MOBOGENIE
Regole del forum
- crazy.cat
- Amministratore
- Messaggi: 12487
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: MOBOGENIE
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Re: MOBOGENIE
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Re: MOBOGENIE
Fammi sapere
- crazy.cat
- Amministratore
- Messaggi: 12487
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: MOBOGENIE
Hai controllato le impostazioni in Generale?popmart68 ha scritto:quando apro firefox mi riparte dalla pagina appena chiusa,non in quella principale di firefox..
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
- crazy.cat
- Amministratore
- Messaggi: 12487
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: MOBOGENIE
Attivala.popmart68 ha scritto:sem hitmanpro mi a torvato alcune cose dannose ma non me li ha eliminate perchè mi dice di attivare la licenza....
Ha la durata di 30 giorni e non devi pagare niente.
- crazy.cat
- Amministratore
- Messaggi: 12487
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: MOBOGENIE
Posta il report di cosa ha trovato e vediamo come eliminarlo.
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Codice: Seleziona tutto
HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : MARCELLO
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : MARCELLO\marcello vindigni
License . . . . . . . : Free
Scan date . . . . . . : 2014-05-12 09:24:38
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 31s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 6
Objects scanned . . . : 657.641
Files scanned . . . . : 12.743
Remnants scanned . . : 209.915 files / 434.983 keys
Potential Unwanted Programs _________________________________________________
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application\Wpm\ (FTDownloader)
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader)
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Codice: Seleziona tutto
HitmanPro 3.7.9.216
www.hitmanpro.com
Computer name . . . . : MARCELLO
Windows . . . . . . . : 5.1.3.2600.X86/2
User name . . . . . . : MARCELLO\marcello vindigni
License . . . . . . . : Free
Scan date . . . . . . : 2014-05-12 09:37:21
Scan mode . . . . . . : Normal
Scan duration . . . . : 6m 52s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 8
Objects scanned . . . : 657.505
Files scanned . . . . : 12.760
Remnants scanned . . : 209.920 files / 434.825 keys
Potential Unwanted Programs _________________________________________________
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\Wpm\ (FTDownloader)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\ControlSet003\Services\Eventlog\Application\Wpm\ (FTDownloader)
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService\ (FTDownloader)
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm\ (FTDownloader)
Cookies _____________________________________________________________________
C:\Documents and Settings\marcello vindigni\Dati applicazioni\Mozilla\Firefox\Profiles\x8oupw31.default-1399302629015\cookies.sqlite:doubleclick.net
C:\Documents and Settings\marcello vindigni\Dati applicazioni\Mozilla\Firefox\Profiles\x8oupw31.default-1399302629015\cookies.sqlite:serving-sys.com
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9.09.28, on 12/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG2014\avgidsagent.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
C:\Programmi\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Malwarebytes Anti-Malware\mbam.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
H:\ANTIVIRUS MEGA LAB\HijackThisPortable\HijackThisPortable.exe
H:\ANTIVIRUS MEGA LAB\HijackThisPortable\App\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GB_UPDATE] "C:\Programmi\Razer\Razer Game Booster\AutoUpdate.exe" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E72AD-789C-4F2A-95D7-AC914C67B6AB}: NameServer = 193.70.152.25 212.52.97.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 8859 bytes
Scan saved at 9.09.28, on 12/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG2014\avgidsagent.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
C:\Programmi\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Malwarebytes Anti-Malware\mbam.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
H:\ANTIVIRUS MEGA LAB\HijackThisPortable\HijackThisPortable.exe
H:\ANTIVIRUS MEGA LAB\HijackThisPortable\App\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GB_UPDATE] "C:\Programmi\Razer\Razer Game Booster\AutoUpdate.exe" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E72AD-789C-4F2A-95D7-AC914C67B6AB}: NameServer = 193.70.152.25 212.52.97.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 8859 bytes
- crazy.cat
- Amministratore
- Messaggi: 12487
- Iscritto il: mer mag 01, 2013 4:02 pm
- Località: Noventa Padovana
- Contatta:
Re: MOBOGENIE
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Malwarebytes Anti-Malware
www.malwarebytes.org
Data scansione: 12/05/2014
Ora scansione: 12.35.15
File di log: ok.txt
Amministratore: Si
Versione: 2.00.1.1004
Database malware: v2014.05.12.01
Database rootkit: v2014.03.27.01
Licenza: Prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Attivata
