Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PLAUNCHER nel menu' avvio:controllo per favore

PLAUNCHER nel menu' avvio:controllo per favore Opzioni
Topic Precedente · Topic Sucessivo
toro051963
Inviato: Tuesday, November 27, 2012 7:55:28 PM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
ancora ciao a tutti

questa volta è il netbook.....
controllando come faccio di solito con msconfig, nel menu' avvio ho trovato PLAUNCHER (che leggo sulla rete è nocivo) ho provato a disabilitarlo ma ho paura che si riabiliti da solo, inoltre c'è una cartella PoApp in c:\utenti\pubblica\documenti pubblici\appdata;

mi conferma mio figlio che ha scaricato un programma per ritocco foto focus-magic.softonic.it
cosa conviene fare?


un grazie anticipato


allego hjt e menu avvio

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:39:22, on 27/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDFA4DC-DAEB-45C2-9907-86D0DAABF852}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3CE9C0-73BA-4405-9C02-D208375E07C9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82667ED-AF80-4A03-A2E0-0F52CC633B2F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\user\AppData\Local\PosService\Pos.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\user\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\user\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 7221 bytes




No HKCU:Run Facebook Update "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
No HKCU:Run Google Update Google Inc. "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Si HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run SUPERAntiSpyware SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Si HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run Iminent Iminent C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
No HKLM:Run IminentMessenger Iminent C:\Program Files\Iminent\Iminent.Messengers.exe /startup
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run MobileConnect Vodafone C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
Si HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Si HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Si HKLM:Run PosService PLauncher C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Si HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run SweetIM C:\Program Files\SweetIM\Messenger\SweetIM.exe
Si HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Si HKLM:Run UCam_Menu CyberLink Corp. "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
Torna in alto
 
Sponsor
Inviato: Tuesday, November 27, 2012 7:55:28 PM

 
Torna in alto
 
toro051963
Inviato: Tuesday, November 27, 2012 8:20:31 PM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
a titolo di informazione il 25\11 prima di scaricare plauncher ho fatto fatalità un punto i ripristino del sistema:

è meglio ripristinare il pc ad una situazione anteriore e tagliamo la testa al toro?

grazie
Torna in alto
 
cbbusto
Inviato: Wednesday, November 28, 2012 1:53:54 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Oltre a quello sei infetto anche da search.findeer che ha modificato la pagina iniziale di I.E. Hai anche degli indirizzi IP modificati che ti dirottano altrove.
Dal menu avvio disattiva questa voce: Si HKLM:Run PosService PLauncher C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
Reimposta Internet Explorer:
1 - Opzioni Internet.
2 - Faiclic sulla scheda Avanzate.
3 - Nella finestra di dialogo Reimposta Internet Explorer, clic su Reimposta, quindi di nuovo su Reimposta.
4 - Una volta completato il ripristino delle impostazioni predefinite di Internet Explorer, clic su Chiudi e riavvia il browser.

Poi apri HJT fixa ed elimina queste voci:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDFA4DC-DAEB-45C2-9907-86D0DAABF852}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D3CE9C0-73BA-4405-9C02-D208375E07C9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82667ED-AF80-4A03-A2E0-0F52CC633B2F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{3016B187-212F-4274-B746-92532486DBFE}: NameServer = 176.31.229.24,176.31.229.25

Poi Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.
Così dovresti essere a posto, fai sapere, ciao

P.S. col ripristino le infezioni non sempre si eliminano.
Torna in alto
 
toro051963
Inviato: Wednesday, November 28, 2012 8:38:39 AM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
ciao
come vedi il proverbio non sbaglia: 'non cè due senza tre' ed ecco il terzo pc ..........
appena a casa in serata farò quanto consigliato solo una domanda:
generalmente si usa google crome per navigare anche qui devo reimpostare la pagina iniziale?

grazie a dopo
Torna in alto
 
toro051963
Inviato: Wednesday, November 28, 2012 10:25:02 AM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
scusa una informazione in hjt ci sono le righe sotto riportate ma non hanno a che fare col fastidioso plauncher o ci pensa adwcleaner a eliminarlo?

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\user\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\user\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\user\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
Torna in alto
 
toro051963
Inviato: Wednesday, November 28, 2012 5:59:53 PM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
ciao
riepilogo le cose fatte:
ho disattivato da avvio la voce 'Si HKLM:Run PosServicHe PLauncher C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe' e riavviato come richiesto dopo modifica

ho reimpostato impostazion predifinite explorer chiuso e riaperto;

ho scollegato modem '

ho aperto hjt ho fissato le voci indicate ma
la voce 'R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com'
compariva senza =search.findeer.com alla fine ma finiva con 'start page=' e l'ho cancellata uguale

lanciato adwcleaner

al riavvio nel menu avvvio c'era di nuovo la voce
'HKLM:Run PosServicHe PLauncher C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe' attiva

ti allego log di adwcleaner, avvio, e hjt ti chiedo però conferma se devo:

n.1)
cancellare anche le righe 023

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\user\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\user\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\user\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

n.2
se devo cancellare la cartella PoApp e il suo contenuto che sta in
C:\Users\Public\Documents\AppData e nel suo interno c'e' Plauncher.exe

n.3
se devo in menu avvio 'servizi' disattivare le voci
pos service della power offer service
ser vupdate della serviceupd
software upd della seftwareupdservice

