Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijackthis

Log Hijackthis Opzioni
Topic Precedente · Topic Sucessivo
silviasmash
Inviato: Friday, October 03, 2014 9:04:15 PM
Rank: Newbie

Iscritto dal : 10/3/2014
Posts: 1
Salve tutti, mi si aprono di continuo pagine pubblicitarie su google chrome.
Questo è il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18.51.45, on 05/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\HSPA USB MODEM\ModemListener.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Angelo\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.sweet-page.com/web/?

type=ds&ts=1412410909&from=cor&uid=TOSHIBAXMQ01ABD075_93O8PA34TXX93O8PA34T&q=

{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-

page.com/web/?

type=ds&ts=1412410909&from=cor&uid=TOSHIBAXMQ01ABD075_93O8PA34TXX93O8PA34T&q=

{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.sweet-page.com/web/?

type=ds&ts=1412410909&from=cor&uid=TOSHIBAXMQ01ABD075_93O8PA34TXX93O8PA34T&q=

{searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-

page.com/web/?

type=ds&ts=1412410909&from=cor&uid=TOSHIBAXMQ01ABD075_93O8PA34TXX93O8PA34T&q=

{searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows

\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

<-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files

\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:

\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:

\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:

\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ModemListener] C:\Program Files (x86)\HSPA USB MODEM

\ModemListener.exe start
O4 - HKLM\..\Run: [ConvertAd] C:\Users\Angelo\AppData\Local\ConvertAd\ConvertAd.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Ultra Agent] "C:\Program Files (x86)\DAEMON Tools Ultra

\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros

\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Invia a OneNote.lnk = C:\Program Files\Microsoft Office 15\root

\office15\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security

Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files

\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office

15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:

\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-

EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root

\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F05B572-040C-40B2-9830-2F1A247B54C7}:

NameServer = 212.52.97.25 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A58F401-65E9-46CE-926C-D7CD4EC8BF6A}:

NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:

\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files

\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee

\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe

Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS

\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS

\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files

(x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer

Cloud\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:

\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DeviceManager - Unknown owner - C:\Program Files (x86)\Common Files

\DeviceHelper\DeviceManager.exe
O23 - Service: Disc Soft Bus Service - Disc Soft Ltd - C:\Program Files (x86)\DAEMON

Tools Ultra\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:

\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer

\Acer Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:

\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Unknown owner - C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program

Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000

(IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file

missing)
O23 - Service: IePlugin Services (IePluginServices) - Cherished Technololgy LIMITED -

C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) -

Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation -

C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R)

Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service)

- Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe

(file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service

(LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine

Components\LMS\LMS.exe
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files

\Acer\Acer Launch Manager\LMSvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files

(x86)\McAfee\SiteAdvisor\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) -

McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: McAfee Application Statistics Service (MfeASUM) - McAfee, Inc. - C:

\Program Files\McAfee\AppStats\MfeASUM.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe

(file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update

\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:

\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files

(x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:

\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:

\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:

\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:

\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:

\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) -

Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -

C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Update App Bud - Unknown owner - C:\Program Files (x86)\App Bud

\updateAppBud.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner -

C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS

\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS

\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:

\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown

owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown

owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner

- C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12001 bytes



Scusatemi avevo copiato il log con la finestra del blocco note in verticale. Ho un problema: Malwarebytes non si apre perché? Nel frattempo posso passare alle operazioni successive (Adw cleaner, Junkware Removal Tool,ecc.)?
Torna in alto
 
Sponsor
Inviato: Friday, October 03, 2014 9:04:15 PM

 
Torna in alto
 
cbbusto
Inviato: Friday, October 03, 2014 10:17:05 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai messo un log chilometrico, non è stato copiato bene, le varie voci devono apparire in orizzontale come esempio sotto:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe

mentre i tuoi sono così: C:\Program Files

(x86)\Spyware

Terminator

\SpywareTerminato

rShield.exe
rifai la scansione e metti il log giusto, qui trovi la guida: http://www.aiutamici.it/software?ID=11175
Elimina il log che hai messo, per farlo apri il topic-clic su Edit seleziona tutto e poi cancelli.

Nel frattempo fai queste operazioni, mi raccomando di leggere bene le indicazioni:

1)Scarica ed installa MalwareBytes: scarica la versione Gratis non la Premium
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

2)Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

3)Scarica Junkware Removal Tool sul desktop.
http://www.majorgeeks.com/mg/get/junkware_removal_tool,1.html
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Per postare i log richiesti:
Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum
Le pubblicità dovrebbero sparire, eventualmente ci saranno delle voci in HJT da eliminare, aspetto il log.

Fai una pulizia con Ccleaner compreso il Registro, per il registro spunta tutte le voci, acconsenti al backup quando richiesto,
Sempre in Ccleaner vai in Strumenti-Ripristino sistema, seleziona tutte le voci, l'ultima rimane e non si può cancellare, poi clic su Rimuovi.
Prima della pulizia vai nel menu Opzioni- Avanzate e togli la spunta alla voce: Elimina file in windows temp solo se più vecchi di 24 ore.

Prestare molta attenzione ai programmi che si scaricano in particolare quelli Free, controlla sempre che non siano spuntate delle caselle che ti installano sw non richiesti, non scaricare mai le toolbar.

Fai sapere come va il pc. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.