Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi si blocca inspiegabilmente il pc

Mi si blocca inspiegabilmente il pc Opzioni
Topic Precedente · Topic Sucessivo
Misonsan
Inviato: Monday, April 20, 2015 9:55:23 PM
Rank: AiutAmico

Iscritto dal : 7/8/2007
Posts: 77
Ho appena acquistato un nuovo pc.
Ho come S.O. Windows 7 Professional 64 bit
Ho subito installato antivirus Avast e Spybot.
Mi capita spesso che inspiegabilmente il pc si blocca.
H fatto una scansione sia con avast che con Spybot, ma non rileva nulla.
Posso eseguire qualche scansione più approfondita per verificare se a bordo ho qualche "Clandestino" ?
Grazie

Moreno
Torna in alto
 
Sponsor
Inviato: Monday, April 20, 2015 9:55:23 PM

 
Torna in alto
 
cbbusto
Inviato: Monday, April 20, 2015 10:51:49 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In un PC nuovo non dovrebbe succedere, il pc si blocca e cosa succede? non puoi più proseguire, non riesci a navigare,
lo devi spegnere.
Potrebbero esserci infezioni ma potrebbe esserci qualche problema hardware.
Scansioni utili per la ricerca di infezioni e per eliminare adware e dirottatori sono le seguenti:

Scarica ed installa MalwareBytes: clicca qui per il download: http://it.malwarebytes.org/
Clicca su: scarica la versione Gratuita alla sinistra, nella finestra che appare clic su Salva file,
poi per installarlo clic su: mbam-setup.exe
Alla fine dell'installazione nell’ultima schermata deseleziona la voce Attiva la prova gratuita di Malwarebytes Anti-Malware Pro.
Se il sw è in inglese, vai nella scheda Settings e seleziona la voce Italian dal menu a tendina Language per tradurre il programma in italiano.
Prima di fare la scansione AGGIORNALO. (è molto importante)
Poi clic su SCANSIONE seleziona la voce scansione di minaccia
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Per il download cliccare alla destra su: Download now
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Scarica Junkware Removal Tool sul desktop.
http://download.html.it/software/junkware-removal-tool/?utm_source%20651
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.

Fai sapere, ciao
Torna in alto
 
ciocca956
Inviato: Tuesday, April 21, 2015 8:14:26 AM
Rank: AiutAmico

Iscritto dal : 1/5/2012
Posts: 4,102
Trattandosi di un PC nuovo (con installato seven nuovo è un eufemismo; meglio dire mai usato) non è che avesse preinstallato anche un Antivirus come spesso avviene e che Avast abbia creato un conflitto?
Prova a disinstallare Avast e vedi cosa succede.

La disinstallazione di Avast va fatta col suo disinstallatore in modalità provvisoria.

https://www.avast.com/it-it/uninstall-utility

Scegli l'ultima versione di avastclear exe che sicuramente va bene anche per la tua versione.
Dopo la disinstallazione pulisci con CCleaner compreso il registro.
Torna in alto
 
Misonsan
Inviato: Tuesday, April 21, 2015 9:43:00 PM
Rank: AiutAmico

Iscritto dal : 7/8/2007
Posts: 77
Ciao CBBusto e Ciocca956

Grazie per il vostro contributo.
Non mi ero accorto, ma sul pc c'era ( e c'è ancora) un antivirus: Trend Micro Officescan Client
Io avevo installato Avast e forse la presenza contemporanea dei dui antivisrus creava un potenziale (direi Effettivo) conflitto.

Relativamente alle domande di Cbbusto per identificare il tipo di malfunzionamento, segnalo che il problema era il seguente:
Il pc dopo circa 20-25 minuyti dall'accensione si bloccava in maniera brutale impedendo sia la navigazione in internet che sulle cartelle,
non sentiva nemmeno ctr-alt-canc e nemmeno il pulsante windows e quindi ero costretto a spegnere brutalmente il pc.


Grazie al contributo do Ciocca956 ho provveduto a disistallare Avast e la situazione è di molto migliorata.

Ho eseguito le attività che Cbbusto mi ha consigliato e riporto qui sotto i log.

Eseguendo MalwareBytes il programma ha rilevato diversi file che sono stati cancellati come da istruzioni, ma non ho rilevato la creazione di nessun log.

Ho eseguito anche gli altri programmi consigliati e riporto i log prodotti.

