Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Search Settings toolbar - Delta toolbar Opzioni
animactor
Inviato: Wednesday, February 13, 2013 6:36:03 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Salve a tutti!

Mi chiamo animactor e sono nuovo del forum

Stamane ho scaricato un file e subito dopo mi sono comparse due cose

La prima un antivirus farlocco ci cui non ricordo il nome ma che credo di aver debellato, poi , in basso a dx ogni tanto mi appare una finestrella con scritto Search setting toolbar notification e non mi fa più aprire mozilla firefox. Fa inoltre riferimento a tale delta tool bar che io non so nemmeno cosa sia. Vorrei sapere se qualcuno di voi sa aiutarmi a risolvere questo problema.

Ho provato a usare, come già suggerito da un vostro utente, il programma hijack this e a seguito della sua scansione mi ha fatto comparire questo testo:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:19, on 13/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\schtasks.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119532&babsrc=HP_ss&mntrId=1061ddef0000000000000026c7cb9523
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: Browse2save - {C686BD11-CC46-B782-5BCD-1031B26C7B74} - C:\ProgramData\Browse2save\511b69a8886a8.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll


Mi è parso di capire che da questo si possa intuire quali file io debba eliminare. E' corretto?

Fatemi sapere al più presto perfavore

Sono disperato!

Grazie....

Sponsor
Inviato: Wednesday, February 13, 2013 6:36:03 PM

 
r16
Inviato: Wednesday, February 13, 2013 6:42:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log non è completo.
In ogni caso fai questa scansione:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (non veloce)
Elimina gli eventuali file infetti trovati.
Posta il log.
animactor
Inviato: Wednesday, February 13, 2013 7:19:13 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
r16 ha scritto:
Ciao.
Il log non è completo.
In ogni caso fai questa scansione:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (non veloce)
Elimina gli eventuali file infetti trovati.
Posta il log.


Cosa intendi per LOG non completo? cosa manca? Ho copiato praticamente tutto il file di testo....

Fammi sapere, ok?

Intanto io eseguirò una altra scansione con malawarebytes

Ti ringrazio della celere risposta.

A presto!
animactor
Inviato: Wednesday, February 13, 2013 7:38:54 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Scusami.

Avevi ragione

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:19, on 13/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe
C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\schtasks.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119532&babsrc=HP_ss&mntrId=1061ddef0000000000000026c7cb9523
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
O2 - BHO: Browse2save - {C686BD11-CC46-B782-5BCD-1031B26C7B74} - C:\ProgramData\Browse2save\511b69a8886a8.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpSC - SoftwareUpdService - C:\Users\Administrator\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Ssro Service (SsroService) - SsroService - C:\Users\Administrator\AppData\Local\ServiceManager\ssro.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Users\Administrator\AppData\Local\ssupd\ssupd.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16339 bytes

Ora dovrebbe essere completo!

Fammi sapere,ok? Tu e chiunquea abbia una risposta per aiutarmi

Vi ringrazio di cuore!
r16
Inviato: Wednesday, February 13, 2013 9:42:40 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Dopo aver eliminato le infezioni trovate da Malwarebytes e postato il log segui queste indicazioni:

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Dai una pulita (registro compreso)con CCleaner: http://www.aiutamici.com/software?ID=11223
Nella schermata iniziale di CCleaner, clicca su Opzioni e poi Avanzate, togli il segno di spunta a: Cancella i file in Windows Temp solo se più vecchi di 48 ore. (poi esegui le pulizie)

Per ultimo:
Scarica Combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obbligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista o Seven: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali, e prosegui con la scansione.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.

Per postare i log:
Collegati ad internet e vai alla pagina WikiSend:
http://www.wikisend.com/
Clicca sul bottone "Sfoglia"
Seleziona il file appena salvato
Clicca su Upload file
Dopo qualche secondo, vieni spostato su una nuova pagina con il link in diversi formati:
Download Link / Forum Link
Seleziona Forum Link, copialo e incollalo in un nuovo messaggio per il forum.
animactor
Inviato: Wednesday, February 13, 2013 10:49:43 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
ho fatto due scansioni con malaware e spyware terminator ma non ha trovato nulla

ecco cmq il log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:45:35, on 13/02/2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17153)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Users\Public\Documents\Application\CurrentFile\ssadp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browse2save - {C686BD11-CC46-B782-5BCD-1031B26C7B74} - C:\ProgramData\Browse2save\511b69a8886a8.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files (x86)\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SsroService] C:\Users\Public\Documents\Application\CurrentFile\ssadl.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll c:\progra~2\search~1\datamngr\datamngr.dll c:\progra~2\search~1\datamngr\iebho.dll c:\progra~2\wi3c8a~1\datamngr\datamngr.dll c:\progra~2\wi3c8a~1\datamngr\iebho.dll c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpSC - SoftwareUpdService - C:\Users\Administrator\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe
O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files (x86)\System Control Manager\MSIService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Ssro Service (SsroService) - SsroService - C:\Users\Administrator\AppData\Local\ServiceManager\ssro.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Users\Administrator\AppData\Local\ssupd\ssupd.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14350 bytes

