Importante Richiesta controllo Logfile of HijackThis

Sto cercando di fare pulizia e togliere un pò di sporcizia al computer dei miei vicini.

Chi da una controllata a questo log? Grazie :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.57.30, on 29/10/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Dati applicazioni\IePluginServices\PluginService.exe
C:\Documents and Settings\All Users\Dati applicazioni\WindowsMangerProtect\ProtectWindowsManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CandyBox\aus.exe
C:\Programmi\ver0BlockAndSurf\c9uG181.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\CandyBox\cab.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Documents and Settings\Utente\Dati applicazioni\VOPackage\VOsrv.exe
C:\Programmi\Settings Manager\smdmf\SmdmFService.exe
C:\Programmi\SupTab\HpUI.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TermTutor\Service\ttsvc.exe
C:\Programmi\Techgile\updateTechgile.exe
C:\Programmi\Settings Manager\smdmf\SmdmFService.exe
C:\Programmi\SupTab\Loader32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programmi\CandyBox\cab.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ConvertAd\ConvertAd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\utente\impostazioni locali\dati applicazioni\genesis_10201819\genesis_10201819.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ContextFree\nvcmd.exe
C:\Programmi\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Smartbar\Application\Smartbar.exe
C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Smartbar\Application\Lrcnta.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ci_PUoEgmx0UyVqkt3wZyEd_Z3zoeJKl70wQLkkRvPv2K2Q1wzgx2Wn2Ts6qMKwQ68HSv4BKi7K0OaL0M9k1_j7nagxrXsDaiwWpjSxYEWzuKazqok7Fadk4k8EVf7qKDiFE80M7voFAE-7qgtqc9hfw0UFQdg0Vgi&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ci_PUoEgmx0UyVqkt3wZyEd_Z3zoeJKl70wQLkkRvPv2K2Q1wzgx2Wn2Ts6qMKwQ68HSv4BKi7K0OaL0M9k1_j7nagxrXsDaiwWpjSxYEWzuKazqok7Fadk4k8EVf7qKDiFE80M7voFAE-7qgtqc9hfw0UFQdg0Vgi&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ci_PUoEgmx0UyVqkt3wZyEd_Z3zoeJKl70wQLkkRvPv2K2Q1wzgx2Wn2Ts6qMKwQ68HSv4BKi7K0OaL0M9k1_j7nagxrXsDaiwWpjSxYEWzuKazqok7Fadk4k8EVf7qKDiFE80M7voFAE-7qgtqc9hfw0UFQdg0Vgi&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StOI93zwfugoWJItNRYPZ4VbE2sMC5kTdDjUEv72ci_PUoEgmx0UyVqkt3wZyEd_Z3zoeJKl70wQLkkRvPv2K2Q1wzgx2Wn2Ts6qMKwQ68HSv4BKi7K0OaL0M9k1_j7nagxrXsDaiwWpjSxYEWzuKazqok7Fadk4k8EVf7qKDiFE80M7voFAE-7qgtqc9hfw0UFQdg0Vgi&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mystartsearch.com/web/?type=ds&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mystartsearch.com/web/?type=ds&ts=1413908725&from=tt4u&uid=ST3250318AS_9VY0NP3TXXXX9VY0NP3T&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13797;https=127.0.0.1:13797
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BlockAndSurf - {207E3D13-03DA-4096-4879-6A1554691650} - C:\Programmi\ver0BlockAndSurf\181.dll
O2 - BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Programmi\SupTab\SupTab.dll
O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\DOCUME~1\Utente\IMPOST~1\DATIAP~1\Linkey\IEEXTE~1\iedll.dll
O2 - BHO: TermTutor - {6CB99040-7828-4C37-AC01-F15758F43E4D} - C:\Programmi\TermTutor\IE\TermTutorClientIE.dll
O2 - BHO: Techgile - {7d2cbfb4-dfcd-4282-841a-c2a2a5299d7e} - C:\Programmi\Techgile\Techgilebho.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [genesis_10201819] "c:\documents and settings\utente\impostazioni locali\dati applicazioni\genesis_10201819\genesis_10201819.exe" /r
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1231864652781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231865271625
O23 - Service: Auto Update Service (AUS) - MS - C:\Programmi\CandyBox\aus.exe
O23 - Service: BlockAndSurf - Unknown owner - C:\Programmi\ver0BlockAndSurf\c9uG181.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Dati applicazioni\IePluginServices\PluginService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Log Session Manager (Log S.M.) - Link Up Advertising - C:\Programmi\CandyBox\cab.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: VO Service component (servervo) - Unknown owner - C:\Documents and Settings\Utente\Dati applicazioni\VOPackage\VOsrv.exe
O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Programmi\Settings Manager\smdmf\SmdmFService.exe
O23 - Service: Term Tutor Client Service (ttsvc) - Term Tutor - C:\Programmi\TermTutor\Service\ttsvc.exe
O23 - Service: Update Techgile - Unknown owner - C:\Programmi\Techgile\updateTechgile.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\Documents and Settings\All Users\Dati applicazioni\WindowsMangerProtect\ProtectWindowsManager.exe