------------------- Esecuzione di AdwCleaner --------------------------------- Data 19/04/2015 -------------- File [R0]

# AdwCleaner v4.201 - Creato file registro eventi 19/04/2015 in 08:46:56
# Aggiornato 08/04/2015 da Xplode
# Database : 2015-04-18.3 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Administrator - FHDTY-PC
# In esecuzione da : C:\Users\Administrator\Downloads\adwcleaner_4.201.exe
# Opzione : Analisi

***** [ Servizi ] *****

Servizio Trovato : ClaraUpdater
Servizio Trovato : IHProtect Service
Servizio Trovato : Orbiter
Servizio Trovato : WindowsMangerProtect

***** [ File / Cartelle ] *****

Cartella Trovato : C:\Program Files (x86)\Common Files\ClaraUpdater
Cartella Trovato : C:\Program Files (x86)\ORBTR
Cartella Trovato : C:\Program Files (x86)\SearchProtect
Cartella Trovato : C:\Users\Administrator\AppData\Local\UnicoBrowser
Cartella Trovato : C:\Users\Administrator\AppData\Roaming\Store
File Trovato : C:\Users\Administrator\AppData\Roaming\Bubble Dock.boostrap.log
File Trovato : C:\Users\Administrator\AppData\Roaming\Bubble Dock.installation.log
File Trovato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v5yjk77f.default\searchplugins\webssearches.xml
File Trovato : C:\Users\Administrator\AppData\Roaming\Selection Tools.installation.log
File Trovato : C:\Users\Administrator\AppData\Roaming\WindApp.boostrap.log
File Trovato : C:\Users\Administrator\AppData\Roaming\WindApp.installation.log
File Trovato : C:\Users\Administrator\Desktop\Facebook.lnk
File Trovato : C:\Users\Administrator\Desktop\Unico Browser.lnk
File Trovato : C:\Users\Administrator\Desktop\Youtube.lnk

***** [ Attività pianificate ] *****

Attività Trovato : Run_Browser

***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Trovato : HKCU\Software\Appscion
Chiave Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
Chiave Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnicoBrowser
Chiave Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
Chiave Trovato : HKCU\Software\Mozilla\Extends
Chiave Trovato : HKCU\Software\Nosibay
Chiave Trovato : HKCU\Software\Store
Chiave Trovato : HKCU\Software\UnicoBrowser
Chiave Trovato : HKCU\Software\WajIEnhance
Chiave Trovato : HKCU\Software\WTools
Chiave Trovato : [x64] HKCU\Software\Appscion
Chiave Trovato : [x64] HKCU\Software\Nosibay
Chiave Trovato : [x64] HKCU\Software\Store
Chiave Trovato : [x64] HKCU\Software\UnicoBrowser
Chiave Trovato : [x64] HKCU\Software\WajIEnhance
Chiave Trovato : [x64] HKCU\Software\WTools
Chiave Trovato : HKLM\SOFTWARE\Clara
Chiave Trovato : HKLM\SOFTWARE\IHProtect
Chiave Trovato : HKLM\SOFTWARE\istartsurfSoftware
Chiave Trovato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Chiave Trovato : HKLM\SOFTWARE\ORBTR
Chiave Trovato : HKLM\SOFTWARE\SupDp
Chiave Trovato : HKLM\SOFTWARE\SupTab
Chiave Trovato : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Trovato : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728

Impostazioni Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5&q={searchTerms}
Impostazioni Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5&q={searchTerms}
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5&q={searchTerms}
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5
Impostazioni Trovato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1429388869&from=pcs&uid=ST3500418AS_5VMQWXF5XXXX5VMQWXF5&q={searchTerms}

-\\ Mozilla Firefox v37.0.1 (x86 it)

[v5yjk77f.default] - Linea Trovato : user_pref("extensions.quick_start.enable_search1", false);
[v5yjk77f.default] - Linea Trovato : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [4840 byte] - [19/04/2015 08:46:56]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4898 byte] ##########



------------------- Esecuzione di AdwCleaner --------------------------------- Data 19/04/2015 -------------- File [S0]
# AdwCleaner v4.201 - Creato file registro eventi 19/04/2015 in 08:51:00
# Aggiornato 08/04/2015 da Xplode
# Database : 2015-04-18.3 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Administrator - FHDTY-PC
# In esecuzione da : C:\Users\Administrator\Downloads\adwcleaner_4.201.exe
# Opzione : Pulizia