blackmanba
Inviato: Wednesday, February 13, 2013 10:58:30 PM

Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 810
Ciao a tutti
GRAZIE r16 con i tuoi consigli ho risoltoApplause cercavo pure io un modo per rimuovere delta search ma nonostante avessi provato tutto quello che ho trovato in rete, e non voledo aprire una nuova discussione su un problema forse già discusso ma del quale non trovavo traccia nel forum, il maledetto si ripresentava in modo subdolo, mi spiego :
eliminandolo o così credevo perchè la pagina iniziale era tornata quella giusta, in gestione motori di ricerca non mi compariva più, malawarebytes non trovava niente per avast era tutto a posto..................ma se ero su un sito ed aprivo un'altra scheda e andavo sulla pagina iniziale ECCOLO il MALEDETTO delta search, ho risolto con adwcleaner cancellando quello che ha trovato e sorbendomi la ramanzinaAnxious poi ho eseguto la scansione con hijack e postando il log quì ed ho eliminato quello che mi è stato consigliato ed ora tutto ok
ciao e grazie
animactor hai risolto anche tu vero?
animactor
Inviato: Wednesday, February 13, 2013 11:01:41 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
non ancora! Ho appena finito di fare la scansione con ADWCleaner e mi sono sorbito pure io la ramanza( giustamente). Ora seguo il resto dei processi e vedo di risolvere

Dopo la scansione con ADWCleaner il log è stato questo ( devo postarlo qui, giusto?)

# AdwCleaner v2.112 - Logfile creato il 13/02/2013 alle 22:50:53
# Aggiornamento 10/02/2013 by Xplode
# Sistema Operativo : Windows 7 Home Premium (64 bits)
# Utente : Administrator - JOHANNES
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Administrator\Downloads\adwcleaner0 (1).exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\Ask.com
Cartella Eliminato : C:\Program Files (x86)\DealPly
Cartella Eliminato : C:\Program Files (x86)\Ilivid
Cartella Eliminato : C:\Program Files (x86)\Windows iLivid Toolbar
Cartella Eliminato : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\Babylon
Cartella Eliminato : C:\ProgramData\boost_interprocess
Cartella Eliminato : C:\ProgramData\Browse2save
Cartella Eliminato : C:\ProgramData\InstallMate
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Cartella Eliminato : C:\ProgramData\RightClick
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Cartella Eliminato : C:\Users\Administrator\AppData\LocalLow\ilividtoolbarguid
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Babylon
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\DealPly
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\511b69a888517@511b69a888550.com
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\ffxtlbr@babylon.com
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\toolbar@ask.com
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\ilividtoolbarguid
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\OfferBox
Cartella Eliminato : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Eliminato al riavvio : C:\Program Files (x86)\Searchqu Toolbar
Eliminato al riavvio : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Eliminato : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
File Eliminato : C:\user.js
File Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\searchplugins\delta.xml
File Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\searchplugins\Search_Results.xml
File Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\searchplugins\WebSearch.xml
File Eliminato : C:\Users\Public\Desktop\iLivid.lnk

***** [Registro] *****

Chiave Eliminata : HKCU\Software\1ClickDownload
Chiave Eliminata : HKCU\Software\APN
Chiave Eliminata : HKCU\Software\APN DTX
Chiave Eliminata : HKCU\Software\AppDataLow\Software\AskToolbar
Chiave Eliminata : HKCU\Software\AppDataLow\SProtector
Chiave Eliminata : HKCU\Software\Ask.com
Chiave Eliminata : HKCU\Software\ChatZum Toolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr
Chiave Eliminata : HKCU\Software\DataMngr_Toolbar
Chiave Eliminata : HKCU\Software\DealPly
Chiave Eliminata : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chiave Eliminata : HKCU\Software\ilivid
Chiave Eliminata : HKCU\Software\ilividtoolbarguid
Chiave Eliminata : HKCU\Software\InstallCore
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chiave Eliminata : HKCU\Software\Offerbox
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\5a6d8d8e068b917
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminata : HKLM\Software\APN
Chiave Eliminata : HKLM\Software\AskToolbar
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\Bandoo
Chiave Eliminata : HKLM\Software\ChatZum Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Chiave Eliminata : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\ilivid
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Chiave Eliminata : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Chiave Eliminata : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Chiave Eliminata : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\Software\DealPly
Chiave Eliminata : HKLM\Software\ilivid
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminata : HKLM\Software\Offerbox
Chiave Eliminata : HKLM\Software\SearchquSRTB
Chiave Eliminata : HKLM\Software\SP Global
Chiave Eliminata : HKLM\Software\SProtector
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\5a6d8d8e068b917
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C686BD11-CC46-B782-5BCD-1031B26C7B74}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C686BD11-CC46-B782-5BCD-1031B26C7B74}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Chiave Eliminata : HKLM\SOFTWARE\DataMngr
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Tarma Installer
Dato Eliminata : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Dato Eliminata : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Dato Eliminata : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Dato Eliminata : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\search~1\datamngr\datamngr.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\search~1\datamngr\iebho.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websea~1\sprote~1.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wi3c8a~1\datamngr\datamngr.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\wi3c8a~1\datamngr\iebho.dll
Dato Eliminata : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll
Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Browser Internet] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Registro Pulito.

