cbbusto ha scritto:Dici di essere nuovo ma vedo che sei iscritto da 8 anni, sei rimasto in letargo.
Sei infettato da search.findeer è un malware che ti dirotta.
Installa Malwarebytes
QUI lo aggiorni e poi fai una scansione COMPLETA non veloce, elimina quello che trova, posta il suo log che rilascia.
Poi Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleanerAvvialo e clicca sul pulsante cerca.
Finita la scansione, elimina il log che rilascia sul desktop, e clicca su "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Poi rifai una scansione con HJT e posta il nuovo log aggiornato.
Ciao
ECCO IL LOG DI ADWCLEANER SCUSA PER IL RITARDO
# AdwCleaner v2.007 - Logfile creato il 17/11/2012 alle 14:55:14
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Windows 7 Ultimate (32 bits)
# Utente : PAOLO - PAOLO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\PAOLO\Desktop\programmi\adwcleaner.exe
# Opzioni [Cerca]
***** [Servizi] *****
***** [File / Cartelle] *****
Cartella Trovato : C:\Users\PAOLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Cartella Trovato : C:\Users\PAOLO\AppData\Roaming\Mozilla\Firefox\Profiles\wg3l8sys.default\extensions\ffxtlbr@funmoods.com
File Trovato : C:\Users\PAOLO\AppData\Local\funmoods.crx
File Trovato : C:\Users\PAOLO\AppData\Roaming\Mozilla\Firefox\Profiles\wg3l8sys.default\searchplugins\funmoods.xml
***** [Registro] *****
Chiave Trovata : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chiave Trovata : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chiave Trovata : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chiave Trovata : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chiave Trovata : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chiave Trovata : HKU\S-1-5-21-2970140224-1388353927-2266095080-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
***** [Browser Internet] *****
-\\ Internet Explorer v8.0.7600.16385
[OK] Registro Pulito.
-\\ Mozilla Firefox v16.0.2 (it)
Nome Profilo : default
File : C:\Users\PAOLO\AppData\Roaming\Mozilla\Firefox\Profiles\wg3l8sys.default\prefs.js
Trovata : user_pref("browser.search.defaultenginename", "Funmoods");
Trovata : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]
Trovata : user_pref("extensions.funmoods.aflt", "download");
Trovata : user_pref("extensions.funmoods.autoRvrt", false);
Trovata : user_pref("extensions.funmoods.cntry", "IT");
Trovata : user_pref("extensions.funmoods.cv", "cv5");
Trovata : user_pref("extensions.funmoods.dfltLng", "");
Trovata : user_pref("extensions.funmoods.dfltSrch", false);
Trovata : user_pref("extensions.funmoods.dnsErr", true);
Trovata : user_pref("extensions.funmoods.envrmnt", "production");
Trovata : user_pref("extensions.funmoods.excTlbr", false);
Trovata : user_pref("extensions.funmoods.hdrMd5", "1707C2B71B957856C8956EB43CCF5482");
Trovata : user_pref("extensions.funmoods.hmpg", false);
Trovata : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Trovata : user_pref("extensions.funmoods.id", "74EA3A8CC9C5E196");
Trovata : user_pref("extensions.funmoods.instlDay", "15661");
Trovata : user_pref("extensions.funmoods.instlRef", "download");
Trovata : user_pref("extensions.funmoods.isdcmntcmplt", false);
Trovata : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.220:47:11");
Trovata : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Trovata : user_pref("extensions.funmoods.newTab", false);
Trovata : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Trovata : user_pref("extensions.funmoods.prdct", "funmoods");
Trovata : user_pref("extensions.funmoods.prtnrId", "funmoods");
Trovata : user_pref("extensions.funmoods.sg", "none");
Trovata : user_pref("extensions.funmoods.smplGrp", "none");
Trovata : user_pref("extensions.funmoods.srchPrvdr", "Search");
Trovata : user_pref("extensions.funmoods.tlbrId", "base");
Trovata : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Trovata : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Trovata : user_pref("extensions.funmoods.vrsnTs", "1.5.23.220:47:11");
Trovata : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Trovata : user_pref("extensions.funmoods_i.newTab", false);
Trovata : user_pref("extensions.funmoods_i.smplGrp", "none");
Trovata : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.220:47:11");
-\\ Google Chrome v [Impossibile rilevare la versione]
File : C:\Users\PAOLO\AppData\Local\Google\Chrome\User Data\Default\Preferences
Trovata [l.43] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
Trovata [l.46] : keyword = "funmoods.com",
Trovata [l.49] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyByE0E0AtA0Azz0C0Czy0CyD0EtCzyyCtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=792007911",
*************************
AdwCleaner[R1].txt - [2455 octets] - [10/11/2012 14:46:59]
AdwCleaner[R2].txt - [939 octets] - [10/11/2012 15:58:47]
AdwCleaner[R3].txt - [9062 octets] - [17/11/2012 14:47:41]
AdwCleaner[R4].txt - [5463 octets] - [17/11/2012 14:55:14]
AdwCleaner[S1].txt - [2387 octets] - [10/11/2012 15:15:19]
AdwCleaner[S2].txt - [1000 octets] - [10/11/2012 15:59:04]
########## EOF - C:\AdwCleaner[R4].txt - [5643 octets] ##########
E QUELLO DI HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:03:29, on 17/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.findeer.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{5288912E-0DEF-41DB-9BA9-EEE50C4E8FA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9D5C2A8-7DC9-4C67-82BC-6E34A407587A}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6B4EBB8-9944-48E3-97B4-E0F32BC892C0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{5288912E-0DEF-41DB-9BA9-EEE50C4E8FA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{5288912E-0DEF-41DB-9BA9-EEE50C4E8FA9}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\PAOLO\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\PAOLO\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\PAOLO\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
--
End of file - 4383 bytes