***** [ Servizi ] *****

[#] Servizio Eliminato : ClaraUpdater
[#] Servizio Eliminato : IHProtect Service
[#] Servizio Eliminato : Orbiter
[#] Servizio Eliminato : WindowsMangerProtect

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Program Files (x86)\SearchProtect
Cartella Eliminato : C:\Program Files (x86)\ORBTR
Cartella Eliminato : C:\Program Files (x86)\Common Files\ClaraUpdater
[!] Cartella Eliminato : C:\Users\Administrator\AppData\Local\UnicoBrowser
Cartella Eliminato : C:\Users\Administrator\AppData\Roaming\Store
File Eliminato : C:\Users\Administrator\AppData\Roaming\Bubble Dock.boostrap.log
File Eliminato : C:\Users\Administrator\AppData\Roaming\Bubble Dock.installation.log
File Eliminato : C:\Users\Administrator\AppData\Roaming\Selection Tools.installation.log
File Eliminato : C:\Users\Administrator\AppData\Roaming\WindApp.boostrap.log
File Eliminato : C:\Users\Administrator\AppData\Roaming\WindApp.installation.log
File Eliminato : C:\Users\Administrator\Desktop\Facebook.lnk
File Eliminato : C:\Users\Administrator\Desktop\Youtube.lnk
File Eliminato : C:\Users\Administrator\Desktop\Unico Browser.lnk
File Eliminato : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v5yjk77f.default\searchplugins\webssearches.xml

***** [ Attività pianificate ] *****

Attività Eliminato : Run_Browser

***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Eliminato : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chiave Eliminato : HKCU\Software\Mozilla\Extends
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminato : HKCU\Software\Nosibay
Chiave Eliminato : HKCU\Software\Store
Chiave Eliminato : HKCU\Software\WajIEnhance
Chiave Eliminato : HKCU\Software\WTools
Chiave Eliminato : HKCU\Software\Appscion
Chiave Eliminato : HKCU\Software\UnicoBrowser
Chiave Eliminato : HKLM\SOFTWARE\istartsurfSoftware
Chiave Eliminato : HKLM\SOFTWARE\SupDp
Chiave Eliminato : HKLM\SOFTWARE\SupTab
Chiave Eliminato : HKLM\SOFTWARE\Clara
Chiave Eliminato : HKLM\SOFTWARE\ORBTR
Chiave Eliminato : HKLM\SOFTWARE\IHProtect
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
Chiave Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnicoBrowser
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728

Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Impostazioni Ripristinato : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v37.0.1 (x86 it)

[v5yjk77f.default\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.enable_search1", false);
[v5yjk77f.default\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [5028 byte] - [19/04/2015 08:46:56]
AdwCleaner[S0].txt - [4129 byte] - [19/04/2015 08:51:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4187 byte] ##########


------------------- Esecuzione di AdwCleaner --------------------------------- Data 21/04/2015 -------------- File [R1]

# AdwCleaner v4.201 - Creato file registro eventi 21/04/2015 in 20:38:05
# Aggiornato 08/04/2015 da Xplode
# Database : 2015-04-20.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Administrator - FHDTY-PC
# In esecuzione da : C:\Users\Administrator\Downloads\adwcleaner_4.201.exe
# Opzione : Analisi

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****


***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 it)


*************************

AdwCleaner[R0].txt - [5028 byte] - [19/04/2015 08:46:56]
AdwCleaner[R1].txt - [729 byte] - [21/04/2015 20:38:05]
AdwCleaner[S0].txt - [4294 byte] - [19/04/2015 08:51:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [844 byte] ##########


------------------- Esecuzione di AdwCleaner --------------------------------- Data 21/04/2015 -------------- File [S1]


# AdwCleaner v4.201 - Creato file registro eventi 21/04/2015 in 20:42:32
# Aggiornato 08/04/2015 da Xplode
# Database : 2015-04-20.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Administrator - FHDTY-PC
# In esecuzione da : C:\Users\Administrator\Downloads\adwcleaner_4.201.exe
# Opzione : Pulizia

***** [ Servizi ] *****


***** [ File / Cartelle ] *****


***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****


***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 it)


*************************

AdwCleaner[R0].txt - [5028 byte] - [19/04/2015 08:46:56]
AdwCleaner[R1].txt - [921 byte] - [21/04/2015 20:38:05]
AdwCleaner[S0].txt - [4294 byte] - [19/04/2015 08:51:00]
AdwCleaner[S1].txt - [844 byte] - [21/04/2015 20:42:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [901 byte] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 7 Professional x64
Ran by Administrator on 21/04/2015 at 21:00:41,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/04/2015 at 21:03:04,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ho provato arieseguire MalwareBytes, ma dopo una decina di minuti si è bloccata la scansione (non il pc!!) e quindi non riesco a riproporre nulla a tal riguardo.