--
End of file - 10980 bytes
 
Sono con il cell ora, al volo inizia a cancellare tutti gli R0-R1 , poi rimetti il log.


C'è anche altro da levare è pieno

Cancella contenuto della cartella temp
 
Allora confermo che devi eliminare tutti gli R0 e R1

Eliminare anche

C:\Programmi\CandyBox\aus.exe

C:\Programmi\ver0BlockAndSurf\c9uG181.exe

C:\Programmi\CandyBox\cab.exe

C:\Documents and Settings\Utente\Dati applicazioni\VOPackage\VOsrv.exe

C:\Programmi\Settings Manager\smdmf\SmdmFService.exe

C:\Programmi\SupTab\HpUI.exe

C:\Programmi\TermTutor\Service\ttsvc.exe

C:\Programmi\Techgile\updateTechgile.exe

C:\Programmi\Settings Manager\smdmf\SmdmFService.exe

C:\Programmi\CandyBox\cab.exe

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ConvertAd\ConvertAd.exe

C:\documents and settings\utente\impostazioni locali\dati applicazioni\genesis_10201819\genesis_10201819.exe

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\ContextFree\nvcmd.exe

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Smartbar\Application\Smartbar.exe

C:\Documents and Settings\Utente\Impostazioni locali\Dati applicazioni\Smartbar\Application\Lrcnta.exe

O2 - BHO: Yahoo Community Smartbar (by Linkury)Engine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)

O2 - BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Programmi\SupTab\SupTab.dll

O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\DOCUME~1\Utente\IMPOST~1\DATIAP~1\Linkey\IEEXTE ~1\iedll.dll

O2 - BHO: TermTutor - {6CB99040-7828-4C37-AC01-F15758F43E4D} - C:\Programmi\TermTutor\IE\TermTutorClientIE.dll

O2 - BHO: Techgile - {7d2cbfb4-dfcd-4282-841a-c2a2a5299d7e} - C:\Programmi\Techgile\Techgilebho.dll

O3 - Toolbar: Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)

O23 - Service: Auto Update Service (AUS) - MS - C:\Programmi\CandyBox\aus.exe

O23 - Service: BlockAndSurf - Unknown owner - C:\Programmi\ver0BlockAndSurf\c9uG181.exe

O23 - Service: Log Session Manager (Log S.M.) - Link Up Advertising - C:\Programmi\CandyBox\cab.exe

O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\Documents and Settings\All Users\Dati applicazioni\IePluginServices\PluginService.exe

O23 - Service: VO Service component (servervo) - Unknown owner - C:\Documents and Settings\Utente\Dati applicazioni\VOPackage\VOsrv.exe

O23 - Service: Term Tutor Client Service (ttsvc) - Term Tutor - C:\Programmi\TermTutor\Service\ttsvc.exe

O23 - Service: Update Techgile - Unknown owner - C:\Programmi\Techgile\updateTechgile.exe

O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\Documents and Settings\All Users\Dati applicazioni\WindowsMangerProtect\ProtectWindowsMa nager.exe


Poi rimetti il log
 
Ciao ERCOLINO puoi gentilmente verificarmi questo log di un mio amico?
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:10:01, on 31/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