Chameleon: Disattivata
SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: marcello vindigni
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 322024
Tempo impiegato: 2 ore, 40 min, 33 sec
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Shuriken: Attivata
PUP: Attivata
PUM: Attivata
Processi: 0
(No malicious items detected)
Moduli: 0
(No malicious items detected)
Chiavi di registro: 5
Rogue.WinAntiVirus, HKU\S-1-5-21-1844237615-1547161642-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, , [4cb4817fff0113ede4fe3e071fe3a957],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BlockAndSurf, , [f60a35cb30d0dd23fcf093f361a104fc],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayerplus, , [e21e46ba768ae31d207f384fa062e818],
PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartSaver+ 23, , [c43c956b0ff1a0603712048bdd251ae6],
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\The weDownload Manager, , [b34ddf21748c39c7193f1a78bb47c43c],
Valori di registro: 0
(No malicious items detected)
Dati di registro: 4
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Buono: (0), Cattivo (1),,[c63a916fcf31966a2f2775c913f1f808]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Buono: (0), Cattivo (1),,[fb0527d91fe1ed1378df9da130d4758b]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Buono: (0), Cattivo (1),,[cd33ce327d832fd1e177dc62a46025db]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1844237615-1547161642-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Buono: (1), Cattivo (0),,[5fa1936dd12faa562ca6241bd43050b0]
Cartelle: 0
(No malicious items detected)
File: 4
PUP.Optional.IePluginService.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\fullpackage_temp1399294241\tmp\SupTab.exe, , [6f91ea1649b7f7094be3a5b0ba4760a0],
PUP.Optional.Fortunitas.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\FortunitasSetup.exe, , [a35d0ef28a768080910540d8b3519f61],
PUP.Optional.SkyTech.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\lly_webssearches.exe .exe, , [36cad729de220ef2c04e0a4b12ef24dc],
PUP.Optional.CrossRider.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\mediaplayerpluuss.exe, , [c13f04fc16ea4eb2bcab48fb7b8527d9],
Settori fisici: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Data scansione: 12/05/2014
Ora scansione: 12.35.15
File di log: ok.txt
Amministratore: Si
Versione: 2.00.1.1004
Database malware: v2014.05.12.01
Database rootkit: v2014.03.27.01
Licenza: Prova
Protezione da malware: Attivata
Protezione da siti web nocivi: Attivata
Chameleon: Disattivata
SO: Windows XP Service Pack 3
CPU: x86
File system: NTFS
Utente: marcello vindigni
Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 322024
Tempo impiegato: 2 ore, 40 min, 33 sec
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Attivata
Shuriken: Attivata
PUP: Attivata
PUM: Attivata
Processi: 0
(No malicious items detected)
Moduli: 0
(No malicious items detected)
Chiavi di registro: 5
Rogue.WinAntiVirus, HKU\S-1-5-21-1844237615-1547161642-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}, , [4cb4817fff0113ede4fe3e071fe3a957],
PUP.Optional.BlockAndSurf.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BlockAndSurf, , [f60a35cb30d0dd23fcf093f361a104fc],
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MediaPlayerplus, , [e21e46ba768ae31d207f384fa062e818],
PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SmartSaver+ 23, , [c43c956b0ff1a0603712048bdd251ae6],
PUP.Optional.weDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\The weDownload Manager, , [b34ddf21748c39c7193f1a78bb47c43c],
Valori di registro: 0
(No malicious items detected)
Dati di registro: 4
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Buono: (0), Cattivo (1),,[c63a916fcf31966a2f2775c913f1f808]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Buono: (0), Cattivo (1),,[fb0527d91fe1ed1378df9da130d4758b]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Buono: (0), Cattivo (1),,[cd33ce327d832fd1e177dc62a46025db]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1844237615-1547161642-839522115-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Buono: (1), Cattivo (0),,[5fa1936dd12faa562ca6241bd43050b0]
Cartelle: 0
(No malicious items detected)
File: 4
PUP.Optional.IePluginService.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\fullpackage_temp1399294241\tmp\SupTab.exe, , [6f91ea1649b7f7094be3a5b0ba4760a0],
PUP.Optional.Fortunitas.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\FortunitasSetup.exe, , [a35d0ef28a768080910540d8b3519f61],
PUP.Optional.SkyTech.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\lly_webssearches.exe .exe, , [36cad729de220ef2c04e0a4b12ef24dc],
PUP.Optional.CrossRider.A, C:\Documents and Settings\marcello vindigni\Impostazioni locali\Temp\b5bc5e15-bcf9-4ba5-b829-0085a1c6f2ca\software\mediaplayerpluuss.exe, , [c13f04fc16ea4eb2bcab48fb7b8527d9],
Settori fisici: 0
(No malicious items detected)
(end)
Re: MOBOGENIE
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
H:\ANTIVIRUS MEGA LAB\HijackThisPortable\HijackThisPortable.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.d
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
