B-C27C-470C-B993-43641962AB9B}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDA6BD6-D15F-43B8-9952-E51EB495126E}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{AB7F3364-9484-4420-8315-2E8148C780A1}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Utente\AppData\Local\PosService\Pos.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Utente\AppData\Local\ServUpdater\ServiceUpd.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13255 bytes

Vota la soluzione:

Sto salvando...

( voti 1 - voto medio 1.0 )

Commento di sacripante del 25 ottobre 2012- alle ore 16:46:30

ma devo cancellare quelle nel tuo post o dal filelog originale?

Inviato il 25 ottobre 2012 alle ore 16:46:39

Segui i consigli i giannimmu, quelli che ti ha indicato in grassetto sono da ELIMINARE.

Vota la soluzione:

Sto salvando...

( voti 1 - voto medio 1.0 )

Inviato il 25 ottobre 2012 alle ore 17:16:26

Devi cancellarli dal programma: HijackThis apre una finestra che riporta tutto quello che trova che si avvia in automatico; copia di questa finestra la salva in un file log. Tu non devi curarti ora del file log, ma mettere la spunta nella finestra del programma stesso a tutte le righe che ti ho contrassegnato, poi spingere il tasto in basso sulla sinistra "Fix Checked"; sarebbe meglio eseguire HijackThis in modalità provvisoria, perché potrebbe essere impossibile cancellare alcune voci in modalità normale. Dopo la cancellazione ed aver riavviato è, comunque, consigliabile una pulizia sia dei files che del registro di configurazione con CCleaner (http://www.ccleaner.com).

Vota la soluzione:

Sto salvando...

( voti 1 - voto medio 1.0 )

Commento di sacripante del 25 ottobre 2012- alle ore 20:07:23

Non hai risolto il tuo problema?
Chiedi l’assistenza di un nostro Esperto con i servizi Premium!

Posta la tua soluzione

Sai come risolvere questo problema?

Condividi la soluzione con gli altri utenti di Techassistance

Non hai trovato la soluzione che cercavi? continua a navigare nelle categorie: Software - Utility


Ufficio, Editor/Word processing/applicazioni, Pim/Agende/Rubriche, Sicurezza, Browser, Web application, Sviluppo, Sistema, Masterizzazione, Windows, Utility, Giochi, Internet, Database, Antivirus...



    • Assistenza a domicilio
    • Se hai un problema tecnologico per il quale necessiti dell'intervento di un tecnico specializzato, puoi utilizzare il nuovo servizio "Assistenza a domicilio". Potrai così contattare i tecnici specializzati Techassistance che risiedono nella tua zona per chiedere loro un preventivo gratuito su un intervento di assistenza direttamente presso la tua abitazione.

      Voglio saperne di più..

© Copyright 2010 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa. Tutti i diritti sono riservati Contatti: info@techassistance.it • Informativa sulla Privacy • Condizioni di utilizzo