Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Malware VOSTERAN

Malware VOSTERAN Opzioni
Topic Precedente · Topic Sucessivo
pallido
Inviato: Sunday, February 01, 2015 12:25:09 PM
Rank: AiutAmico

Iscritto dal : 2/23/2013
Posts: 96
Salve, come al solito ho bisogno di aiuto
Questo malware viene rilevato e (teoricamente) eliminato da Malwarebytes Anti-Malware, ma ogni volta che riavvio me lo ritrovo a rellentare il PC, riattivo
Malwarebytes Anti-Malware che lo rlieva di nuovo e dice di averlo eliminato... ma io puntualmente lo ritrovo.
Potete darmi qualche consiglio?
Grazie
Torna in alto
 
Sponsor
Inviato: Sunday, February 01, 2015 12:25:09 PM

 
Torna in alto
 
cbbusto
Inviato: Sunday, February 01, 2015 10:26:02 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
E' uno dei tanti adware dirottatori, controlla la pagina iniziale del browser se è stata cambiata, se si rimetti la tua.
Poi vai in gestioni motori di ricerca, se trovi un motore sconosciuto ELIMINALO e metti come predefinito il tuo preferito, direi Google.
Controlla anche in Avvio di non avere qualche voce che riguarda vosteran, se c'è disattivala.

Poi fai queste scansioni:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Scarica Junkware Removal Tool sul desktop.
http://www.majorgeeks.com/mg/get/junkware_removal_tool,1.html
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Se vosteran appare ancora fai una scansione con Hijack This e posta il log.
Ciao
Torna in alto
 
pallido
Inviato: Wednesday, February 11, 2015 9:20:16 AM
Rank: AiutAmico

Iscritto dal : 2/23/2013
Posts: 96
# AdwCleaner v4.110 - Logfile created 10/02/2015 at 09:56:20
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Franco - FRANCO-PC
# Running from : C:\Users\Franco\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 it)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [11752 bytes] - [27/08/2013 20:11:59]
AdwCleaner[R10].txt - [6854 bytes] - [06/06/2014 16:11:45]
AdwCleaner[R11].txt - [2599 bytes] - [26/06/2014 19:35:06]
AdwCleaner[R12].txt - [3454 bytes] - [30/07/2014 14:54:40]
AdwCleaner[R13].txt - [2873 bytes] - [14/08/2014 08:43:36]
AdwCleaner[R14].txt - [3008 bytes] - [14/09/2014 19:05:58]
AdwCleaner[R15].txt - [10206 bytes] - [24/10/2014 19:29:50]
AdwCleaner[R16].txt - [11733 bytes] - [27/10/2014 12:02:54]
AdwCleaner[R17].txt - [2756 bytes] - [29/10/2014 20:56:58]
AdwCleaner[R18].txt - [4333 bytes] - [02/12/2014 14:03:18]
AdwCleaner[R19].txt - [3100 bytes] - [07/12/2014 15:39:26]
AdwCleaner[R1].txt - [890 bytes] - [27/08/2013 21:00:41]
AdwCleaner[R20].txt - [3140 bytes] - [09/12/2014 11:24:26]
AdwCleaner[R21].txt - [3167 bytes] - [11/12/2014 21:26:29]
AdwCleaner[R22].txt - [4457 bytes] - [19/12/2014 14:33:01]
AdwCleaner[R23].txt - [3352 bytes] - [07/01/2015 17:29:49]
AdwCleaner[R24].txt - [3474 bytes] - [12/01/2015 20:14:27]
AdwCleaner[R25].txt - [3596 bytes] - [22/01/2015 22:40:17]
AdwCleaner[R26].txt - [7221 bytes] - [24/01/2015 20:52:57]
AdwCleaner[R27].txt - [3840 bytes] - [27/01/2015 10:41:09]
AdwCleaner[R28].txt - [3962 bytes] - [01/02/2015 21:19:46]
AdwCleaner[R29].txt - [4019 bytes] - [10/02/2015 09:52:37]
AdwCleaner[R2].txt - [1008 bytes] - [30/08/2013 20:29:23]
AdwCleaner[R3].txt - [3823 bytes] - [31/10/2013 19:19:00]
AdwCleaner[R4].txt - [1423 bytes] - [28/11/2013 15:27:41]
AdwCleaner[R5].txt - [7513 bytes] - [21/01/2014 20:39:00]
AdwCleaner[R6].txt - [1527 bytes] - [28/01/2014 23:23:04]
AdwCleaner[R7].txt - [6691 bytes] - [04/03/2014 23:26:26]
AdwCleaner[R8].txt - [3352 bytes] - [06/03/2014 23:09:22]
AdwCleaner[R9].txt - [6002 bytes] - [11/03/2014 21:29:48]
AdwCleaner[S0].txt - [11256 bytes] - [27/08/2013 20:13:30]
AdwCleaner[S10].txt - [2668 bytes] - [26/06/2014 19:38:03]
AdwCleaner[S11].txt - [3415 bytes] - [30/07/2014 14:55:52]
AdwCleaner[S12].txt - [3079 bytes] - [14/09/2014 19:07:11]
AdwCleaner[S13].txt - [10324 bytes] - [24/10/2014 19:33:05]
AdwCleaner[S14].txt - [11412 bytes] - [27/10/2014 12:05:37]
AdwCleaner[S15].txt - [4370 bytes] - [02/12/2014 14:06:51]
AdwCleaner[S16].txt - [3116 bytes] - [07/12/2014 15:41:49]
AdwCleaner[S17].txt - [3201 bytes] - [09/12/2014 11:28:03]
AdwCleaner[S18].txt - [4447 bytes] - [19/12/2014 14:35:29]
AdwCleaner[S19].txt - [3411 bytes] - [07/01/2015 17:32:43]
AdwCleaner[S1].txt - [950 bytes] - [27/08/2013 21:01:28]
AdwCleaner[S20].txt - [3533 bytes] - [12/01/2015 20:17:14]
AdwCleaner[S21].txt - [3655 bytes] - [22/01/2015 22:42:38]
AdwCleaner[S22].txt - [6705 bytes] - [24/01/2015 20:55:28]
AdwCleaner[S23].txt - [3899 bytes] - [27/01/2015 10:45:20]
AdwCleaner[S24].txt - [4021 bytes] - [01/02/2015 21:23:08]
AdwCleaner[S25].txt - [3473 bytes] - [10/02/2015 09:56:20]
AdwCleaner[S2].txt - [3828 bytes] - [31/10/2013 19:20:14]
AdwCleaner[S3].txt - [1490 bytes] - [28/11/2013 15:28:43]
AdwCleaner[S4].txt - [7641 bytes] - [21/01/2014 20:39:45]
AdwCleaner[S5].txt - [1590 bytes] - [28/01/2014 23:23:51]
AdwCleaner[S6].txt - [5382 bytes] - [04/03/2014 23:27:35]
AdwCleaner[S7].txt - [3243 bytes] - [06/03/2014 23:10:12]
AdwCleaner[S8].txt - [6023 bytes] - [11/03/2014 21:30:39]
AdwCleaner[S9].txt - [6948 bytes] - [06/06/2014 16:12:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S25].txt - [4005 bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Franco on 11/02/2015 at 8:57:13,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Franco\AppData\Roaming\mozilla\firefox\profiles\oitmxjmt.default\prefs.js