conosci questo IP 193.70.152.25 212.52.97.25? se non lo conosci elimina anche questa voce:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4E72AD-789C-4F2A-95D7-AC914C67B6AB}: NameServer = 193.70.152.25 212.52.97.25
Per quanto riguarda l'antivirus ti consiglio l'ottimo avira al posto del tuo avg.... spero che non sia andato off topic
ah un ultima cosa .. c'è una nuova versione di hijackthis la puoi scaricare da qui http://sourceforge.net/projects/hjt/.... se non risolvi neanche cosi passiamo ad altro
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.21.12, on 13/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG2014\avgidsagent.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\Programmi\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GB_UPDATE] "C:\Programmi\Razer\Razer Game Booster\AutoUpdate.exe" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 7696 bytes
Scan saved at 17.21.12, on 13/05/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Programmi\AVG\AVG2014\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\AVG\AVG2014\avgidsagent.exe
C:\Programmi\AVG\AVG2014\avgwdsvc.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\AVG\AVG2014\avgnsx.exe
C:\Programmi\AVG\AVG2014\avgemcx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mobile Partner\Mobile Partner.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Programmi\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [GB_UPDATE] "C:\Programmi\Razer\Razer Game Booster\AutoUpdate.exe" /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1844237615-1547161642-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Programmi\File comuni\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.80.1048.0 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
--
End of file - 7696 bytes
Re: MOBOGENIE
NOTA :
Disattiva la protezione in tempo reale del tuo antivirus,disattiva il Ripristino configurazione di sistema e disattiva la connessione prima di eseguirlo.
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
ComboFix 14-05-13.01 - marcello vindigni 14/05/2014 10.12.31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1556 [GMT 2:00]
Eseguito da: c:\documents and settings\marcello vindigni\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
.
.
((((((((((((((((((((((((( Files Creati Da 2014-04-14 al 2014-05-14 )))))))))))))))))))))))))))))))))))
.
.
2014-05-13 15:16 . 2014-05-13 15:16 -------- d-----w- c:\programmi\Trend Micro
2014-05-11 22:04 . 2014-05-12 17:22 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\programmi\Malwarebytes Anti-Malware
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2014-05-11 22:03 . 2014-04-03 07:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 22:03 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 22:00 . 2014-05-11 22:00 -------- d-----w- c:\windows\CryptoGuard
2014-05-07 16:50 . 2014-05-10 18:48 -------- d-----w- c:\programmi\Microsoft Games
2014-05-06 13:24 . 2014-05-06 13:24 -------- d-----w- c:\documents and settings\marcello vindigni\Phone Browser
2014-05-06 06:52 . 2014-05-06 22:10 -------- d-----w- C:\AdwCleaner
2014-05-05 15:03 . 2014-05-11 06:37 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2014-05-05 14:02 . 2014-05-05 14:02 -------- d-----w- c:\documents and settings\marcello vindigni\.android
2014-05-05 13:12 . 2014-05-05 13:12 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\cache
2014-05-05 13:12 . 2014-05-05 13:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-04-20 10:43 . 2014-04-14 17:47 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-20 10:43 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 16:37 . 2014-04-18 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg_Update_0414b
2014-04-17 18:35 . 2014-04-17 18:40 -------- d-----w- c:\programmi\Unlocker
2014-04-17 17:09 . 2014-04-17 17:09 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Avg2014
2014-04-14 17:21 . 2014-04-14 17:23 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Paint.NET
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\FileViewPro
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\OfficeRecovery
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OfficeRecovery.d7cc0641
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 07:19 . 2014-02-17 09:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2014-05-05 07:35 . 2013-10-13 06:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-05 07:35 . 2013-10-13 06:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-18 13:02 . 2013-11-04 20:57 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-03-31 14:11 . 2013-08-01 15:08 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 14:11 . 2013-09-30 23:49 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-03-27 20:15 . 2013-10-31 22:00 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-27 20:14 . 2013-11-05 20:50 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-27 20:04 . 2013-10-24 21:28 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-27 20:04 . 2013-10-31 21:30 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-27 20:03 . 2013-09-09 23:43 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-27 20:03 . 2013-09-16 23:57 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-03-08 16:17 . 2014-03-08 16:17 724992 ----a-w- c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\programmi\AVG\AVG2014\avgui.exe" [2014-04-06 5180432]