-\\ Mozilla Firefox v18.0.2 (it)

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\prefs.js

C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ega1vnpe.default\user.js ... Eliminato !

Eliminata : user_pref("aol_toolbar.default.homepage.check", false);
Eliminata : user_pref("aol_toolbar.default.search.check", false);
Eliminata : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Eliminata : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=34&r=2013/02/13&hid=[...]
Eliminata : user_pref("browser.search.selectedEngine,S", "WebSearch");
Eliminata : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Eliminata : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", true);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119532&babsrc[...]
Eliminata : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?AF=100478&babsrc=a[...]
Eliminata : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Eliminata : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [21704 octets] - [13/02/2013 22:50:53]

########## EOF - C:\AdwCleaner[S1].txt - [21765 octets] ##########
blackmanba
Inviato: Wednesday, February 13, 2013 11:08:29 PM

Rank: AiutAmico

Iscritto dal : 1/5/2011
Posts: 810
ciao animactor
o aspetti gli ottimi consigli di r16 o clicchi dove io ho scritto "quì" verrai reindirazzato sulla pagina di hij copia ed incolla il log a clicca su analizza e vedi il risultato
ciao
animactor
Inviato: Thursday, February 14, 2013 12:06:06 AM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Grazie ad entrambi per i vostri consigli. Sembra che ora sia tutto risolto! Dovessero esserci altri problemi vi ricontatterò.

Grazie ancora di tutto!
r16
Inviato: Thursday, February 14, 2013 6:42:51 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Dovevi postare il log di Combofix in questo topic, non aprendone un'altro.
Inoltre non credo che il problema sia risolto.
Se vuoi, fai questa scansione:
Scarica RougeKiller sul desktop.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita la pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, clicca su "Report" troverai il log sul desktop.
Postalo qui.

@blackmanba:
Contento che tu abbia risolto. Angel

animactor
Inviato: Thursday, February 14, 2013 7:17:13 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
r16 ha scritto:
Ciao.
Dovevi postare il log di Combofix in questo topic, non aprendone un'altro.
Inoltre non credo che il problema sia risolto.
Se vuoi, fai questa scansione:
Scarica RougeKiller sul desktop.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
Chiudi tutti i programmi in esecuzione.
Avvia RogueKiller.exe.
Il tool farà una pre-scansione in automatico.
Finita la pre-scansione,si apre una finestra: clicca su " Accept".
Adesso clicca su "Scan".
Finita la scansione, clicca su "Report" troverai il log sul desktop.
Postalo qui.

@blackmanba:
Contento che tu abbia risolto. Angel



Scusami R16. Avevo capito di dover postare il topic seguendo le istruzioni di Wikisend. Quindi, devo postare il file che mi è uscito da combofix o il testo del file che mi è uscito da combofix? DEvo poi postarlo allora in questa discussione?

Cmq penso di aver risolto perchè da ieri sera non ho problemi ad accedere ad internet, non compare più la finestra di search settings e Mozilla mi si apre sempre alla pagina che io aveo prestabilito. Un pò più lento in realtà, ma cmq mi si apre...

Se dici che questo non è rilevante, fammi sapere come procedere...

Grazie.
r16
Inviato: Thursday, February 14, 2013 7:26:38 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Commenta:
non compare più la finestra di search settings

Non è quello il problema.
Il vero problema è che il pc è stato infettato da un Rouge (System Check) che non è stato eliminato completamente.
Search Settings, è solo uno specchietto per far nascondere meglio un'altra infezione ben più importante:
Il Rouge System Check
E si devono fare le oppotune verifiche.
Non è che mi diverto a farti scaricare software a vanvera.
animactor
Inviato: Thursday, February 14, 2013 7:33:18 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
r16 ha scritto:
Commenta:
non compare più la finestra di search settings

Non è quello il problema.
Il vero problema è che il pc è stato infettato da un Rouge (System Check) che non è stato eliminato completamente.
Search Settings, è solo uno specchietto per far nascondere meglio un'altra infezione ben più importante:
Il Rouge System Check
E si devono fare le oppotune verifiche.
Non è che mi diverto a farti scaricare software a vanvera.