Spero ci siano gli elementi minimali per poter capire il problema.
La sensazione che ho comunque che il pc sia migliorato molto.
Se devo fare altre elaborazione, resto a disposizione.
ciao


Moreno

Torna in alto
 
Misonsan
Inviato: Tuesday, April 21, 2015 9:59:12 PM
Rank: AiutAmico

Iscritto dal : 7/8/2007
Posts: 77
scusate ragazzi, ma sono riuscito a recuperare i file di log di MalwareByres

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2015/04/21 19:47:58 +0200</date>

<logfile>mbam-log-2015-04-21 (19-47-52).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.01.4.1018</version>

<malware-database>v2015.04.21.05</malware-database>

<rootkit-database>v2015.04.20.01</rootkit-database>

<license>free</license>

<file-protection>disabled</file-protection>

<web-protection>disabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<osversion>Windows 7 Service Pack 1</osversion>

<arch>x64</arch>

<username>Administrator</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>409552</objects>

<time>1527</time>

<processes>0</processes>

<modules>0</modules>

<keys>3</keys>

<values>2</values>

<datas>0</datas>

<folders>13</folders>

<files>43</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\Unico Browser.A5KT47MUO74BPHYYBI2CJH37UQ</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>b782ff70206a4ceaf3bb289b16ed6799</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\Unico Browser.A5KT47MUO74BPHYYBI2CJH37UQ</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>a297bcb3701a66d0dcd24380dc270cf4</hash>

</key>


-<key>

<path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\unicobrowser.exe</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>9e9b046b9af083b3c0ef675ce320629e</hash>

</key>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path>

<valuename>quick_searchff@gmail.com</valuename>

<vendor>PUP.Optional.QuickSearch.A</vendor>

<action>success</action>

<valuedata>C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v5yjk77f.default\extensions\quick_searchff@gmail.com</valuedata>

<hash>b5841b54305aac8a3fb2b010b74c58a8</hash>

</value>


-<value>

<path>HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS</path>

<valuename>sweetsearch@gmail.com</valuename>

<vendor>PUP.Optional.SweetSearch.A</vendor>

<action>success</action>

<valuedata>C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\v5yjk77f.default\extensions\sweetsearch@gmail.com</valuedata>

<hash>3efb07686e1cc86e4da5596759aad52b</hash>

</value>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13\Locales</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Cache</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Rules</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension State</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\gfmdmibgfbecppaeocifplgmepgcpcbi</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<folder>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Storage</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</folder>


-<file>

<path>C:\claraInstaller.txt</path>

<vendor>PUP.Optional.Clara.A</vendor>

<action>success</action>

<hash>c277b0bf7713ea4cded7368df013ba46</hash>

</file>


-<file>

<path>C:\Windows\System32\Tasks\Selection Tools Update</path>

<vendor>PUP.Optional.SelectionTools.A</vendor>

<action>success</action>

<hash>2b0e432c88029b9b1841c40eb053b749</hash>

</file>


-<file>

<path>C:\Windows\System32\Tasks\WindApp Update</path>

<vendor>PUP.Optional.Nosibay.A</vendor>

<action>success</action>

<hash>a2971659a9e15cda1522885ef31036ca</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13\chrome_100_percent.pak</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13\icudtl.dat</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13\resources.pak</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\Application\39.0.2132.13\Locales\it.pak</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\lockfile</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Cookies</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Cookies-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Cookies</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Cookies-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Favicons</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Favicons-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\History</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\History-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Origin Bound Certs</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Origin Bound Certs-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Shortcuts</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Shortcuts-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Top Sites</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Top Sites-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Visited Links</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Web Data</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Web Data-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Rules\000003.log</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Rules\LOCK</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Rules\LOG</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension Rules\MANIFEST-000002</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension State\000003.log</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension State\LOCK</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension State\LOG</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Extension State\MANIFEST-000002</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\gfmdmibgfbecppaeocifplgmepgcpcbi\000003.log</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\gfmdmibgfbecppaeocifplgmepgcpcbi\LOCK</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\gfmdmibgfbecppaeocifplgmepgcpcbi\LOG</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\gfmdmibgfbecppaeocifplgmepgcpcbi\MANIFEST-000002</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000002</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>