FIREFOX: 33.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VuuPC\RemoteEngineHelper.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Fabio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1403025431&from=tugs&uid=TOSHIBAXMK3275GSX_324EPK5MTXX324EPK5MT&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe868S9YqNlmf93C0qd3vOX0uaDy2INsIXz5zcvrc0eR7vNZgqc9kPy3C9jMxczj2VG-3UKHXmQmxQClouaeAksa5HMmLx6yefeDtiEpj8ltlOvBbCn3JP4o-5HCyQrr9bwpvHjLcD90WTTz4T6bNQk8fH6r_Dbde3wvZQ,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe868S9YqNlmf93C0qd3vOX0uaDy2INsIXz5zcvrc0eR7vNZgqc9kPy3C9jMxczj2VG-3UKHXmQmxQClouaeAksa5HMmLx6yefeDtiEpj8ltlOvBbCn3JP4o-5HCyQrr9bwpvHjLcD90WTTz4T6bNQk8fH6r_Dbde3wvZQ,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: 2eeadf800f680132e32502b9fcef8d690063883 - {11111111-1111-1111-1111-110611381183} - (no file)
O2 - BHO: BlockAndSurf - {1E72E363-F46A-2512-7A1B-F96A2433C4D6} - (no file)
O2 - BHO: ToggleMark - {24ac098d-eb44-41b3-abaa-f4bc67d4d64d} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - (no file)
O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: (no name) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - (no file)
O2 - BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - (no file)
O2 - BHO: TermTutor - {6CB99040-7828-4C37-AC01-F15758F43E4D} - (no file)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: MrFroggy - {856E12B5-22D7-4E22-9ACA-EA9A008DD65B} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Minibar BHO - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: App Bud - {d6708803-e150-4146-a314-0253663d2cec} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HelloWorldBHO - {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} - (no file)
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: (no name) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\RunOnce: [upfst_it_147.exe] C:\Users\Fabio\AppData\Local\fst_it_147\upfst_it_147.exe -runonce
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Fabio\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: Compila Modulo - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Personalizza - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Salva Moduli - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Mostra Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2D4C68-D200-4408-B46A-1FAA433C1FFD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22B7CA3-A983-4A38-9AD8-F6AF2486E353}: NameServer = 5.79.84.141,8.38.77.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files (x86)\MyPC Backup\BackupStack.exe
O23 - Service: bOcHQpKtqo - Small Island Development - C:\ProgramData\kesjXTwpFgB\bOcHQpKtqo.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Datamngr Coordinator2 (DatamngrCoordinator2) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: DNS Service (PenWesController) - Unknown owner - C:\Program Files (x86)\PenWes\DNSService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Fabio\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: VuuPC RemoteEngine Service (RemoteEngineService) - ClickMeIn Limited - C:\Program Files (x86)\VuuPC\remoteengine.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Fabio\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Fabio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Fabio\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update App Bud - Unknown owner - C:\Program Files (x86)\App Bud\updateAppBud.exe
O23 - Service: Update ToggleMark - Unknown owner - C:\Program Files (x86)\ToggleMark\updateToggleMark.exe
O23 - Service: Util ToggleMark - Unknown owner - C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Service Component of VO (VOsrv) - Unknown owner - C:\Users\Fabio\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: VuuPC Connectivity (VuuPCConnectivity) - ClickMeIn Limited - C:\Program Files (x86)\VuuPC\Connectivity.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18241 bytes
 
Ciao ERCOLINO
Eseguito log x problemi con firefox banner pubblicitari che si aprono dappertutto

Logfile of Trend Micro HijackThis v2.0.5
Platform: Mac ox yosemite 10.10
Mozilla firefox 33.0.2

