Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Controllo log HijackThis Opzioni
Umberto19870
Inviato: Sunday, August 26, 2012 1:25:55 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Ho un problema sul mio pc su cui è installato Win7 ultimate in quanto ho un problema di disabilitazione del firewall del programma.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:24, on 26/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnpstd3.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\nannaro\Downloads\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files\FileServe Manager\FileServeBHO.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [FileServe Manager Task] "C:\Program Files\FileServe Manager\FSStarter.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A12546-230A-4F38-8BD9-98888A172747}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\nannaro\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\nannaro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4833 bytes



Sponsor
Inviato: Sunday, August 26, 2012 1:25:55 PM

 
Umberto19870
Inviato: Sunday, August 26, 2012 1:40:36 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Questo è il logo della scansione di:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.08.26.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
nannaro :: NANNARO-PC [amministratore]

26/08/2012 13:35:05
mbam-log-2012-08-26 (13-39-25).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 198296
Tempo impiegato: 3 minuti, 30 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 13
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Nessuna azione intrapresa.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Nessuna azione intrapresa.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Nessuna azione intrapresa.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Nessuna azione intrapresa.

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
r16
Inviato: Sunday, August 26, 2012 2:08:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Elimina quello che ha trovato Malwarebytes.
Avvia hijackthis,
metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":
Commenta:
O17 - HKLM\System\CCS\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5A12546-230A-4F38-8BD9-98888A172747}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{02AD4369-276C-4622-9C83-9907B592EDBF}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\nannaro\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\nannaro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe



Rifai la scansione con hijackthis e controlla se ci sono ancora quelle voci.
Se le trovi, le elimini in Modalità provvisoria.

Poi:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante search.
Finita la scansione, elimina il log che rilascia sul desktop, e clicca su "Delete".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Umberto19870
Inviato: Sunday, August 26, 2012 2:52:14 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
La procedura è stata eseguita qui di seguito c'è il log del programma adwcleaner:

# AdwCleaner v1.801 - Logfile created 08/26/2012 at 14:47:31
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : nannaro - NANNARO-PC
# Boot Mode : Normal
# Running from : C:\Users\nannaro\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\nannaro\AppData\Local\Babylon
Folder Deleted : C:\Users\nannaro\AppData\Local\OpenCandy
Folder Deleted : C:\Users\nannaro\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\nannaro\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\nannaro\AppData\Roaming\Babylon
Folder Deleted : C:\Users\nannaro\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\nannaro\AppData\Roaming\Mozilla\Firefox\Profiles\g48lx5sp.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
File Deleted : C:\Users\nannaro\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\nannaro\AppData\Roaming\Mozilla\Firefox\Profiles\g48lx5sp.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\nannaro\AppData\Roaming\Mozilla\Firefox\Profiles\g48lx5sp.default\searchplugins\SweetIm.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (it)

Profile name : default
File : C:\Users\nannaro\AppData\Roaming\Mozilla\Firefox\Profiles\g48lx5sp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.14

File : C:\Users\nannaro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\nannaro\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7009 octets] - [26/08/2012 14:46:46]
AdwCleaner[S1].txt - [7086 octets] - [26/08/2012 14:47:31]

########## EOF - C:\AdwCleaner[S1].txt - [7214 octets] ##########
r16
Inviato: Sunday, August 26, 2012 2:55:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Rifiniamo con questa scansione:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obbligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista o Seven: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali, e prosegui con la scansione.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Umberto19870
Inviato: Sunday, August 26, 2012 3:16:45 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Ho eseguito il programma Combofix come riportato nella tua guida ma purtroppo non ho il log del programma. Ho sbagliato qualcosa?
r16
Inviato: Sunday, August 26, 2012 3:19:36 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai guardato in questo percorso?
C:\ComboFix.txt.
Umberto19870
Inviato: Sunday, August 26, 2012 3:44:34 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Ho "trovato" in c: 32788R22FWJFW (cliccando su di esso mi porta sulla schermata del c). Non capisco perchè non ho il file richiesto.
r16
Inviato: Sunday, August 26, 2012 3:52:16 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
Ho "trovato" in c: 32788R22FWJFW

Non centra niente quel file con il log.

