Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

internet che va in pausa , mi controllate il log di HijackThis ? Opzioni
braccetto
Inviato: Monday, July 30, 2012 10:08:02 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
salve, ogni tanto ho internet che si blocca,rimane lo schermo fisso sulla pagina per poi sbloccarsi dopo qualche secondo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21.50.39, on 30/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\microsoft office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Total Security\zatray.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\TOTALS~1\MAILFR~1\mantispm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} -

C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData

\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files\Microsoft Office

\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\ssv.dll
O2 - BHO: Total Security Toolbar Registrar - {8A4A36C2-0535-4D2C-

BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField

\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}

- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-

4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion

\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

- C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\jp2ssv.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF}

- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} -

"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Total Security Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-

BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField

\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -

(no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows

\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows

\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows

\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies

\KiesTrayAgent.exe






O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple

\Apple Application Support\APSDaemon.exe"






O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField

\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\Total Security

\zatray.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software

\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External

\FirmwareUpdate\KiesPDLR.exe






O4 - HKCU\..\Run: [Google Update] "C:\Users\roberto\AppData\Local

\Google\Update\GoogleUpdate.exe" /c






O4 - HKCU\..\Run: [Facebook Update] "C:\Users\roberto\AppData\Local

\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar

\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Translate this web page with Babylon -

res://C:\Program Files\Babylon\Babylon-Pro\Utils

\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:

\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion

\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0

-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-

Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon -

{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon

\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} -

http://77.238.10.103/velox/services/static/McciInstaller.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl

Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-

6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:

\Program Files\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files

\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-

AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) -

Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

(file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver

\1150\Intel 32\IDriverT.exe
O23 - Service: Total Security Toolbar IswSvc (IswSvc) - Check Point

Software Technologies - C:\Program Files\CheckPoint\ZAForceField

\IswSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) -

Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files

\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2

(NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program

Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files

\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology

Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:

\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -

C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:

\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:

\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) -

TuneUp Software - C:\Program Files\TuneUp Utilities

2012\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\Program Files\Total Security

\vsmon.exe

--
End of file - 12001 bytes
Sponsor
Inviato: Monday, July 30, 2012 10:08:02 PM

 
cbbusto
Inviato: Tuesday, July 31, 2012 3:52:09 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, hai dei programmi inutili, troppe toolbar e troppe voci in avvio, ecco il motivo dei tuoi blocchi.
Dovresti eliminare tutti i sw della Toshiba che chiamano utility ma io chiamo inutilità, servono a niente e creano solo intoppi.
Io sostituirei anche Total Security, dovrebbe essere quello di Telecom, e sostituiscilo con MSE, molto meglio.

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:


O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} -
C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Total Security Toolbar Registrar - {8A4A36C2-0535-4D2C-
BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField
\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
- C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF}
- C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} -
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Total Security Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-
BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField
\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -(no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft
Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows
\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple
\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software
\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\roberto\AppData\Local
\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\roberto\AppData\Local
\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar
\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar
\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-
6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
Poi fai una pulizia con Ccleaner QUI compreso il Registro.
Installa malwarebytes QUI lo aggiorni e poi fai una scansione COMPLETA non veloce, elimina quello che trova.
Fai sapere se c'è qualche miglioramento. Speak to the hand
braccetto
Inviato: Tuesday, July 31, 2012 8:21:45 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
fixando queste voci elimino anche totalsecurity?
cbbusto
Inviato: Tuesday, July 31, 2012 10:07:58 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
braccetto ha scritto:
fixando queste voci elimino anche totalsecurity?

No Total Security non viene toccato, se vuoi cambiarlo lo devi disattivare tu lo puoi rimuovere da installazione applicazioni, prima però devi scaricare il nuovo antivirus, se ti va bene MSE lo puoi scaricare da QUI, poi ti disconneti da internet, rimuovi Total fai una pulizia con Ccleaner compreso il Registro e quindi installi MSE, poi ti colleghi a internet e lo aggiorni, quindi fai una scansione completa.
Alcuni programmi vengono eliminati mentre le voci 04 non toccano i vari programmi ma disattivano solo l'avvio automatico in questo modo si velocizza l'avvio del sistema operativo.
Ciao
braccetto
Inviato: Wednesday, August 01, 2012 1:40:52 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
ho fixato le voci che mi hai indicato e il pc sembra più reattivo,ho fatto la scansione con Malwarebytes che mi ha trovato 4 infezioni,ecco il log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.30.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
roberto :: ROBERTO-PC [amministratore]

01/08/2012 8.46.31
mbam-log-2012-08-01 (08-46-31).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 366959
Tempo impiegato: 4 ore, 23 minuti, 29 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 3
C:\xdccMule\ripristino.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security\Disinstalla Total Security.lnk (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security\Total Security.lnk (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.

(fine)
davix
Inviato: Wednesday, August 01, 2012 2:16:58 PM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
Attenzione Whistle




http://pc-security.forumattivo.com/t252-total-security-guida-alla-rimozione




Ancora http://rogueantispyware.blogspot.it/2009/03/total-security.html

"Total Security makes it's way from PC to PC with the help of Trojans that display fake security alerts about threats and then installs Total Security without user permission. Once installed, Total Security will scan the computer and display a variety of infections that cannot be removed until the user purchase the program. These infections, though, do not really exist and are being shown to scare people into purchasing the program. "
braccetto
Inviato: Wednesday, August 01, 2012 2:47:29 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
avendolo rimosso con malwarebytes dovrei stare tranquillo?


Allego il nuovo log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.48.28, on 01/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Total Security\zatray.exe
C:\PROGRA~1\TOTALS~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

= http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer

\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer

\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData

\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-

0BBC1D38A37E} - C:\Program Files\Microsoft Office

\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-

4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion

\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin

\jp2ssv.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows

\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows

\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\Total Security

\zatray.exe
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField

\ForceField.exe /icon="hidden"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows

\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: Translate this web page with Babylon -

res://C:\Program Files\Babylon\Babylon-Pro\Utils

\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:

\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion

\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -

C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer

\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-

4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-

AEC46303B9E5} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263}

- C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0

-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-

Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon -

{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon

\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files

\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0AD152FC-3023-43DD-B750-59CA9AC3B8B5} -

http://77.238.10.103/velox/services/static/McciInstaller.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl

Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.c

ab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-

3CB6248B04CD} - C:\Program Files\Microsoft Office

\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-

07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:

\Program Files\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files

\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-

AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service

(AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:

\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. -

C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver

\1150\Intel 32\IDriverT.exe
O23 - Service: Total Security Toolbar IswSvc (IswSvc) - Check Point

Software Technologies - C:\Program Files\CheckPoint\ZAForceField

\IswSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) -

Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service

\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files

\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2

(NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program

Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology

Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:

\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -

C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:

\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:

\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) -

TuneUp Software - C:\Program Files\TuneUp Utilities

2012\TuneUpUtilitiesService32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point

Software Technologies LTD - C:\Program Files\Total Security

\vsmon.exe

--
End of file - 7920 bytes
davix
Inviato: Wednesday, August 01, 2012 3:31:14 PM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
braccetto ha scritto:
avendolo rimosso con malwarebytes dovrei stare tranquillo?



Ho postato il link per correttezza dell'immagine citata. Braccetto, non ti ho dato nessuna istruzione.


Ciao Speak to the hand


P.S. Cmq, nell'articolo non si parlava solo di MBAM.



cbbusto
Inviato: Wednesday, August 01, 2012 11:34:53 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao braccetto, l'ultimo log è a posto, Mbam ha eliminato delle voci che riguardano anche Total Security ma non si riferiscono al sw di cui parlavo io.
Rispondi a queste domande:
Che antivirus usi ?
Hai per caso l'ADSL di Alice? ed hai installato il pacchetto di sicurezza della Telecom Total Security ?
Total Security basato su tecnologia ZoneAlarm
Attendo tue notizie, ciao.

Per davix: Total Security a cui facevo riferimento è questo:
C:\Program Files\Total Security\zatray.exe
che fa riferimento a questo sw: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
file: zatray.exe
processo: ZoneAlarm
Società: CheckPointSoftwareTechnologiesLTD
Parte di: ZoneAlarm
e non ha niente a che vedere con quello che hai citato tu, che esiste è un rogue e può essere anche un clone di Antivirus 360 ma i sintomi che possono presentarsi sui pc sove si installa non ci sono nel pc di braccetto.
davix
Inviato: Wednesday, August 01, 2012 11:43:44 PM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
braccetto ha scritto:
ho fixato le voci che mi hai indicato e il pc sembra più reattivo,ho fatto la scansione con Malwarebytes che mi ha trovato 4 infezioni,ecco il log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.30.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
roberto :: ROBERTO-PC [amministratore]

01/08/2012 8.46.31
mbam-log-2012-08-01 (08-46-31).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 366959
Tempo impiegato: 4 ore, 23 minuti, 29 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 3
C:\xdccMule\ripristino.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security\Disinstalla Total Security.lnk (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Security\Total Security.lnk (Rogue.TotalSecurity) -> Spostato in quarantena ed eliminato con successo.

(fine)



Cbbusto, mi riferivo alla scansione di MBAM: sono falsi positivi?? Whistle


Poi, c'è il Total Security della ZoneAlarm distribuito dalla Telecom Italia. Per chi piace.
braccetto
Inviato: Wednesday, August 01, 2012 11:44:28 PM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
Ciao cbbusto,
si , ho l'adsl di alice e ho installato il pacchetto di sicurezza della Telecom Total Security.
cbbusto
Inviato: Wednesday, August 01, 2012 11:54:55 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
braccetto ha scritto:
Ciao cbbusto,
si , ho l'adsl di alice e ho installato il pacchetto di sicurezza della Telecom Total Security.


E' come immaginavo, quindi tranquillo, il tuo Total Security è normale, anch'io ho Alice tutto compreso e potrei installare il pacchetto sicurezza gratuitamente ma preferisco tenere il mio MSE, infatti il pacchetto di sicurezza della Telecom non è il massimo, specialmente se uno lo deve pagare. Vedi tu cosa vuoi fare.
Se il pc va bene e i blocchi non si ripetono direi che sei a posto. Ciao
cbbusto
Inviato: Thursday, August 02, 2012 12:00:52 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
davix ha scritto:


Cbbusto, mi riferivo alla scansione di MBAM: sono falsi positivi?? Whistle
Potrebbe anche essere, li ho visti anch'io.

Poi, c'è il Total Security della ZoneAlarm distribuito dalla Telecom Italia. Per chi piace.

su questo sono d'accordo infatti io lo potrei installare gratuitamente ma preferisco MSE. Bay. Speak to the hand
braccetto
Inviato: Thursday, August 02, 2012 12:02:03 AM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
Io lo tengo perchè è compreso nel prezzo ,era un offerta, il pc è molto più veloce e sembra non avere blocchi.

Grazie per l'aiuto

cmq vi voglio mettere il log di SmitfraudFix :

SmitFraudFix v2.423

Scan done at 15:42:43,89, 01/08/2012
Run from C:\Users\roberto\Desktop\SmitfraudFix
OS: Microsoft Windows [Versione 6.1.7601] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Total Security\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService2.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Total Security\zatray.exe
C:\PROGRA~1\TOTALS~1\MAILFR~1\mantispm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Users\roberto\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\roberto\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Pagina iniziale corrente"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=""
"LoadAppInit_Dlls"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"VMApplet"="SystemPropertiesPerformance.exe /pagefile"
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter #2
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2E9D592C-5593-438E-BA71-41E85DEAEC75}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

cbbusto
Inviato: Thursday, August 02, 2012 10:05:25 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao braccetto, non conosco SmitfraudFix ma dal log sembra non abbia rilevato infezioni.
Se ti trovi bene continua pure con Total Security.
Ciao e buone vacanze.
davix
Inviato: Thursday, August 02, 2012 10:22:46 AM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
Braccetto, ma chi ti ha detto di usare SmitfraudFix? Eh?

Questo genere di tool, fix(er), vanno impiegati solo su comando di che conduce la bonifica, e deve aggiungere:
- da dove scaricare il sw
- le istruzioni operative dettagliate
- le avvertenze per eventuali intoppi/difficoltà



Queste "chiavi" sono tutte legittime:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"





cbbusto
Inviato: Thursday, August 02, 2012 10:52:30 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Davix, non capisco perchè vuoi creare allarmismi inutili, quelle chiavi non sono state eliminate, l'avvertenza dice:
"Le seguenti chiavi non sono inevitalmente infettate". Poi ognuno interpreti come vuole.
.
davix
Inviato: Thursday, August 02, 2012 11:17:07 AM

Rank: AiutAmico

Iscritto dal : 2/4/2011
Posts: 4,198
cbbusto ha scritto:
Davix, non capisco perchè vuoi creare allarmismi inutili, quelle chiavi non sono state eliminate, l'avvertenza dice:
"Le seguenti chiavi non sono inevitalmente infettate". Poi ognuno interpreti come vuole.
.



L'unico allarme è la superficialità! Whistle


Posso affermare ciò che ho scritto perchè ho controllato le CLSID di ognuna delle chiavi! Quindi, nessuna interpretazione.


davix ha scritto:


Queste "chiavi" sono tutte legittime:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"






Braccetto, non era mia intenzione farti usare SmitFraudFix perchè la versione più recente è... abbastanza datata!! Visto e considerato la velocotà con la quale(purtroppo) evolvono i malware non saprei se è un sw attendibile!
Mi ero inserito in questo topic solo richiamare l'attenzione sulla minaccia di (Rogue.TotalSecurity), che non va sottovalutata.








braccetto
Inviato: Thursday, August 02, 2012 11:19:59 AM
Rank: AiutAmico

Iscritto dal : 11/19/2010
Posts: 102
davix ha scritto:
Braccetto, ma chi ti ha detto di usare SmitfraudFix? Eh?

Questo genere di tool, fix(er), vanno impiegati solo su comando di che conduce la bonifica, e deve aggiungere:
- da dove scaricare il sw
- le istruzioni operative dettagliate
- le avvertenze per eventuali intoppi/difficoltà



Queste "chiavi" sono tutte legittime:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"="FencesShellExt"

[HKEY_CLASSES_ROOT\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1984DD45-52CF-49cd-AB77-18F378FEA264}\InProcServer32]
@="C:\Program Files\Stardock\Fences\FencesMenu.dll"






ho seguito i ilnk che hai postato e nel primo suggeriva per la rimozione automatica delle infezioni ,che mi hai evidenziato, questo programma,oltre che a Malwarebytes.
Ho semplicemente postato il log per cercare di fare chiarezza .
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.