30/10/2014 12:26:23.670 SubmitDiagInfo[317] Submitted problem report file:///Library/Logs/DiagnosticReports/firefox_2014-10-29-174924_Mac-mini-di-Roberto-Covassin.hang
30/10/2014 12:57:19.000 kernel[0] firefox (map: 0xffffff802032d3c0) triggered DYLD shared region unnest for map: 0xffffff802032d3c0, region 0x7fff96200000->0x7fff96400000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
30/10/2014 12:57:19.206 firefox[521] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
30/10/2014 12:57:19.207 firefox[521] 0 CarbonCore 0x00007fff98e86dc3 ___Gestalt_SystemVersion_block_invoke + 113
30/10/2014 12:57:19.208 firefox[521] 1 libdispatch.dylib 0x00007fff93a20c13 _dispatch_client_callout + 8
30/10/2014 12:57:19.208 firefox[521] 2 libdispatch.dylib 0x00007fff93a20b26 dispatch_once_f + 117
30/10/2014 12:57:19.208 firefox[521] 3 CarbonCore 0x00007fff98e2f4da _Gestalt_SystemVersion + 987
30/10/2014 12:57:19.208 firefox[521] 4 CarbonCore 0x00007fff98e2f0c7 Gestalt + 144
30/10/2014 12:57:19.208 firefox[521] 5 XUL 0x000000010325fc21 XRE_FreeAppData + 33185
30/10/2014 13:03:11.000 kernel[0] firefox (map: 0xffffff802032d3c0) triggered DYLD shared region unnest for map: 0xffffff802032d3c0, region 0x7fff96200000->0x7fff96400000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
30/10/2014 13:03:11.210 firefox[578] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
30/10/2014 13:03:11.211 firefox[578] 0 CarbonCore 0x00007fff98e86dc3 ___Gestalt_SystemVersion_block_invoke + 113
30/10/2014 13:03:11.211 firefox[578] 1 libdispatch.dylib 0x00007fff93a20c13 _dispatch_client_callout + 8
30/10/2014 13:03:11.211 firefox[578] 2 libdispatch.dylib 0x00007fff93a20b26 dispatch_once_f + 117
30/10/2014 13:03:11.211 firefox[578] 3 CarbonCore 0x00007fff98e2f4da _Gestalt_SystemVersion + 987
30/10/2014 13:03:11.211 firefox[578] 4 CarbonCore 0x00007fff98e2f0c7 Gestalt + 144
30/10/2014 13:03:11.212 firefox[578] 5 XUL 0x000000010325fc21 XRE_FreeAppData + 33185
30/10/2014 17:37:56.000 kernel[0] firefox (map: 0xffffff8022e2cc30) triggered DYLD shared region unnest for map: 0xffffff8022e2cc30, region 0x7fff93000000->0x7fff93200000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
30/10/2014 17:37:56.553 firefox[418] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
30/10/2014 17:37:56.555 firefox[418] 0 CarbonCore 0x00007fff95c39dc3 ___Gestalt_SystemVersion_block_invoke + 113
30/10/2014 17:37:56.555 firefox[418] 1 libdispatch.dylib 0x00007fff907d3c13 _dispatch_client_callout + 8
30/10/2014 17:37:56.555 firefox[418] 2 libdispatch.dylib 0x00007fff907d3b26 dispatch_once_f + 117
30/10/2014 17:37:56.555 firefox[418] 3 CarbonCore 0x00007fff95be24da _Gestalt_SystemVersion + 987
30/10/2014 17:37:56.555 firefox[418] 4 CarbonCore 0x00007fff95be20c7 Gestalt + 144
30/10/2014 17:37:56.555 firefox[418] 5 XUL 0x0000000102a5fc21 XRE_FreeAppData + 33185
30/10/2014 17:45:13.840 com.apple.xpc.launchd[1] (org.mozilla.firefox.36952[418]) Service exited due to signal: Terminated: 15
30/10/2014 22:13:12.000 kernel[0] firefox (map: 0xffffff801f707a50) triggered DYLD shared region unnest for map: 0xffffff801f707a50, region 0x7fff93000000->0x7fff93200000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
30/10/2014 22:13:12.886 firefox[844] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
30/10/2014 22:13:12.887 firefox[844] 0 CarbonCore 0x00007fff95c39dc3 ___Gestalt_SystemVersion_block_invoke + 113
30/10/2014 22:13:12.887 firefox[844] 1 libdispatch.dylib 0x00007fff907d3c13 _dispatch_client_callout + 8
30/10/2014 22:13:12.887 firefox[844] 2 libdispatch.dylib 0x00007fff907d3b26 dispatch_once_f + 117
30/10/2014 22:13:12.887 firefox[844] 3 CarbonCore 0x00007fff95be24da _Gestalt_SystemVersion + 987
30/10/2014 22:13:12.887 firefox[844] 4 CarbonCore 0x00007fff95be20c7 Gestalt + 144
30/10/2014 22:13:12.887 firefox[844] 5 XUL 0x000000010325fc21 XRE_FreeAppData + 33185
30/10/2014 22:14:13.000 kernel[0] firefox (map: 0xffffff802475c4b0) triggered DYLD shared region unnest for map: 0xffffff802475c4b0, region 0x7fff93000000->0x7fff93200000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
30/10/2014 22:14:13.859 firefox[869] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
30/10/2014 22:14:13.860 firefox[869] 0 CarbonCore 0x00007fff95c39dc3 ___Gestalt_SystemVersion_block_invoke + 113
30/10/2014 22:14:13.860 firefox[869] 1 libdispatch.dylib 0x00007fff907d3c13 _dispatch_client_callout + 8
30/10/2014 22:14:13.860 firefox[869] 2 libdispatch.dylib 0x00007fff907d3b26 dispatch_once_f + 117
30/10/2014 22:14:13.860 firefox[869] 3 CarbonCore 0x00007fff95be24da _Gestalt_SystemVersion + 987
30/10/2014 22:14:13.861 firefox[869] 4 CarbonCore 0x00007fff95be20c7 Gestalt + 144
30/10/2014 22:14:13.861 firefox[869] 5 XUL 0x000000010325fc21 XRE_FreeAppData + 33185
30/10/2014 22:21:41.569 com.apple.xpc.launchd[1] (org.mozilla.firefox.36952[869]) Service exited due to signal: Terminated: 15
31/10/2014 11:24:10.000 kernel[0] firefox (map: 0xffffff801ebaab40) triggered DYLD shared region unnest for map: 0xffffff801ebaab40, region 0x7fff8d600000->0x7fff8d800000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
31/10/2014 11:24:10.677 firefox[492] WARNING: The Gestalt selector gestaltSystemVersion is returning 10.9.0 instead of 10.10.0. Use NSProcessInfo's operatingSystemVersion property to get correct system version number.
Call location:
31/10/2014 11:24:10.678 firefox[492] 0 CarbonCore 0x00007fff901a5dc3 ___Gestalt_SystemVersion_block_invoke + 113
31/10/2014 11:24:10.679 firefox[492] 1 libdispatch.dylib 0x00007fff8ad3fc13 _dispatch_client_callout + 8
31/10/2014 11:24:10.679 firefox[492] 2 libdispatch.dylib 0x00007fff8ad3fb26 dispatch_once_f + 117
31/10/2014 11:24:10.679 firefox[492] 3 CarbonCore 0x00007fff9014e4da _Gestalt_SystemVersion + 987
31/10/2014 11:24:10.679 firefox[492] 4 CarbonCore 0x00007fff9014e0c7 Gestalt + 144
31/10/2014 11:24:10.680 firefox[492] 5 XUL 0x000000010325fc21 XRE_FreeAppData + 33185
31/10/2014 11:26:32.281 com.apple.xpc.launchd[1] (org.mozilla.firefox.36952[492]) Service exited due to signal: Terminated: 15
31/10/2014 11:26:43.097 spindump[408] Saved hang report for firefox version 33.0.2 (3314.10.27) to /Library/Logs/DiagnosticReports/firefox_2014-10-31-112643_Mac-mini-di-Roberto-Covassin.hang
 