"GB_UPDATE"="c:\programmi\Razer\Razer Game Booster\AutoUpdate.exe" [2013-06-05 2051688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-07-26 439568]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-06-07 10:31 819712 ----a-w- c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
2013-05-20 15:46 499712 ----a-w- c:\programmi\Greenshot\Greenshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 ----a-w- c:\programmi\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-06-29 14:29 176128 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-06-24 13:08 860160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24/10/2013 23.28.32 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31/10/2013 23.30.08 238872]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/09/2013 1.43.20 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [05/11/2013 22.50.48 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [04/11/2013 22.57.30 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17/09/2013 1.57.26 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [01/11/2013 0.00.28 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01/08/2013 17.08.52 211224]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2014\avgwdsvc.exe [27/03/2014 22.10.20 291912]
R2 TeamViewer9;TeamViewer 9;c:\programmi\TeamViewer\Version9\TeamViewer_Service.exe [04/12/2013 19.05.43 5341536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/05/2014 0.03.28 23256]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2014\avgidsagent.exe [18/04/2014 15.22.28 3645456]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes Anti-Malware\mbamservice.exe [12/05/2014 0.03.30 857912]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 9.15.08 172192]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [15/12/2013 11.30.56 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [15/12/2013 11.30.55 100736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programmi\Razer\Razer Game Booster\Driver\WinRing0.sys [13/12/2013 18.50.44 14416]
S3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);c:\windows\system32\DRIVERS\vnetusbr.sys --> c:\windows\system32\DRIVERS\vnetusbr.sys [?]
S4 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes Anti-Malware\mbamscheduler.exe [12/05/2014 0.03.30 1809720]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 11.58.16 3275136]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003Core.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003UA.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2014-05-14 c:\windows\Tasks\User_Feed_Synchronization-{4E985625-38A6-4C61-A29A-8067BE8D5E4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com
mStart Page =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\marcello vindigni\Dati applicazioni\Mozilla\Firefox\Profiles\x8oupw31.default-1399302629015\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-ALUAlert - c:\programmi\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Photo Downloader - c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Google Update - c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISTray - c:\programmi\Spyware Doctor\pctsTray.exe
MSConfigStartUp-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-{5F8E5D66-5217-40EB-868D-757BC3F31645} - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{5F8E5~1\Setup.exe
AddRemove-Aero Files - Texture Booster Pack FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-AlphaSim Ka-50 'Black Shark' for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal_FS9Ka50.exe
AddRemove-Carenado F-33A Por Guatesim - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-JustFlight F-117 Nighthawk for FS9 and FSX - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-Mirage 2000 N Basic Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-pack 1 du Rafale B FS9 - c:\programmi\Microsoft games\Flight simulator 9\RafaleBpack1.exe
AddRemove-Rafale C for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Rafale C FS9_Eng.exe
AddRemove-Tailwind Twin Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Tailwind_Uninstal.exe
AddRemove-WoS INSTALLERS FSD PIPER CESSNA 02A WITH FSD REPAINTS - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-14 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2014-05-14 10:22:06
ComboFix-quarantined-files.txt 2014-05-14 08:22
.
Pre-Run: 48.941.703.168 byte disponibili
Post-Run: 48.895.840.256 byte disponibili
.
- - End Of File - - 6BB2B49458D1CD2F4412E2F1AB41AAAE
828E02D5C4A4FBE53441EE9DBEE51F43
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1556 [GMT 2:00]
Eseguito da: c:\documents and settings\marcello vindigni\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Esecuzione precedente -------
.
c:\documents and settings\All Users\Dati applicazioni\TEMP
.
.
((((((((((((((((((((((((( Files Creati Da 2014-04-14 al 2014-05-14 )))))))))))))))))))))))))))))))))))
.
.