Fai
Start\esegui e digita il seguente comando (fai un copia -incolla)
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt
Clicca ok.
Posta il log che rilascia.
Umberto19870
Inviato: Sunday, August 26, 2012 4:57:11 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
niente log........ho provato a cliccare sul risultato ottenuto dallo start/esegui cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt viene aperta la finestra del Dos: c:\Windows\system32
r16
Inviato: Sunday, August 26, 2012 5:12:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.
Umberto19870
Inviato: Sunday, August 26, 2012 5:53:12 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Piu' tardi proverò quanto riportato.
Umberto19870
Inviato: Tuesday, August 28, 2012 8:37:36 AM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
r16
Inviato: Tuesday, August 28, 2012 6:05:12 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:Services

:OTL
SRV - (SoftwareUpd) -- C:\Users\nannaro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O33 - MountPoints2\{915c5011-44de-11e1-b0bd-0019664654f5}\Shell - "" = AutoRun
O33 - MountPoints2\{915c5011-44de-11e1-b0bd-0019664654f5}\Shell\AutoRun\command - "" = M:\ICM_Manager.exe
[2012/08/24 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\nannaro\AppData\Local\ServUpdater
[2012/08/24 17:27:10 | 000,000,000 | ---D | C] -- C:\Users\nannaro\AppData\Local\PosService
[2012/08/24 14:43:45 | 000,000,000 | ---D | C] -- C:\Users\nannaro\AppData\Local\SoftwareUpdater

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[emptytemp]
[RESETHOSTS]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Il pc si riavvierà
Posta il log che viene rilasciato.

Dimmi se riscontri problemi.
Umberto19870
Inviato: Thursday, August 30, 2012 7:14:36 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Log in arrivo

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service SoftwareUpd stopped successfully!
Service SoftwareUpd deleted successfully!
C:\Users\nannaro\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{915c5011-44de-11e1-b0bd-0019664654f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{915c5011-44de-11e1-b0bd-0019664654f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{915c5011-44de-11e1-b0bd-0019664654f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{915c5011-44de-11e1-b0bd-0019664654f5}\ not found.
File M:\ICM_Manager.exe not found.
C:\Users\nannaro\AppData\Local\ServUpdater\settings folder moved successfully.
C:\Users\nannaro\AppData\Local\ServUpdater folder moved successfully.
C:\Users\nannaro\AppData\Local\PosService\settings folder moved successfully.
C:\Users\nannaro\AppData\Local\PosService folder moved successfully.
C:\Users\nannaro\AppData\Local\SoftwareUpdater\settings folder moved successfully.
C:\Users\nannaro\AppData\Local\SoftwareUpdater folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\nannaro\Desktop\cmd.bat deleted successfully.
C:\Users\nannaro\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Nannarino

User: nannaro
->Temp folder emptied: 4231409 bytes
->Temporary Internet Files folder emptied: 61586402 bytes
->Java cache emptied: 6056 bytes
->FireFox cache emptied: 346129389 bytes
->Google Chrome cache emptied: 7232685 bytes
->Opera cache emptied: 50600336 bytes
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 2398272 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294710 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 451,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.59.1 log created on 08302012_060619
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
r16
Inviato: Thursday, August 30, 2012 7:17:21 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Problemi?
Umberto19870
Inviato: Monday, September 03, 2012 9:26:54 PM
Rank: AiutAmico

Iscritto dal : 12/22/2005
Posts: 165
Sono 'apparsi' questi difetti:

Windows defender da questo errore..(0X80070005)

Windows Firewall..nn da più quell'errore che avevo; una volta che provo ad attivarlo rimane un pochino a caricare e poi nulla!..poi se provo ad aprire windows firewall con sicurezza avanzata da questo errore(0x6D9 impossibile caricare lo snap-in)

Windows Updates: impossibile verificare la disponibilità degli aggiornamenti, il servizio nn è in esecuzione........

Boh.

C'e' quelche 'infezione in corso'.
r16
Inviato: Monday, September 03, 2012 9:30:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
scarica Scanner Servizio Farbar sul desktop :
http://download.bleepingcomputer.com/farbar/FSS.exe
Metti un segno di spunta in tutte le caselle sul lato sinistro.
Clicca su "Scan".
Si creerà un log (FSS.txt) nella stessa directory in cui viene eseguito lo strumento.
Posta il log.
cbbusto
Inviato: Monday, September 03, 2012 11:23:19 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
r16 scusa l'intromissione ma ho notato che la scansione con Malwarebytes è stata fatta Veloce e non Completa,
sempre che possa interessare. Ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.