# AdwCleaner v2.009 - Logfile creato il 28/11/2012 alle 17:22:20
# Aggiornamento 24/11/2012 by Xplode
# Sistema Operativo : Windows 7 Starter Service Pack 1 (32 bits)
# Utente : user - FMAXNETBOOK
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\user\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files\BittorrentBar_IT
Cartella Eliminato : C:\Program Files\Conduit
Cartella Eliminato : C:\Program Files\Ilivid
Cartella Eliminato : C:\Program Files\Iminent
Cartella Eliminato : C:\Program Files\IMinent toolbar
Cartella Eliminato : C:\ProgramData\Iminent
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Cartella Eliminato : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\BittorrentBar_IT
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Eliminata : HKCU\Software\AppDataLow\Toolbar
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\BittorrentBar_IT
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Chiave Eliminata : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
Chiave Eliminata : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Chiave Eliminata : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\430E8DB44F0E90547A3564A7E858C48D
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\430E8DB44F0E90547A3564A7E858C48D
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Chiave Eliminata : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\sim-packages
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Chiave Eliminata : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Chiave Eliminata : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2849853
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{108314BD-283E-4D4E-A7F1-A091B7F9F157}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EED73AD-0B42-4411-98C3-A406BE4F2814}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B40B400D-8081-429D-8C6F-8170D5122628}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BittorrentBar_IT Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1D03A978-AC0C-4004-B9FD-9CF361C7BD3F}]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registro Pulito.

-\\ Google Chrome v23.0.1271.64

*************************

AdwCleaner[S1].txt - [12599 octets] - [28/11/2012 17:22:20]

########## EOF - C:\AdwCleaner[S1].txt - [12660 octets] ##########


nuovo log hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:30:29, on 28/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Windows\system32\igfxext.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\user\AppData\Local\PosService\Pos.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\user\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\user\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 6798 bytes


nuovo log avvio

No HKCU:Run Facebook Update "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
No HKCU:Run Google Update Google Inc. "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Si HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run SUPERAntiSpyware SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Si HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run Iminent C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
No HKLM:Run IminentMessenger C:\Program Files\Iminent\Iminent.Messengers.exe /startup
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run MobileConnect Vodafone C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
Si HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Si HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Si HKLM:Run PosService PLauncher C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Si HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Si HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Si HKLM:Run UCam_Menu CyberLink Corp. "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"


grazie attendo notizie
Torna in alto
 
cbbusto
Inviato: Thursday, November 29, 2012 1:06:34 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora eccomi, rispondo alle tue domande.
Se usi Chrome devi reimpostare anche li la pagina iniziale.

n.1) Le voci 023 sono legate a PowerOffer che genera anche Plauncher e search findeer, solitamente anche fixandole non si eliminano, fai così: vai in pannello di controllo eliminazione programmi, cerca PowerOffer e lo disinstalli, dopo la disinstallazione, il servizio Serv Updater rimane, quindi vai nel Pannello di controllo - Strumenti amministrazione - Servizi e modifica il suo Tipo di avvio in Disabilitato.
Il servizio Pos Service dovrebbe essere già scomparso durante la disinstallazione dell'applicativo PowerOffer. Se per caso fosse ancora presente, disabilita l'avvio anche di questo servizio.

n.2) cancella la cartella PoApp e tutto il suo contenuto.

n.3) Si in menu avvio 'servizi' disattiva le voci
pos service della power offer service
ser vupdate della serviceupd
software upd della seftwareupdservice

Poi Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (file missing)
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

Fai una pulizia con Ccleaner compreso il registro, se il pc va bene abbiamo finito, fai sapere. Ciao
Torna in alto
 
toro051963
Inviato: Thursday, November 29, 2012 9:29:58 PM

Rank: AiutAmico

Iscritto dal : 2/25/2008
Posts: 453
ciao
fatto come da programma
plauncher è debellato
allego log hjt e avvio (tra i servizi disattivate le voci incriminate)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:55:13, on 29/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 5574 bytes


No HKCU:Run Facebook Update "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
No HKCU:Run Google Update Google Inc. "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
No HKCU:Run SUPERAntiSpyware SUPERAntiSpyware.com C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
No HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Si HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run Iminent C:\Program Files\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
No HKLM:Run IminentMessenger C:\Program Files\Iminent\Iminent.Messengers.exe /startup
No HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
No HKLM:Run MobileConnect Vodafone C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
Si HKLM:Run MSC Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Si HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run PosService C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
No HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Si HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Si HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Si HKLM:Run UCam_Menu CyberLink Corp. "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"


grazie di tutto
Torna in alto
 
cbbusto
Inviato: Thursday, November 29, 2012 9:54:54 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il log è perfetto tutto OK.
Visto che il pc è perfettamente funzionante ti consiglio di fare l'immagine del Sistema così in caso di ulteriori problemi, senza dannarsi fai il ripristino e tutto ritorna perfettamente funzionante, se fai delle modifiche o aggiungi sw rifai l'immagine per averla sempre aggiornata, ti consiglio però di mantenere la prima perchè è quella col PC a posto. QUI la guida di alfonso.
Un saluto e buon lavoro. Speak to the hand
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PLAUNCHER nel menu' avvio:controllo per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.