-<file>

<path>C:\Users\Administrator\AppData\Local\UnicoBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal</path>

<vendor>PUP.Optional.UnicoBrowser.A</vendor>

<action>success</action>

<hash>0534026dc8c22c0a7ff93985cf34f30d</hash>

</file>

</items>

</mbam-log>


------------------------------------- secondo log


<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2015.4.6.2" name="Remediation Database" last_modified_tag="3218061f-dd7b-4960-aa2d-c7844460274c" fromVersion="2015.3.9.1" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T18:32:19.699530+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.4.20.1" name="Rootkit Database" last_modified_tag="c548b430-b213-4c95-bfad-f8375f57b44c" fromVersion="2015.2.25.1" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T18:32:22.691536+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.4.21.5" name="Malware Database" last_modified_tag="f5fc4cf5-8541-430f-90fe-e854e83f4a04" fromVersion="2015.3.9.5" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T18:32:41.049567+02:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="897ac09f-7f55-48ac-a4bf-7374aa875445" systemname="FHDTY-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-21T19:39:48.152455+02:00" LoggingEventType="4" severity="debug" message="IsLicensed" code="13"/>

<record last_modified_tag="fb289827-858e-48d3-b0c0-ce467bc33be3" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T19:39:48.183655+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="c38bae76-003a-463c-b0e2-1ea2808b0fd0" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T19:39:48.183655+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record last_modified_tag="fa327550-7e16-40a3-80f9-f57e0f86b0b7" systemname="FHDTY-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-21T19:46:55.987248+02:00" LoggingEventType="4" severity="debug" message="IsLicensed" code="13"/>

<record last_modified_tag="bbcd797b-ffb8-4288-a1d7-2014d82101d1" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T19:46:56.018448+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="8b3d6acc-09ba-4e52-b212-ef6cace198ca" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T19:46:56.018448+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record last_modified_tag="82ad6502-d5e1-4548-9b00-24792a8823ce" systemname="FHDTY-PC" username="SYSTEM" type="Scan" source="Manual" datetime="2015-04-21T20:32:58.142099+02:00" LoggingEventType="6" severity="debug" starttime="2015-04-21T19:47:58+02:00" scantype="threat" scanresult="completed" nonmalwaredetections="61" malwaredetections="0" duration="1527"/>

<record last_modified_tag="a205c14d-687a-4d92-9f16-cc0c5ebe5bbe" systemname="FHDTY-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-21T20:34:21.024841+02:00" LoggingEventType="4" severity="debug" message="IsLicensed" code="13"/>

<record last_modified_tag="959b2d3d-8126-4d63-a4b2-768d2217b449" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T20:34:21.040441+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="0e37bcbf-6de6-4e46-b35d-70d05e196538" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T20:34:21.040441+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record last_modified_tag="c04da037-4f31-4764-9cb3-d6f32c89bad8" systemname="FHDTY-PC" username="SYSTEM" type="Error" source="Protection" datetime="2015-04-21T20:43:45.541240+02:00" LoggingEventType="4" severity="debug" message="IsLicensed" code="13"/>

<record last_modified_tag="faa32b87-6d47-421e-9dac-d5415c17ca23" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T20:43:45.541240+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="06085691-67c5-4746-aab1-41bb69470347" systemname="FHDTY-PC" username="SYSTEM" type="Protection" source="Protection" datetime="2015-04-21T20:43:45.556840+02:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record toVersion="2015.4.21.1" name="Remediation Database" last_modified_tag="e5fd886b-3496-4a85-8cc3-d637e9be9279" fromVersion="2015.4.6.2" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T21:05:19.791673+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.4.21.1" name="Rootkit Database" last_modified_tag="9599cf66-a918-4c49-a778-3726257860f2" fromVersion="2015.4.20.1" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T21:52:24.855716+02:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2015.4.21.6" name="Malware Database" last_modified_tag="e02b8dc4-1623-4439-b35e-f8d20d7324fc" fromVersion="2015.4.21.5" systemname="FHDTY-PC" username="SYSTEM" type="Update" source="Manual" datetime="2015-04-21T21:54:08.027617+02:00" LoggingEventType="1" severity="debug"/>

