|
| Precedente :: Successivo |
| Autore |
Messaggio |
carleto74
Mortale devoto
Registrato: 30/08/13 08:57
Messaggi: 5
|
 Inviato: 30 Ago 2013 09:03 Oggetto: Windows Firewall & Antivirus disattivati |
 |
|
ciao a tutti
uso windows xp sp3, da un paio di giorni il windows firewall e l'antivirus sono disattivati e mi pare impossibile riattivarli manualmente
avrò beccato un virus? ho navigato qua e là e ho visto casi simili...ma non sono riuscito a cavarne fuori granchè.
Allego log hijackthis di questa mattina.....qualcuno può aiutare????
Grazie...
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8.45.57, on 30/08/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
CHROME: 29.0.1547.62
FIREFOX: 23.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\program files\ibm\personal communications\PCS_AGNT.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\program files\ibm\personal communications\tpam.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\Java60\jre\bin\jqs.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
c:\notes\SUService.exe
C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
c:\notes\nsd.exe
C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\IBM\Network Print Information Frontend\npif.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
c:\sdwork\issimgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Drivers\ldlcserv6.exe
C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClientUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32maing.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\program files\ibm\personal communications\tpam.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_it.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [IBM Lotus Sametime Connect] "C:\Program Files\IBM\Lotus\Sametime Connect\rcp\rcplauncher.exe" -noSplash
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [Windows Game Service] C:\Windows\Sys\smess.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LG LinkAir] C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
O4 - HKCU\..\Run: [Nokia Internet Modem] "C:\Program Files\Nokia\Nokia Internet Modem\WellPhone2.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe -update plugin (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe -update plugin (User 'Default user')
O4 - Global Startup: Network Print Information Frontend.lnk = C:\Program Files\IBM\Network Print Information Frontend\npif.exe
O4 - Global Startup: PGP Tray.lnk = ?
O4 - Global Startup: SCHEDULE.BAT.lnk = C:\TSMIGA\SCHEDULE.BAT
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - res://C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - res://C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - res://C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - res://C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
O8 - Extra context menu item: LG Air Sync Option - res://C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265740432187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com,rot.it.ibm.com,romelab.it.ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com,rot.it.ibm.com,romelab.it.ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com,rot.it.ibm.com,romelab.it.ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Client Tivoli Endpoint Manager (BESClient) - IBM Corp. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: csrcmds - IBM Corporation - C:\program files\ibm\personal communications\csrcmds.exe
O23 - Service: IBM Command Line Trace (cstrcser) - IBM Corporation - C:\WINDOWS\system32\drivers\cstrcser.exe
O23 - Service: DB2 Management Service (DB2COPY1) (DB2MGMTSVC_DB2COPY1) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intelligent Response Agent - Unknown owner - C:\Program Files\MANDIANT\MANDIANT Intelligent Response Agent\miragent.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\c4ebreg\c4ebreg.exe
O23 - Service: ISSI (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - IBM - C:\Program Files\IBM\Java60\jre\bin\jqs.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv6.exe
O23 - Service: Lenovo Microphone Mute (Lenovo.micmute) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Servizio Lotus Notes Smart Upgrade (LNSUSvc) - IBM Corp - c:\notes\SUService.exe
O23 - Service: Diagnostica Lotus Notes (Lotus Notes Diagnostics) - IBM - c:\notes\nsd.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
O23 - Service: AT&T Global Network Client Service (NetClientSvc) - AT&T - C:\Program Files\AT&T Network Client\NetClientSvc.exe
O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: IBM Tivoli Endpoint Manager for Remote Control - Target (TRCTARGET) - IBM Corporation - C:\Program Files\IBM\Tivoli\Remote Control\Target\trc_base.exe
O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: Wacom Consumer Service (WTabletServiceCon) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
--
End of file - 20502 bytes |
|
| Top |
|
 |
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 30 Ago 2013 18:48 Oggetto: |
|
|
Ciao.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":
| Citazione: | O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32maing.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\program files\ibm\personal communications\tpam.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility" - See more at: http://forum.zeusnews.com/viewtopic.php?t=63787#sthash.7BzIKbi4.dpuf
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.7.2\pmonmh.exe
O4 - HKLM\..\Run: [ISSI Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [Isamtray] "C:\Program Files\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_MX_Download-Version\TrayServer_it.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [IBM Lotus Sametime Connect] "C:\Program Files\IBM\Lotus\Sametime Connect\rcp\rcplauncher.exe" -noSplash
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [Windows Game Service] C:\Windows\Sys\smess.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c - See more at: http://forum.zeusnews.com/viewtopic.php?t=63787#sthash.7BzIKbi4.dpuf
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265740432187
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.5.0) - http://
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http://
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java2 Runtime Environment 1.6.0) - http:// - See more at: http://forum.zeusnews.com/viewtopic.php?t=63787#sthash.7BzIKbi4.dpuf
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe |
Pulisci i files temporanei con CCleaner (registro compreso)
http://forum.zeusnews.com/viewtopic.php?p=282670#282670
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".
