Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi contollate il LOG di Hijack Opzioni
lello67
Inviato: Saturday, July 02, 2016 6:03:51 PM
Rank: Newbie

Iscritto dal : 7/2/2016
Posts: 1
Salve a tutti cercherò di spiegarvi il mio problema nel modo migliore che posso. Da un paio di giorni quando mi collego in internet vengo sempre reindirizzato su link pubblicitari di ogni tipo e la navigazione è molto molto lenta. Qualcuno potrebbe aiutarmi per favore? Grazie in anticipo.


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:24:31, on 02/07/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18347)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\symphony.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.1.20120110-2000\program\soffice.bin
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera_crashreporter.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Program Files (x86)\Opera\38.0.2220.31\opera.exe
C:\Users\Donato\AppData\Local\Temp\Temp2_HijackThis_Portable.zip\HijackThisPortable\HijackThisPortable.exe
C:\Users\Donato\AppData\Local\Temp\Temp2_HijackThis_Portable.zip\HijackThisPortable\HijackThisPortable.exe
C:\Users\Donato\AppData\Local\Temp\Temp2_HijackThis_Portable.zip\HijackThisPortable\App\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw52AJhB5l5m3abIMwaQro8PtsrpvYJfnzVvm49q20JuQ0VifBMSDBzjELPiV4lRIR0mF-qQNuSyllo4Je_EQdgAsgPAoNJ2yECr-LNzsfGnRGLSt2iJfZg_qZOQxjB-RGS9i1nn5iJHdBoOCCFiUF8PjlyB8m6iH78ZOGA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://it.yahoo.com/?fr=fp-comodo&type=33090001005_8.4.0.5068_i_hp_sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw52AJhB5l5m3abIMwaQro8PtsrpvYJfnzVvm49q20JuQ0VifBMSDBzjELPiV4lRIR0mF-qQNuSyllo4Je_EQdgAsgPAoNJ2yECr-LNzsfGnRGLSt2iJfZg_qZOQxjB-RGS9i1nn5iJHdBoOCCFiUF8PjlyB8m6iH78ZOGA,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK217RbjR1YFa37oBy_U-nTnTbDTt8PVUCrSqw52AJhB5l5m3abIMwaQro8PtsrpvYJfnzVvm49q20JuQ0VifBMSDBzjELPiV4lRIR0mF-qQNuSyllo4Je_EQdgAsgPAoNJ2yECr-LNzsfGnRGLSt2iJfZg_qZOQxjB-RGS9i1nn5iJHdBoOCCFiUF8PjlyB8m6iH78ZOGA,,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.bing.com/search?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - (no file)
O2 - BHO: High Stairs - {45e60e41-85ee-4c01-9dac-1ecb9bf64179} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {d332cff8-358e-4c9e-8af3-a08872ef22c1} - (no file)
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YouCam Service6] "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Donato\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SymphonyPreLoad] "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Monitora avvisi inchiostro - HP Officejet 4620 series (Rete).lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O8 - Extra context menu item: Nuova nota - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Ritaglia immagine - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Ritaglia questa pagina - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Ritaglia segnalibro - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Ritaglia selezionato - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{28ECC33B-68C5-4C3B-B6CE-24DBE5963173}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Essentware Account Service (AccountService) - Essentware - C:\Program Files\Essentware\Common\AccountService.exe
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - Unknown owner - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (file missing)
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PCKeeper Antivirus Service (PCKAVService) - Unknown owner - C:\Program Files\Essentware\PCKAV\PCKAVService.exe (file missing)
O23 - Service: PCKeeper Service (PCKeeper2Service) - Unknown owner - C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe (file missing)
O23 - Service: PCKeeper Ocf Service (PCKeeperOcfService) - Unknown owner - C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Unknown owner - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16283 bytes
Sponsor
Inviato: Saturday, July 02, 2016 6:03:51 PM

 
dottorserpente
Inviato: Saturday, July 02, 2016 6:42:37 PM

Rank: AiutAmico

Iscritto dal : 9/6/2010
Posts: 2,017
Penso sia bene fixare queste voci:

O2 - BHO: (no name) - {4232F406-A0E7-9E2B-E39F-3E6DED20182B} - (no file)
O2 - BHO: High Stairs - {45e60e41-85ee-4c01-9dac-1ecb9bf64179} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {d332cff8-358e-4c9e-8af3-a08872ef22c1} - (no file)
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YouCam Service6] "C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe" /s
O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Donato\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SymphonyPreLoad] "C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony" -nogui -nosplash
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Monitora avvisi inchiostro - HP Officejet 4620 series (Rete).lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O4 - Global Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe

A seguire:

- Start --> Esegui --> scrivi msconfig
- nella finestra che si apre togli la spunta a tutte le voci tranne all''antivirus e se hai un antimalware o programmi per la sicurezza.

Le voci dei programmi che togli la spunta non saranno toccati, funzioneranno lo stesso


___________________________








Chi tace, non sempre acconsente. A volte non ha voglia di discutere con idioti.
solfami
Inviato: Saturday, July 02, 2016 8:40:02 PM

Rank: AiutAmico

Iscritto dal : 11/14/2003
Posts: 2,268
Salve
visto qui
http://forum.aiutamici.com/yaf_postst96025_eliminare-pagine-pubblicitarie-e-porcherie-varie.aspx
Per incollare i log fai copia e incolla,
in futuro se vorrai cancellarli puoi usare il tasto EDIT
Saluti
fax71ita
Inviato: Saturday, July 02, 2016 9:00:22 PM

Rank: AiutAmico

Iscritto dal : 4/23/2010
Posts: 3,835
ciao

l'infezione e' alla voce R1: helperbar.

segui la guida postata da solfami e fai bene tutti i passaggi.

poi reimposta il browser con cui navighi.

shapiro
Inviato: Monday, July 04, 2016 1:07:08 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
il motivo del reindirizzamento e' questo,



O17 - HKLM\System\CCS\Services\Tcpip\..\{28ECC33B-68C5-4C3B-B6CE-24DBE5963173}: NameServer = 82.163.142.7 95.211.158.134



apri hijackthis e metti la spunta a queste voci poi premi FIX CHECKED


O17 - HKLM\System\CCS\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{28ECC33B-68C5-4C3B-B6CE-24DBE5963173}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{08301091-711A-4850-BBD6-341AB0BC8ED2}: NameServer = 82.163.142.7 95.211.158.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.7 95.211.158.134
strepitoso
Inviato: Monday, July 04, 2016 5:54:24 AM
Rank: Member

Iscritto dal : 11/24/2015
Posts: 15
Interessante !!!
solfami
Inviato: Monday, July 04, 2016 12:33:26 PM

Rank: AiutAmico

Iscritto dal : 11/14/2003
Posts: 2,268
Salve
pardon
Ben tornato Clint,
effetto calibro 20?
Saluti
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.