</logs>

Li ho eliminati dalla Quarantena

Grazie per la pazienza Brick wall



Torna in alto
 
cbbusto
Inviato: Tuesday, April 21, 2015 11:27:08 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Le varie scansioni sono state molto utili, avevi abbastanza porcherie, sia Malwarebytes che ADW hanno fatto una bella pulizia, molte voci riguardano UnicoBrowser un dirottatore che può cambiare anche la pagina iniziale, spesso è associato ad alcuni sw gratuiti, controlla fra i browser che usi che la pagina non sia atata modificata e poi cerca fra i motori di ricerca che non vi sia una voce sconosciuta, nel caso elimina.
Altro programma dannoso è Bubble Dock, Bubble Dock è un programma creato dalla società Nosibay, che promette un rapido accesso a TV, video, YouTube e altro, in realtà si tratta di un adware o un'applicazione potenzialmente indesiderata.
Sarebbe utile vedere un log di Hijack This per vedere cos'hai nel PC, scaricalo da qui:
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
clicca su Download Now.
Ciao
Torna in alto
 
Misonsan
Inviato: Thursday, April 23, 2015 7:59:10 AM
Rank: AiutAmico

Iscritto dal : 7/8/2007
Posts: 77
Ciao CCBUSTO

Ho eseguito la scansione con Trend Micro HijackThis v2.0.5
ecco il log.


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 07:50:48, on 23/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)

FIREFOX: 37.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe
C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKLM\..\Run: [EaseUS TB Tray Agent] "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1429767433
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{45A15253-B87B-4D52-A2F4-AD74F46679B0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{45A15253-B87B-4D52-A2F4-AD74F46679B0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{45A15253-B87B-4D52-A2F4-AD74F46679B0}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: OfficeScan NT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9444 bytes

Non ho effettuato nessuna oazione sui record estratti.
Devo fare qualcosa per eliminarli ?

Ho caricato Trend Micro OfficeScan client come antivirus. Per errore avevo caricato anche avast non avendo visto la presenza di trend micro.
Posso lasciare Trend Micro o è meglio sostituirlo con Avast ?

Pensavo anche di installate privatefirewall come firewall e disattivare quello nativo Microsoft.
Grazie

Moreno Brick wall






Torna in alto
 
ciocca956
Inviato: Thursday, April 23, 2015 8:36:00 AM
Rank: AiutAmico

Iscritto dal : 1/5/2012
Posts: 4,102
Non conosco l'Antivirus preinstallato. Però conosco Avast, Lo ho usato per anni con XP e negli ultimi tempi era diventato pesante e rompiballe (a parer mio).
Con MSE (antivirus di Microsoft che si può usare anche con Seven) mi sono invece trovato subito bene e ho cestinato Avast da tutti i miei PC.
Al.
Torna in alto
 
cbbusto
Inviato: Saturday, April 25, 2015 12:30:51 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao Moreno,

Ho caricato Trend Micro OfficeScan client come antivirus. Per errore avevo caricato anche avast non avendo visto la presenza di trend micro.
Posso lasciare Trend Micro o è meglio sostituirlo con Avast ?

Pensavo anche di installate privatefirewall come firewall e disattivare quello nativo Microsoft.
Grazie

Come già suggerito da ciocca, io ti consiglio di lasciar perdere sia trend micro che avast e metti MSE (quello che uso anch'io), ottimo antivirus, per il firevall quello di vindows 7 va più che bene non metterne altri, questa è la mia opinione, altri la pensano diversamente, decidi tu.
Se decidi per MSE, lo scarichi dal sito Microsoft, poi ti disconnetti, elimini i 2 antivirus col loro uninstaller, poi pulisci il Registro con Ccleaner e quindi installi MSE, ti ricolleghi alla rete e lo aggiorni, poi fai una scansione.
Se invece decidi pe uno dei due, Trend Micro dovresti acquistarlo, meglio Avast.

Apri Hijack e clicca sul secondo pulsante Do a system scan only poi metti il segno di spunta sulle voci sotto elencate, clicca il tasto Fix checked per procedere all'eliminazione, nella finestra che appare clicca su SI per accettare e l'operazione e conclusa.

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [EaseUS EPM Tray Agent] "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe"
O4 - HKLM\..\Run: [EaseUS TB Tray Agent] "C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1429767433

Le voci 04 si riferiscono a programmi in avvio automatico i programmi non vengono toccati ma viene solo disattivato l'avvio, inutile.
Per il resto tutto a posto.

Di DNS vedo che ne hai 5 a cosa ti servono, ne basta uno quello di Google.
Fai sapere se tutto è a posto. Speak to the hand


Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi si blocca inspiegabilmente il pc


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.