N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.
Poi:
Segui le istruzioni di questo topic per usare MBAM: (ricorda di aggiornarlo prima della scansione)
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa. (NON veloce)
Elimina gli eventuali file infetti trovati.
Posta il log.
Per postare i log segui queste indicazioni:
Collegati ad internet e vai alla pagina WikiSend:
link
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum. |
|
| Top |
|
|
carleto74
Mortale devoto
Registrato: 30/08/13 08:57
Messaggi: 5
|
| Inviato: 31 Ago 2013 17:33 Oggetto: |
|
|
grazie mille per l'intervento...
ecco il link al log di MBAM
mbam-log-2013-08-31 (10-28-09).txt
attendo istruzioni...e grazie ancora davvero |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 31 Ago 2013 19:45 Oggetto: |
|
|
Ciao.
Scarica Adwcleaner sul desktop:
link
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Controlliamo se tutto è a posto con OTL:
Fai questa scansione con OTL.
http://forum.zeusnews.com/viewtopic.php?t=51382
Posta i 2 log, sempre con Wikisend. |
|
| Top |
|
|
carleto74
Mortale devoto
Registrato: 30/08/13 08:57
Messaggi: 5
|
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 01 Set 2013 12:03 Oggetto: |
|
|
Avvia OTL.
Sotto "Custom Scans\Fixes" copia-incolla questo codice:
| Codice: | :OTL
IE - HKU\S-1-5-21-88417343-1165129603-1233168794-500\..\SearchScopes\{82837FCE-DB4B-444B-B68F-81C2A9494514}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYIT&apn_uid=72689fa2-cf63-49f3-bdf0-63ff083eeed6&apn_sauid=56033891-895B-4F62-8E5C-62D279B43C34
FF - prefs.js..extensions.enabledItems: admin@zbani.com:1.01
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
[2011/07/18 13.22.24 | 000,000,000 | ---D | M] ("Zbani Toolbar") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\admin@zbani.com
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_168_Plugin.exe -update plugin File not found
O33 - MountPoints2\{96585160-5746-11e0-93f8-70f395445a06}\Shell\Shell00\Command - "" = F:\Start.exe
O33 - MountPoints2\{96585164-5746-11e0-93f8-70f395445a06}\Shell - "" = AutoRun
O33 - MountPoints2\{96585164-5746-11e0-93f8-70f395445a06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{96585164-5746-11e0-93f8-70f395445a06}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msw0vks.exe
O33 - MountPoints2\{96585164-5746-11e0-93f8-70f395445a06}\Shell\open\command - "" = G:\msw0vks.exe
O33 - MountPoints2\{b721d912-82f9-11e0-9447-70f395445a06}\Shell - "" = AutoRun
O33 - MountPoints2\{b721d912-82f9-11e0-9447-70f395445a06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b721d912-82f9-11e0-9447-70f395445a06}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{ba448b30-83ad-11e0-944a-70f395445a06}\Shell - "" = AutoRun
O33 - MountPoints2\{ba448b30-83ad-11e0-944a-70f395445a06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ba448b30-83ad-11e0-944a-70f395445a06}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msw0vks.exe
O33 - MountPoints2\{ba448b30-83ad-11e0-944a-70f395445a06}\Shell\open\command - "" = msw0vks.exe
O33 - MountPoints2\{d7fbe76a-ede2-11df-9339-70f395445a06}\Shell - "" = AutoRun
O33 - MountPoints2\{d7fbe76a-ede2-11df-9339-70f395445a06}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d7fbe76a-ede2-11df-9339-70f395445a06}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL msw0vks.exe
O33 - MountPoints2\{d7fbe76a-ede2-11df-9339-70f395445a06}\Shell\open\command - "" = F:\msw0vks.exe
[2013/08/29 20.32.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
[2013/08/29 20.25.18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/08/29 20.25.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\adawarebp
[2013/08/29 20.25.15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/08/29 20.25.10 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2013/08/29 20.22.06 | 005,616,264 | ---- | C] (Lavasoft Limited) -- C:\Documents and Settings\Administrator\Desktop\Adaware_Installer.exe
[2013/04/19 20.49.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wacom
:Files
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot] |
Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.
