Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non riesco a rimuovere ihavenet

Non riesco a rimuovere ihavenet Opzioni
Topic Precedente · Topic Sucessivo
mimmo920
Inviato: Thursday, November 15, 2012 6:09:47 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
Ciao a tutti. Quando faccio una ricerca in Google ottengo i vari risultati della ricerca. Se clicko su uno qualsiasi di questo link, vengo dirottato ad un altro indirizzo diverso da quello che ho richiesto, passando per l'indirizzo www.ihavnet.com.
Ho fatto varie scansioni con Antivir e Ccleaner ma non hanno trovato niente. Cosa posso fare?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:58:58, on 15/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\eMule\emule.exe
C:\Users\utente\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com/?fr=mkg029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/?fr=mkg029
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [EPSON SX110 Series] C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\windows\TEMP\E_SF6B1.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Google Update] "C:\Users\utente\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\utente\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [gnoklzn] rundll32 "C:\Users\utente\AppData\Roaming\igfxsrvci.dll",Fdvequgbb
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{37505423-6665-4566-8180-B8FC9BED6999}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{71C35A13-BB02-462E-8FFC-C6AF0CFE1B1E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F105ADD-1C74-4099-BC01-743BB2E4FE3C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7228198-AB3F-47E1-B61B-B8E4245E96E2}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE7AAE05-2FE0-4045-8535-8D5C873ACE1E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE204A12-1839-47D8-BD7E-1D08E2AA6D91}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{37505423-6665-4566-8180-B8FC9BED6999}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{37505423-6665-4566-8180-B8FC9BED6999}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11458 bytes
Torna in alto
 
Sponsor
Inviato: Thursday, November 15, 2012 6:09:47 PM

 
Torna in alto
 
mimmo920
Inviato: Thursday, November 15, 2012 6:28:37 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
Ho usato anche SUPERAntiSpyware, che ha trovato 92 Threats. Li ho eliminati, ma il problema si presenta ancora.
Suggerimenti?
Torna in alto
 
shapiro
Inviato: Thursday, November 15, 2012 7:35:43 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


scarica adwcleaner clicca su delete e allega il log che rilascia


Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
Torna in alto
 
mimmo920
Inviato: Thursday, November 15, 2012 9:18:52 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
# AdwCleaner v2.007 - Logfile creato il 15/11/2012 alle 21:11:42
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Utente : utente - UTENTE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\utente\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\FreeCompressor
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\boost_interprocess
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\Users\utente\AppData\Local\Babylon
Cartella Eliminato : C:\Users\utente\AppData\Local\FreeCompressor Air
Cartella Eliminato : C:\Users\utente\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\utente\AppData\LocalLow\PriceGong
Cartella Eliminato : C:\Users\utente\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\utente\AppData\Roaming\FissaSearch
Cartella Eliminato : C:\Users\utente\AppData\Roaming\FreeCompressor
Cartella Eliminato : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\lqx97nhd.default\extensions\@FissaPlugin
Cartella Eliminato : C:\Users\utente\AppData\Roaming\OfferBox
Cartella Eliminato : C:\Users\utente\AppData\Roaming\pdfforge
Cartella Eliminato : C:\windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
File Eliminato : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Eliminato : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\lqx97nhd.default\searchplugins\Fissa.xml
File Eliminato : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\lqx97nhd.default\searchplugins\Search_Results.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\PriceGong
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\FissaSearch
Chiave Eliminata : HKCU\Software\FreeCompressor
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A83C3565-302C-4BF8-B000-6B6F1811D892}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85FE1096-281B-4CB9-82B6-D8EBA5830035}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A83C3565-302C-4BF8-B000-6B6F1811D892}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Spointer
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer
Chiave Eliminata : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registro Pulito.

-\\ Mozilla Firefox v16.0.2 (it)

Nome Profilo : default
File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\lqx97nhd.default\prefs.js

C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\lqx97nhd.default\user.js ... Eliminato !

Eliminata : user_pref("browser.search.order.1", "Search Results");
Eliminata : user_pref("extensions.BabylonToolbar.admin", false);
Eliminata : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Eliminata : user_pref("extensions.BabylonToolbar.bbDpng", 25);
Eliminata : user_pref("extensions.BabylonToolbar.cntry", "IT");
Eliminata : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.firstRun", false);
Eliminata : user_pref("extensions.BabylonToolbar.hdrMd5", "96AB4A8F879EE0C7079752D49F4BAB7B");
Eliminata : user_pref("extensions.BabylonToolbar.hmpg", false);
Eliminata : user_pref("extensions.BabylonToolbar.lastActv", "25");
Eliminata : user_pref("extensions.BabylonToolbar.lastDP", 25);
Eliminata : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Eliminata : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
Eliminata : user_pref("extensions.BabylonToolbar.newTab", false);
Eliminata : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.propectorlck", 87118594);
Eliminata : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Eliminata : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Eliminata : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Eliminata : user_pref("extensions.Fissa.lastRunTime", "Sat, 04 Sep 2010 07:09:02 GMT");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.12] : urls_to_restore_on_startup = [ "hxxp://search.imesh.com" ]
Eliminata [l.41] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=1083&systemid=1&sr=0&q={searchTerms}",
Eliminata [l.1674] : urls_to_restore_on_startup = [ "hxxp://search.imesh.com" ]