Ultima modifica:
Corry744 ha scritto:
Ciao ERCOLINO puoi gentilmente verificarmi questo log di un mio amico?
Clicca per espandere...

Indicate sempre che problemi riscontrate, anche se con un colpo d'occhio si vede subito che c'è un bel po' di casino

C:\Users\Public\Documents\AppData\PoApp\PService.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001& p={searchTerms}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1403025431&from=tugs&uid=TOSHIBAX MK327 5GSX_324EPK5MTXX324EPK5MT&q={searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe868S9YqN lmf93C0qd3vOX0uaDy2IN sIXz5zcvrc0eR7vNZgqc9kPy3C9jMxczj2VG-3UKHXmQmxQClouaeAksa5HMmLx6yefeDtiEpj8ltlOv BbCn3JP 4o-5HCyQrr9bwpvHjLcD90WTTz4T6bNQk8fH6r_Dbde3wvZQ,,&q= {searchTerms}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWx880JXKe868S9YqN lmf93C0qd3vOX0uaDy2IN sIXz5zcvrc0eR7vNZgqc9kPy3C9jMxczj2VG-3UKHXmQmxQClouaeAksa5HMmLx6yefeDtiEpj8ltlOv BbCn3JP 4o-5HCyQrr9bwpvHjLcD90WTTz4T6bNQk8fH6r_Dbde3wvZQ,,&q= {searchTerms}