Non sto dicendo questo! Lungi da me. Ti dicevo come erano le cose. Se il problema non è quello si faranno le dovute ricerche. Ora scarico il sofware....

Ma per quel che riguarda combofix? che devo fare?....
animactor
Inviato: Thursday, February 14, 2013 8:06:22 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Ecco R16

Il repost della scansione con rougekiller

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 02/14/2013 20:07:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 18 ¤¤¤
[TASK][SUSP PATH] DealPly : C:\Users\ADMINI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check [x] -> Trovato
[TASK][SUSP PATH] VisualBeeRecovery : C:\Users\Administrator\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [7] -> Trovato
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Trovato
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> Trovato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> Trovato
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Trovato
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Trovato

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] ba8660aeb50ab6fb334dd8c1a34d827b
[BSP] 4f140eab09ff2e352da82af89003fb6e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276883 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598720870 | Size: 184594 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02142013_02d2007.txt >>
RKreport[1]_S_02142013_02d2007.txt

Fammi sapere cosa devo fare adesso, perfavore.

Grazie!



r16
Inviato: Thursday, February 14, 2013 9:05:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Rifai la scansione con RogueKiller.
Al termine della scansione clicca su "Delete".
Quando ha finito clicca su "Report".
Postalo qui.

Poi:
Scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta : minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.
animactor
Inviato: Thursday, February 14, 2013 10:56:02 PM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Fatta scansione con rogue killer

Eliminati i file ed ecco il REPORT:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 02/14/2013 22:57:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[TASK][SUSP PATH] DealPly : C:\Users\ADMINI~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE /Check [x] -> Cancellato
[TASK][SUSP PATH] VisualBeeRecovery : C:\Users\Administrator\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [7] -> Cancellato
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> Cancellato
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> Sostituito (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> Sostituito (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Sostituito (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Sostituito (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> Sostituito (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> Sostituito (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> Sostituito (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] ba8660aeb50ab6fb334dd8c1a34d827b
[BSP] 4f140eab09ff2e352da82af89003fb6e : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 276883 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598720870 | Size: 184594 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_02142013_02d2257.txt >>
RKreport[1]_S_02142013_02d2007.txt ; RKreport[2]_S_02142013_02d2255.txt ; RKreport[3]_D_02142013_02d2257.txt



Procedo a scaricamento e scansione con OTL
animactor
Inviato: Friday, February 15, 2013 12:06:35 AM
Rank: AiutAmico

Iscritto dal : 2/13/2013
Posts: 52
Finita la scansione con OTL

Postato i link su wikisend ed ecco i rispettivi Link

Con OTL.txt

OTL.Txt

Con Extras.txt

Extras.Txt

ho fatto giusto?

Ora cosa devo fare?

Grazie
r16
Inviato: Friday, February 15, 2013 5:46:23 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:


Code:
:OTL
PRC - C:\Users\Administrator\Downloads\RogueKiller.exe
SRV - (LiveUpSC) -- C:\Users\Administrator\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (SsupdService) -- C:\Users\Administrator\AppData\Local\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Users\Administrator\AppData\Local\ServiceManager\ssro.exe (SsroService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-166822519-1469985362-3066766102-500\..\SearchScopes\{07A51572-F0A0-419C-846D-A04DD8C5AC0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=it_IT&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^IT&apn_uid=6FAC17CE-E077-400E-BDFD-89945F17F01E&apn_sauid=B76EAECA-8314-4F19-BA32-E72C91DECFBE
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2013/02/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ssupd
[2013/02/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\sshelper
[2013/02/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ServiceManager
[2013/02/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Application
[2013/02/13 10:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSearch
[2013/02/13 10:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A1EDB939
@Alternate Data Stream - 1117 bytes -> C:\ProgramData\Microsoft:2cqtiHEDdLSVUEo7TP
@Alternate Data Stream - 1106 bytes -> C:\Users\Administrator\AppData\Local\temp:2o4bTGfnz4mUvqoBDqhZ8B
@Alternate Data Stream - 1090 bytes -> C:\ProgramData\Microsoft:P15vRnc4iY4Eq9lmn26DaGnz
@Alternate Data Stream - 1028 bytes -> C:\ProgramData\Microsoft:6yACfWZACs4ILWdai6ua7EInRn

:Files
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

Posta il log con Wikisend.
Siamo (spero) quasi alla fine.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.