Dimmi come funziona il pc, e se riscontri problemi. |
|
| Top |
|
|
carleto74
Mortale devoto
Registrato: 30/08/13 08:57
Messaggi: 5
|
| Inviato: 01 Set 2013 18:23 Oggetto: |
|
|
il log qui
09012013_174851.log
il pc sembra comportarsi decentemente...forse si è un po' velocizzato (ha le sue lentezze di sempre comunque).
Ci lavoro un po' e ti dico meglio.
Il problema principale (firewall windows impossibile da attivare/disattivare , anche dal pannello di controllo) resta 
Attendo commenti/indicazioni.....grazie! |
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 01 Set 2013 20:09 Oggetto: |
|
|
Scarica TDSSKiller sul desktop:
link
Fai doppio clik su TDSSKiller.exe
Clicca su:
Change parameters.
Metti la spunta su "detect tdlfs file system" e "verify file digital signature"
Clicca OK.
Poi clicca su "Start Scan"
Se trova qualche infezione di default avrai l'opzione "Cure" per cui, clicca su "Continue".
Se un file sospetto viene trovato,l'azione di default sarà "skip",clicca su "Continue".
Se è richiesto il riavvio,(Reboot) acconsenti. (per eliminare l'infezione è necessario riavviare il pc)
Se nessun riavvio è richiesto clicca su report e salva il contenuto in un file di testo.
Il log lo trovi in C:\
Postalo qui, con Wikisend.
Poi:
scarica Scanner Servizio Farbar sul desktop :
link
Metti un segno di spunta in tutte le caselle sul lato sinistro.
Clicca su "Scan".
Si creerà un log (FSS.txt) nella stessa directory in cui viene eseguito lo strumento.
Posta il log. |
|
| Top |
|
|
carleto74
Mortale devoto
Registrato: 30/08/13 08:57
Messaggi: 5
|
|
| Top |
|
|
R16
Dio maturo
Registrato: 07/03/08 22:58
Messaggi: 10129
|
| Inviato: 03 Set 2013 17:58 Oggetto: |
 |
|
Ciao.
scarica Windows Repair (All In One)
link
Installalo.
Avvia il programma Repair_Windows .
Clicca sulla scheda "Start Repairs".
Ti chiederà di fare un Backup del registro.
Clicca NO.
Quando ha finito, clicca su "Start".
Metti la spunta a: (se trovi le caselline tutte spuntate clicca su : "Unselect All")
Repair WMI
Repair Windows Firewall
Remove Policies Set By Infections
Set Windows Services To default startup.
Ora, nella parte in basso a destra, seleziona la casella "Restart / Shutdown System When Finished"
Quindi assicurarsi che il pulsante di opzione "Restart System" sia abilitato. (se manca la spunta, la metti)
Clicca "Start".
Aspetta pazientemente che le eventuali riparazioni siano effettuate.
Dovrebbe riavviarsi automaticamente il pc.
VEdi se puoi abilitare Windows Firewall. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