2014-05-13 15:16 . 2014-05-13 15:16 -------- d-----w- c:\programmi\Trend Micro
2014-05-11 22:04 . 2014-05-12 17:22 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\programmi\Malwarebytes Anti-Malware
2014-05-11 22:03 . 2014-05-11 22:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2014-05-11 22:03 . 2014-04-03 07:51 50648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-11 22:03 . 2014-04-03 07:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-11 22:00 . 2014-05-11 22:00 -------- d-----w- c:\windows\CryptoGuard
2014-05-07 16:50 . 2014-05-10 18:48 -------- d-----w- c:\programmi\Microsoft Games
2014-05-06 13:24 . 2014-05-06 13:24 -------- d-----w- c:\documents and settings\marcello vindigni\Phone Browser
2014-05-06 06:52 . 2014-05-06 22:10 -------- d-----w- C:\AdwCleaner
2014-05-05 15:03 . 2014-05-11 06:37 -------- d-----w- c:\programmi\Mozilla Maintenance Service
2014-05-05 14:02 . 2014-05-05 14:02 -------- d-----w- c:\documents and settings\marcello vindigni\.android
2014-05-05 13:12 . 2014-05-05 13:12 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\cache
2014-05-05 13:12 . 2014-05-05 13:12 -------- d--h--w- c:\windows\system32\GroupPolicy
2014-04-20 10:43 . 2014-04-14 17:47 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-20 10:43 . 2014-04-14 18:13 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-18 16:37 . 2014-04-18 16:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avg_Update_0414b
2014-04-17 18:35 . 2014-04-17 18:40 -------- d-----w- c:\programmi\Unlocker
2014-04-17 17:09 . 2014-04-17 17:09 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Avg2014
2014-04-14 17:21 . 2014-04-14 17:23 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Paint.NET
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IsolatedStorage
2014-04-14 17:21 . 2014-04-14 17:21 -------- d-----w- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\FileViewPro
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\marcello vindigni\Dati applicazioni\OfficeRecovery
2014-04-14 09:10 . 2014-04-14 09:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\OfficeRecovery.d7cc0641
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 07:19 . 2014-02-17 09:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2014-05-05 07:35 . 2013-10-13 06:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-05 07:35 . 2013-10-13 06:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-18 13:02 . 2013-11-04 20:57 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-03-31 14:11 . 2013-08-01 15:08 211224 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-31 14:11 . 2013-09-30 23:49 108312 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-03-27 20:15 . 2013-10-31 22:00 193304 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-03-27 20:14 . 2013-11-05 20:50 123160 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-03-27 20:04 . 2013-10-24 21:28 150296 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-03-27 20:04 . 2013-10-31 21:30 238872 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-03-27 20:03 . 2013-09-09 23:43 28440 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-03-27 20:03 . 2013-09-16 23:57 22296 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-03-08 16:17 . 2014-03-08 16:17 724992 ----a-w- c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AVG_UI"="c:\programmi\AVG\AVG2014\avgui.exe" [2014-04-06 5180432]
"GB_UPDATE"="c:\programmi\Razer\Razer Game Booster\AutoUpdate.exe" [2013-06-05 2051688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"nwiz"="c:\programmi\NVIDIA Corporation\nview\nwiz.exe" [2013-01-31 1982312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\programmi\File comuni\logishrd\WUApp32.exe" [2008-07-26 439568]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
2005-06-07 10:31 819712 ----a-w- c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
2013-05-20 15:46 499712 ----a-w- c:\programmi\Greenshot\Greenshot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 16:15 2407184 ----a-w- c:\programmi\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ----a-w- c:\programmi\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2005-06-29 14:29 176128 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
2005-06-24 13:08 860160 ----a-w- c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 16:46 20922016 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Dati applicazioni\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Documents and Settings\\marcello vindigni\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Programmi\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Programmi\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [24/10/2013 23.28.32 150296]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [31/10/2013 23.30.08 238872]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [10/09/2013 1.43.20 28440]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [05/11/2013 22.50.48 123160]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [04/11/2013 22.57.30 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [17/09/2013 1.57.26 22296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [01/11/2013 0.00.28 193304]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01/08/2013 17.08.52 211224]
R2 avgwd;AVG WatchDog;c:\programmi\AVG\AVG2014\avgwdsvc.exe [27/03/2014 22.10.20 291912]
R2 TeamViewer9;TeamViewer 9;c:\programmi\TeamViewer\Version9\TeamViewer_Service.exe [04/12/2013 19.05.43 5341536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/05/2014 0.03.28 23256]
S2 AVGIDSAgent;AVGIDSAgent;c:\programmi\AVG\AVG2014\avgidsagent.exe [18/04/2014 15.22.28 3645456]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes Anti-Malware\mbamservice.exe [12/05/2014 0.03.30 857912]
S2 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [23/10/2013 9.15.08 172192]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [15/12/2013 11.30.56 114432]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [15/12/2013 11.30.55 100736]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\programmi\Razer\Razer Game Booster\Driver\WinRing0.sys [13/12/2013 18.50.44 14416]
S3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);c:\windows\system32\DRIVERS\vnetusbr.sys --> c:\windows\system32\DRIVERS\vnetusbr.sys [?]