Cancella anche tutti gli 02 con la dicitura (NO File)

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher. exe (Attento che nei programmi installati è probabile che hai qualche programma installato tipo power offer

O17 - HKLM\System\CCS\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{024D7158-D47A-4F57-BF4A-FCD33359697F}: NameServer = 127.0.0.1

O20 - AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~1.DLL

O23 - Service: NewPlayer Updater Service (NewPlayerUpdaterService) - Unknown owner - C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Fabio\AppData\Local\PosService\Pos.exe (possibile power offer)

O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Fabio\AppData\Local\ServUpdater\ServiceUp d.exe (in genere usato da programmi come power offer)

O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Fabio\AppData\Local\SoftwareUpdater\Softw areUpdService.exe (idem come sopra)

O23 - Service: Update App Bud - Unknown owner - C:\Program Files (x86)\App Bud\updateAppBud.exe

023 - Service: Update ToggleMark - Unknown owner - C:\Program Files (x86)\ToggleMark\updateToggleMark.exe

O23 - Service: Util ToggleMark - Unknown owner - C:\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe

O23 - Service: Service Component of VO (VOsrv) - Unknown owner - C:\Users\Fabio\AppData\Roaming\VOPackage\VOsrv.exe

Cancella cookies e cache dai vari browser e anche il contenuto della cartella Temp

Poi rimetti il log
 
Ok grazie ERCOLINO, pardon hai ragione il problema è che sul suo computer tutto si impallava di continuo con aperture di finestre di programmi esterni (che sicuramente ha installato non togliendo la spunta in sede di installazione di qualche programma principale) ed ho da subito pensato anch'io che ci fossero un sacco di programmi e funzionalità non valide che presto provvederò in questi giorni a fixare definitivamente e poi rinserirò il log dopo le correzioni e la pulizia del sistema che mi hai consigliato.
 
é questo quello corretto Ercolino?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:38:00 PM, on 6/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
CHROME: 5.0.375.70
FIREFOX: 3.6.3 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre7\bin\jusched.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Users\HJT\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Windows\regedit.exe
C:\Program Files\Microsoft Visual Studio\VB98\vb6.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.trendmicro.com:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\RunOnce: [NCPGINA] "C:\Windows\delrws.bat"
O4 - HKCU\..\Run: [Google Update] "C:\Users\HJT\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe

--
End of file - 3117 bytes
 
Ecco il mio log ;)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:12:25, on 31/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\Salvuccio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IR_SERVER] C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Salvuccio\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ProgLauncher] C:\Program Files\ProgDVB\ProgLauncher.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Salvuccio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7918 bytes
 
Scusami ERCOLINO, puoi gentilmente riverificarmi il log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 23:16:51, on 31/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16584)

FIREFOX: 33.0.2 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Users\Fabio\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Fabio\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D2D4C68-D200-4408-B46A-1FAA433C1FFD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22B7CA3-A983-4A38-9AD8-F6AF2486E353}: NameServer = 5.79.84.141,8.38.77.107
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Datamngr Coordinator2 (DatamngrCoordinator2) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GFNEX Service (GFNEXSrv) - Unknown owner - C:\Windows\System32\GFNEXSrv.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Fabio\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Fabio\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11164 bytes
 
Devi eliminare

O4 - HKCU\..\Run: [BackgroundContainerV2] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Fabio\AppData\Local\Conduit\BackgroundCo ntainer\BackgroundContainer.dll",DllRun

O17 - HKLM\System\CCS\Services\Tcpip\..\{E22B7CA3-A983-4A38-9AD8-F6AF2486E353}: NameServer = 5.79.84.141,8.38.77.107

O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Fabio\AppData\Local\ServUpdater\ServiceUp d.exe

O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Fabio\AppData\Local\SoftwareUpdater\Softw areUpdService.exe


Riguardo alla riga 04, se poi ti inizia a segnalare errori segui questo

http://malwaretips.com/blogs/backgroundcontainer-dll-virus-removal/
 
Ok grazie ERCOLINO provvedero' al più presto a fixare queste ultime 4 voci che evidentemente mi sono sfuggite. :)

Inviato dal mio GT-I8190 utilizzando Tapatalk
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso