|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Ciao a tutti, Da ieri mentre navigo normalmente si apre una pagina ogni volta con una pubblicità di siti diversi. Ho fatto la scansione con Norton ma non risulta niente. Ho fatto la scansione con Malwarebyte senza internet ma anche li non risulta niente. Ho fatto la scansione con Spybot in modalità provvisoria e normale,ma il problema si ripresenta sempre. Ma cosa può essere? Come posso risolvere? Grazie.
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 3/6/2009 Posts: 2,913
|
posta un log di questo ed attendi qualche esperto.ciao http://www.aiutamici.com/software?ID=11175
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Allora,ho fatto il Log con Hijack This, Mentra facevo la scansione è uscito prima questo avviso:
Ho cliccato su OK e sono andato avanti. Dopo è uscito questo avviso:
Qui ho cliccato su NO e sono andato avanti. E questo è il Log prodotto:
C'E QUALCHE ANIMA PIA CHE PUO' AIUTARMI?
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008 Posts: 4,164
|
ciao sembra che hai problemi col' userinit... puoi ripetere la scansione? se hai vista o seven eseguilo col tasto destro e come amministratore poi incollalo intero nel forum
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:40:04, on 25/08/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal
Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Users\Public\Documents\AppData\PoApp\PService.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/6 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file) O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5A903-9893-45A5-A1E3-E8A92ADD89B5}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{E96DBEA7-D671-40D0-B8A5-8E3E34488484}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\..\{FCB3E74F-2E00-4991-975E-9660B8907C1E}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\User\AppData\Local\PosService\Pos.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\User\AppData\Local\ServUpdater\ServiceUpd.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
-- End of file - 13486 bytes
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008 Posts: 4,164
|
riesegui la scansione con hjt metti la spunta accanto alle voci che ti indico e premi fix checkedCode:O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCE5A903-9893-45A5-A1E3-E8A92ADD89B5}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E96DBEA7-D671-40D0-B8A5-8E3E34488484}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCB3E74F-2E00-4991-975E-9660B8907C1E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: NameServer = 176.31.229.24,176.31.229.25
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing). scarica adwcleaner avvialo e clicca su delete il pc dovrebbe riavviarsi, posta il log che rilascia ora facciamo una breve pausa perche' dobbiamo fare un controllo manuale sul registro
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
# AdwCleaner v1.801 - Logfile created 08/25/2012 at 20:28:48 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : User - USER-HP # Boot Mode : Normal # Running from : C:\Users\User\Desktop\adwcleaner.exe # Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\Ask
***** [Registry] *****
Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\Offerbox Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1 Key Deleted : HKLM\SOFTWARE\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Offerbox Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v12.0 (it)
*************************
AdwCleaner[S1].txt - [10195 octets] - [25/08/2012 20:28:48]
########## EOF - C:\AdwCleaner[S1].txt - [10324 octets] ##########
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008 Posts: 4,164
|
Apri il registro -> Start / Esegui ,digita regedit e dai l'ok Portati in questa chiave :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Clicca su winlogon e, nella finestra a destra, trova "Userinit"
Nella colonna "dati" deve essere cosi'
c:\windows\system32\userinit.exe,
N.B. deve esserci la virgola dopo userinit.exe,
dammi la conferma
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Innanzitutto ti ringrazio di cuore per l'aiuto che mi stai dando, detto questo,ho fatto la procedura che mi hai scritto,solo che non c'è winlogon Per farti capire meglio ti ho fatto uno screen. Ah! non se può essere importante,ma si è aperta di nuovo la pagina da sola e ho preso il link,è un sito di ricerca di lavoro: http://www.infojobs.it/candidati/registrati?utm_source=zan&utm_medium=aff&utm_campaign=zan
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008 Posts: 4,164
|
scendi piu' giu' e' in ordine alfabetico
e' quella la pagina che da' fastidio?
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Ok trovato,si c'è la virgola. Per quanto riguarda la pagina,ogni volta è diversa,ecco,adesso per esempio si è aperta questa: http://www.meetic.it/signup/smart_landing.php?tpl=20120522landing_aff0512
|
|
Rank: AiutAmico
Iscritto dal : 8/24/2008 Posts: 4,164
|
prova a reimpostare la pagina start esegui > digita inetcpl.cpl e dai invio > clicca su avanzate > reimposta , chiudi e all'apertura vedi se ritrovi la tua home page
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Forse ho l'impressione di essermi espresso male, la pagina che si apre non mi cambia la home page,ho la pagina di navigazione in corso,ma si apre su una nuova scheda a parte,tipo pop up.
|
|
Rank: AiutAmico
Iscritto dal : 6/2/2005 Posts: 7,332
|
Per il tuo tipo di problema Combofix potrebbe essere la soluzione.
|
|
Rank: AiutAmico
Iscritto dal : 8/7/2007 Posts: 11,016
|
Serve una scansione con Combofix: Scarica Combofix (usa Internet Explorer) http://download.bleepingcomputer.com/sUBs/ComboFix.exeSalvalo sul desktop. ( è obbligatorio) Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione. Doppio click su combofix.exe (se usi Vista o Seven: tasto destro su Combofix.exe e clicca su: " Esegui come Amministratore" ) E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali, e prosegui con la scansione.Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni. Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui. Per postare il log:Collegati ad internet e vai alla pagina WikiSend: http://www.wikisend.com/ Clicca sul bottone " Sfoglia" Seleziona il file appena salvato Clicca su Upload file Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati: Download Link / Forum Link Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum. @pidueOPPPSSSSS....abbiamo scritto quasi in contemporanea.
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
ComboFix 12-08-25.04 - User 25/08/2012 23:15:39.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.5611.3775 [GMT 2:00] Eseguito da: c:\users\User\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\User\AppData\Local\unins000.exe c:\users\User\AppData\Roaming\OfferBox c:\users\User\AppData\Roaming\OfferBox\config.xml c:\users\User\AppData\Roaming\OfferBox\http_app.offerbox.com\country.sxe c:\users\User\AppData\Roaming\OfferBox\http_app.offerbox.com\history.db c:\users\User\AppData\Roaming\OfferBox\http_app.offerbox.com\profile.sxe c:\users\User\AppData\Roaming\OfferBox\http_app.offerbox.com\update.sxe c:\users\User\AppData\Roaming\OfferBox\http_app.offerbox.com\update.xml . . ((((((((((((((((((((((((( Files Creati Da 2012-07-25 al 2012-08-25 ))))))))))))))))))))))))))))))))))) . . 2012-08-25 21:29 . 2012-08-25 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-25 15:33 . 2012-08-25 15:33 388096 ----a-r- c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-08-25 15:33 . 2012-08-25 15:33 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-25 12:25 . 2012-08-25 13:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-25 12:24 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe 2012-08-25 12:24 . 2012-08-25 12:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2012-08-24 12:39 . 2012-08-24 12:39 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-08-24 12:39 . 2012-08-24 12:39 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-08-24 12:39 . 2012-08-24 12:39 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-08-24 11:58 . 2012-08-24 11:58 -------- d-----w- c:\users\User\AppData\Local\ManyCam 2012-08-24 11:58 . 2012-08-24 11:58 -------- d-----w- c:\programdata\ManyCam 2012-08-24 11:58 . 2012-08-24 11:58 -------- d-----w- c:\users\User\AppData\Roaming\ManyCam 2012-08-24 11:58 . 2012-08-24 12:04 -------- d-----w- c:\program files (x86)\ManyCam 2012-08-24 11:54 . 2012-08-24 11:54 -------- d-----w- c:\users\User\AppData\Local\PowerOffer 2012-08-24 11:54 . 2012-08-24 12:12 -------- d-----w- c:\users\User\AppData\Local\ServUpdater 2012-08-24 11:54 . 2012-08-24 11:56 -------- d-----w- c:\users\User\AppData\Local\PosService 2012-08-24 10:04 . 2012-08-24 11:55 -------- d-----w- c:\users\User\AppData\Local\SoftwareUpdater 2012-08-24 10:04 . 2012-08-24 10:04 -------- d-----w- c:\program files (x86)\MyPcCleaner 2012-08-18 07:38 . 2012-08-18 07:38 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-08-15 07:52 . 2012-08-16 07:15 -------- d-----w- c:\windows\system32\drivers\NISx64\1308000.00E 2012-07-27 21:39 . 2012-08-15 18:31 -------- d-----w- c:\users\User\AppData\Roaming\Windows Live Writer 2012-07-27 21:39 . 2012-08-15 18:30 -------- d-----w- c:\users\User\AppData\Local\Windows Live Writer . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 07:57 . 2012-03-23 14:30 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-06-09 05:43 . 2012-07-12 10:22 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06 . 2012-07-12 10:22 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-12 10:22 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-12 10:22 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-12 10:22 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-12 10:22 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-12 10:22 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-21 10:15 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 10:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 10:16 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 10:16 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 10:15 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 10:16 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 10:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 13:19 . 2012-06-21 10:15 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 13:15 . 2012-06-21 10:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-12 10:22 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-12 10:22 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-12 10:22 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-12 10:22 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-12 10:22 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-12 10:22 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-12 10:22 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-12 10:22 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-12 10:22 96768 ----a-w- c:\windows\SysWow64\sspicli.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-05-17 61112] "MobileBroadband"="c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] "UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568] "PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-07-04 3921432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R2 ServUpdater;Serv Updater;c:\users\User\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160] R2 SoftwareUpd;Software Upd;c:\users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280] R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2012-03-02 19456] R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2012-03-02 27648] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2012-03-02 27136] R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2012-03-02 34304] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-03-06 29184] R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandnetgps64.sys [2012-03-06 28160] R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-03-06 36352] R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [2012-03-06 93184] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-24 129976] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_acm.sys [2010-09-01 78336] R3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\DRIVERS\vodafone_K3805-z_cdc_ecm.sys [2010-09-01 88064] R3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\DRIVERS\vodafone_K3805-z_cpo.sys [2010-09-01 13824] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [2011-07-25 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [2012-08-11 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120824.001\IDSvia64.sys [2012-08-22 512672] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-06 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-05 365568] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272] S2 PowerOffer Service;Pos Service;c:\users\User\AppData\Local\PosService\Pos.exe [2012-04-03 169472] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-07-04 1188896] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-07-04 1395736] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528] S2 VmbService;Servizio Vodafone Mobile Broadband;c:\program files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2010-09-08 8704] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-06 9359872] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-06 309760] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-05-18 1145448] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232] S3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\DRIVERS\vodafone_K3805-z_dc_enum.sys [2010-09-01 75776] . . --- Altri Servizi/Drivers In Memoria --- . *NewlyCreated* - WS2IFSL . Contenuto della cartella 'Scheduled Tasks' . 2012-08-25 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-23 22:31] . 2012-08-25 c:\windows\Tasks\HPCeeScheduleForUser.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Scansione supplementare ------- . uStart Page = hxxp://www.google.it/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 TCP: Interfaces\{5E787CAE-E7C4-4D11-9ACE-03F79845A091}: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CCE5A903-9893-45A5-A1E3-E8A92ADD89B5}: DhcpNameServer = 192.168.42.129 TCP: Interfaces\{E96DBEA7-D671-40D0-B8A5-8E3E34488484}: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\5i1yom10.default\ FF - prefs.js: browser.search.selectedEngine - . - - - - CHIAVI ORFANE RIMOSSE - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\User\AppData\Local\unins000.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll\" /prefetch:1" . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Ora fine scansione: 2012-08-26 00:07:03 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2012-08-25 22:06 . Pre-Run: 415.533.084.672 byte disponibili Post-Run: 415.115.276.288 byte disponibili . - - End Of File - - 83BC36BCA14B20FDB6B5269DACE90DF6
|
|
Rank: AiutAmico
Iscritto dal : 6/2/2005 Posts: 7,332
|
ComboFix ha trovato ed eliminato alcune porcheriole. Adesso vedi se il problema è risolto.
|
|
Rank: AiutAmico
Iscritto dal : 8/7/2007 Posts: 11,016
|
Ci sono alcuni rimasugli da togliere: Apri un file di testo con il Block Note sul Desktop Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txtCode:ClearJavaCache::
KillAll::
Driver:: ServUpdater SoftwareUpd PowerOffer Service
Folder:: c:\users\User\AppData\Local\PowerOffer c:\users\User\AppData\Local\ServUpdater c:\users\User\AppData\Local\PosService c:\users\User\AppData\Local\SoftwareUpdater c:\users\Public\Documents\AppData\PoApp
Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PosService"=- e trascinalo sull'icona di ComboFix. Attendi la fine dei lavori, senza toccare tastiera, mouse o altro. Posta il log aggiornato di combofix. N.B:Mi sembra di avere indicato come postare i log, nel mio post precedente.
|
|
Rank: AiutAmico
Iscritto dal : 11/6/2010 Posts: 94
|
Ciao R16, ho fatto la procedura che mi hai indicato tu per postare il log,e il risultato è questo: Log ComboFix.txt
Va bene così oppure ho sbagliato qualcosa?
|
|
Guest |