S4 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes Anti-Malware\mbamscheduler.exe [12/05/2014 0.03.30 1809720]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe [09/10/2013 11.58.16 3275136]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-05-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003Core.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1844237615-1547161642-839522115-1003UA.job
- c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2013-12-16 09:33]
.
2014-05-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
2014-05-14 c:\windows\Tasks\User_Feed_Synchronization-{4E985625-38A6-4C61-A29A-8067BE8D5E4C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://www.google.com
mStart Page =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\marcello vindigni\Dati applicazioni\Mozilla\Firefox\Profiles\x8oupw31.default-1399302629015\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-Cmaudio - cmicnfg.cpl
HKU-Default-Run-ALUAlert - c:\programmi\Symantec\LiveUpdate\ALUNotify.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-Adobe Photo Downloader - c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-Google Update - c:\documents and settings\marcello vindigni\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISTray - c:\programmi\Spyware Doctor\pctsTray.exe
MSConfigStartUp-updateMgr - c:\programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-{5F8E5D66-5217-40EB-868D-757BC3F31645} - c:\docume~1\ALLUSE~1\DATIAP~1\TARMAI~1\{5F8E5~1\Setup.exe
AddRemove-Aero Files - Texture Booster Pack FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-AlphaSim Ka-50 'Black Shark' for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal_FS9Ka50.exe
AddRemove-Carenado F-33A Por Guatesim - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-JustFlight F-117 Nighthawk for FS9 and FSX - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
AddRemove-Mirage 2000 N Basic Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Uninstal.exe
AddRemove-pack 1 du Rafale B FS9 - c:\programmi\Microsoft games\Flight simulator 9\RafaleBpack1.exe
AddRemove-Rafale C for FS9 - c:\programmi\Microsoft Games\Flight Simulator 9\Rafale C FS9_Eng.exe
AddRemove-Tailwind Twin Pack - c:\programmi\Microsoft Games\Flight Simulator 9\Tailwind_Uninstal.exe
AddRemove-WoS INSTALLERS FSD PIPER CESSNA 02A WITH FSD REPAINTS - c:\documents and settings\marcello vindigni\Desktop\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-14 10:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(744)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2014-05-14 10:22:06
ComboFix-quarantined-files.txt 2014-05-14 08:22
.
Pre-Run: 48.941.703.168 byte disponibili
Post-Run: 48.895.840.256 byte disponibili
.
- - End Of File - - 6BB2B49458D1CD2F4412E2F1AB41AAAE
828E02D5C4A4FBE53441EE9DBEE51F43
Re: MOBOGENIE
Ps. per rimuovere Combofix scarica Otl da http://www.geekstogo.com/forum/files/fi ... s-list-it/ avvialo e clicca cleanup, alla richiesta di riavvio accetta e Combofix verrà rimosso completamente.
Scarica Junkware Removal Tool da http://thisisudax.org/ e avvialo, farà tutto lui posta il log.
Riscontri ancora il problema?
- popmart68
- Livello: Disco fisso (9/15)
- Messaggi: 621
- Iscritto il: gio lug 04, 2013 11:13 am
- Località: POZZALLO (RG))
- Contatta:
Re: MOBOGENIE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by marcello vindigni on 15/05/2014 at 15.03.25,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2014 at 15.14.51,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by marcello vindigni on 15/05/2014 at 15.03.25,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/05/2014 at 15.14.51,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: MOBOGENIE
Per rimuovere completamente avg usa Avg remover scaricabile da http://download.avg.com/filedir/util/su ... 4_4116.exe mentre per avira il link è questo http://install.avira-update.com/package ... v___ws.exe
Ps hai ancora il report di Hitmanpro? se si postalo.
Re: MOBOGENIE
Spero di esserti stato d'aiuto.