user_pref("browser.search.defaultenginename", "Vosteran");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/02/2015 at 9:08:56,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:18:21, on 11/02/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MemoRex\MemoRex.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MemoREX] "C:\Program Files (x86)\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-4123084632-688972477-1034230574-1003\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{37B1029D-FCA0-4F1E-BE36-88453DD33953}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{452F9384-062F-4F26-BD94-EA30129BE214}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{37B1029D-FCA0-4F1E-BE36-88453DD33953}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{37B1029D-FCA0-4F1E-BE36-88453DD33953}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:/PROGRA~3/{017DE~1/171~1.0/momi.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ISRxEg - Unknown owner - C:\ProgramData\ckQhQsgfsCe\ISRxEg.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10156 bytes
Torna in alto
 
cbbusto
Inviato: Wednesday, February 11, 2015 10:23:43 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Un file riguardante vosteran è stato eliminato da JRT, dal log di HJT c'è un programma che può essere pericoloso,
C:\Program Files (x86)\MemoRex\MemoRex.exe, lo conosci ? io lo eliminerei specialmente dall'Avvio.
Per toglierlo segui il percorso ed elimina cartelle e file.
Ci sono delle voci inutili in Avvio che è meglio togliere.

Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto indicate, una volta seleziona clicca il tasto
Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......basterebbe solo l'antivirus.

Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata. Solo così Hijackthis creerà copie di backup prima di apportare modifiche.

O4 - HKLM\..\Run: [MemoREX] "C:\Program Files (x86)\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKUS\S-1-5-21-4123084632-688972477-1034230574-1003\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')

Fai una pulizia con Ccleaner compreso il Registro, per il registro spunta tutte le voci, acconsenti al backup quando richiesto.
Pulire la cartella Prefetch:
Vai in C:\windows\prefetch Cancella tutti i file compresa la cartella ReadyBoot che verrà ricreata, non va cancellato il file layout.ini.

Fai sapere se tutto a posto. Ciao
Torna in alto
 
pallido
Inviato: Thursday, February 12, 2015 8:58:55 PM
Rank: AiutAmico

Iscritto dal : 2/23/2013
Posts: 96
Questi sono miei programmi e li ho lasciati :
O4 - HKLM\..\Run: [MemoREX] "C:\Program Files (x86)\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe

per il resto tutto OK.
Come al solito sei stato di grande aiuto.
Mille grazie. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Malware VOSTERAN


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.