*************************

AdwCleaner[S1].txt - [7263 octets] - [15/11/2012 21:11:42]

########## EOF - C:\AdwCleaner[S1].txt - [7323 octets] ##########
Torna in alto
 
shapiro
Inviato: Thursday, November 15, 2012 9:28:00 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


esegui anche otl e allega il log
Torna in alto
 
mimmo920
Inviato: Thursday, November 15, 2012 10:16:19 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
http://wikisend.com/download/484350/OTL.Txt
http://wikisend.com/download/333598/Extras.Txt
Torna in alto
 
shapiro
Inviato: Friday, November 16, 2012 12:21:31 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
allora....questo fallo analizzare su virustotal non sono sicuro se e' legittimo o no

C:\windows\System32\mkx.dll

rimuovi Ad-Aware Antivirus non serve a niente, avira e' piu' che sufficiente



ora apri otl e copia questo codice nello spazio bianco


Code:
:OTL
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SoftwareUpd) -- C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (ServUpdater) -- C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (cpuz132) -- C:\Users\utente\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2900431811-4106917416-381626465-1000\..\Toolbar\WebBrowser: (no name) - {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - No CLSID value found.
O4 - HKU\S-1-5-21-2900431811-4106917416-381626465-1000..\Run: [gnoklzn] C:\Users\utente\AppData\Roaming\[gnoklzn ()
O4 - HKU\S-1-5-21-2900431811-4106917416-381626465-1000..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37505423-6665-4566-8180-B8FC9BED6999}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71C35A13-BB02-462E-8FFC-C6AF0CFE1B1E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F105ADD-1C74-4099-BC01-743BB2E4FE3C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7228198-AB3F-47E1-B61B-B8E4245E96E2}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE7AAE05-2FE0-4045-8535-8D5C873ACE1E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE204A12-1839-47D8-BD7E-1D08E2AA6D91}: NameServer = 176.31.229.24,176.31.229.25
[2012/11/11 11:13:46 | 000,122,880 | RHS- | M] () -- C:\Users\utente\AppData\Roaming\igfxsrvci.dll
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D6A1EE83
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54


:files
C:\Users\utente\AppData\Local\SoftwareUpdater
C:\Users\utente\AppData\Local\ServUpdater
C:\Users\utente\AppData\Local\PosService
C:\windows\System32\Partizan.RRI
C:\Users\utente\AppData\Roaming\.#
C:\Users\utente\AppData\Roaming\igfxsrvci.dll
ipconfig /flushdns /c

:commands
[purity]
[Reboot]


clicca run fix ....attendi...... posta il log che rilascia


fai anche una scansione completa con malwarebytes, aggiornalo prima di eseguirla e rimuovi tutto quello che trova

posta i due log (allegali)
Torna in alto
 
mimmo920
Inviato: Friday, November 16, 2012 2:19:02 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
Ho fatto analizzare C:\windows\System32\mkx.dll ma risulta pulito.
Ho inserito il codice in OTL e clikato run fix, dopo di che OTL ha chiesto il reboot ma non mi ha dato nwssun log.
Malwarebytes non ha trovato elementi nocivi. Ecco il log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.16.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
utente :: UTENTE-PC [amministratore]

16/11/2012 14:12:22
mbam-log-2012-11-16 (14-12-22).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 200408
Tempo impiegato: 9 minuti, 3 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
Torna in alto
 
shapiro
Inviato: Friday, November 16, 2012 4:25:39 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
Commenta:
Ho inserito il codice in OTL e clikato run fix, dopo di che OTL ha chiesto il reboot ma non mi ha dato nwssun log.


il log lo trovi nella cartella dello stesso otl

riesegui mbam hai fatto u na scansione veloce ti ho chiesto quella completa

allega i due log
Torna in alto
 
pakytech
Inviato: Friday, November 16, 2012 11:14:46 PM
Rank: Member

Iscritto dal : 5/24/2012
Posts: 25
Torna in alto
 
mimmo920
Inviato: Saturday, November 17, 2012 11:13:19 AM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
PS: ogni volta che eseguo MBAM, mi disabilita il DHCP alla connessione wireless, col risultato che mi collego a internet solo via cavo. Ogni volta risolvo il problema, ma se faccio una nuova scanzione il problema si ripresenta. Comunque almeno questo l'ho risolto.
Ecco il log della scansione veloce di MBAM:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.09.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
utente :: UTENTE-PC [amministratore]

16/11/2012 23:03:15
mbam-log-2012-11-16 (23-03-15).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 304831
Tempo impiegato: 1 ore, 18 minuti, 2 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
Torna in alto
 
mimmo920
Inviato: Saturday, November 17, 2012 11:22:52 AM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
Dopo altri 3 tentativi, non vedo ancora il file log di OTL...
Torna in alto
 
mimmo920
Inviato: Sunday, November 18, 2012 5:10:55 PM
Rank: Member

Iscritto dal : 8/15/2008
Posts: 16
Comunque da oggi il problema sembrerebbe risolto..
Torna in alto
 
braccetto
Inviato: Sunday, November 18, 2012 5:20:54 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
mimmo920 ha scritto:
Dopo altri 3 tentativi, non vedo ancora il file log di OTL...


il log di otl lo trovi nella cartella del programma
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Non riesco a rimuovere ihavenet


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.