Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » impossibile eseguire haijack this

impossibile eseguire haijack this Opzioni
Topic Precedente · Topic Sucessivo
Viky68
Inviato: Friday, March 01, 2013 1:50:20 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
ciao,ho un problema.si aprono pagine web indesiderate...per esempio per scaricare programma dal sito "aiutamici" quando clicco per salvare il file si apre pagina web con finestra pop up in cui mi si chiede il cellulare per la registrazione! ho provato ad eseguire una scansione con haijthis ma mi dice che e' impossibile salvare il file log!manca qualcosa...non so piu' cosa fare.Ho eseguito una scansione con drweb mi ha rilevato diversi problemi e li ho cancellati dalla quarantene poi ho riavviato ma il problema persiste il pc e' molto lento e si blocca.se potete darmi qualche suggerimento.
grazie
Torna in alto
 
Sponsor
Inviato: Friday, March 01, 2013 1:50:20 PM

 
Torna in alto
 
Viky68
Inviato: Friday, March 01, 2013 2:19:03 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
ho provato ad eseguire scansione con combofix vi posto il log:
ComboFix 13-02-26.01 - Vincenzo 01/03/2013 14:10:45.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3327.2342 [GMT 1:00]
Eseguito da: c:\users\Vincenzo\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-01 al 2013-03-01 )))))))))))))))))))))))))))))))))))
.
.
2013-03-01 13:15 . 2013-03-01 13:16 -------- d-----w- c:\users\Vincenzo\AppData\Local\temp
2013-03-01 13:15 . 2013-03-01 13:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-01 13:15 . 2013-03-01 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-01 12:34 . 2013-03-01 12:34 388096 ----a-r- c:\users\Vincenzo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-01 12:29 . 2013-03-01 12:29 -------- d-----w- c:\users\Vincenzo\AppData\Roaming\HPAppData
2013-03-01 10:54 . 2013-03-01 10:54 -------- d-----w- c:\program files\Trend Micro
2013-02-28 21:11 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3B76208-6ACE-4E5B-8EE6-2FEDF3C20AD5}\mpengine.dll
2013-02-28 19:46 . 2013-02-28 20:52 -------- d-----w- c:\users\Vincenzo\Doctor Web
2013-02-27 19:17 . 2013-02-27 19:17 -------- d-----w- c:\programdata\Intel
2013-02-27 19:14 . 2013-02-27 19:14 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-02-27 19:14 . 2013-02-27 19:14 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-02-27 19:14 . 2013-02-27 19:20 -------- d-----w- c:\programdata\Package Cache
2013-02-27 15:43 . 2013-02-27 15:43 -------- d-----w- c:\program files\Common Files\Intel
2013-02-27 15:32 . 2013-02-27 15:32 -------- d-----w- c:\program files\SystemRequirementsLab
2013-02-27 15:31 . 2013-02-27 15:31 -------- d-----w- c:\users\Vincenzo\SystemRequirementsLab
2013-02-27 14:39 . 2013-02-27 14:39 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-27 14:39 . 2013-02-27 14:39 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 14:00 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-02-27 12:05 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-26 19:29 . 2013-02-26 19:29 -------- d-----w- c:\programdata\APN
2013-02-26 16:29 . 2013-02-26 16:29 -------- d-----w- c:\program files\iPod
2013-02-26 16:29 . 2013-02-26 16:30 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-26 16:29 . 2013-02-26 16:30 -------- d-----w- c:\program files\iTunes
2013-02-25 17:23 . 2009-07-16 10:36 13216 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2013-02-24 19:53 . 2013-02-24 19:55 -------- d-----w- c:\users\Vincenzo\AppData\Roaming\Wise Registry Cleaner
2013-02-24 19:53 . 2013-02-24 19:53 -------- d-----w- c:\program files\Wise
2013-02-24 17:15 . 2013-02-25 15:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-02-24 17:12 . 2013-02-24 17:58 -------- d-----w- c:\programdata\Tarma Installer
2013-02-14 18:14 . 2013-02-14 18:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-02-14 17:11 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 17:11 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-14 17:11 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 17:11 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 17:11 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-14 17:10 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 10:40 . 2013-02-13 10:40 -------- d-----w- c:\programdata\RightClick
2013-02-13 10:40 . 2013-02-28 21:16 -------- d-----w- c:\program files\WebSearch
2013-02-13 10:40 . 2013-02-13 10:40 -------- d-----w- c:\programdata\BetterSoft
2013-02-13 10:35 . 2013-02-13 10:40 -------- d-----w- c:\programdata\InstallMate
2013-02-09 20:02 . 2013-02-19 14:46 -------- d-----w- c:\users\Vincenzo\AppData\Roaming\AIMP3
2013-02-09 20:02 . 2013-02-09 20:02 -------- d-----w- c:\program files\AIMP3
2013-02-05 19:42 . 2013-02-05 19:43 -------- d-----w- c:\users\Vincenzo\AppData\Local\Abelssoft
2013-01-31 10:35 . 2013-01-31 10:35 -------- d-----w- c:\programdata\Freemake
2013-01-31 10:34 . 2013-01-31 10:35 -------- d-----w- c:\program files\Freemake
2013-01-31 10:19 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2013-01-31 10:19 . 2013-01-31 10:19 -------- d-----w- c:\program files\AviSynth 2.5
2013-01-31 10:19 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2013-01-31 10:19 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2013-01-31 10:19 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2013-01-31 10:19 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2013-01-31 10:17 . 2004-07-02 16:33 327749 ----a-w- c:\windows\system32\drvc.dll
2013-01-30 23:05 . 2013-01-30 23:05 -------- d-----w- c:\program files\Bit Che
2013-01-30 23:05 . 2013-01-30 23:05 -------- d-----w- c:\users\Vincenzo\AppData\Roaming\Convivea
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 16:23 . 2012-12-10 01:33 137992 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-02-28 16:23 . 2012-12-10 13:38 291088 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-02-28 16:23 . 2012-12-10 01:33 291088 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-02-28 16:23 . 2012-12-10 01:33 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-02-27 15:15 . 2012-11-07 22:35 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 15:15 . 2012-11-07 22:35 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 15:29 . 2012-11-07 23:43 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-18 15:29 . 2012-11-07 23:43 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2013-01-31 09:57 . 2012-11-08 12:12 32032 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-31 09:57 . 2012-12-22 19:04 29984 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-31 09:57 . 2012-11-08 12:12 21792 ----a-w- c:\windows\system32\authuitu.dll
2013-01-30 10:53 . 2012-11-07 22:46 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-11 19:49 . 2013-01-11 19:49 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-12-29 10:26 . 2013-01-06 20:36 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:26 . 2013-01-06 20:36 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:26 . 2013-01-06 20:36 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:26 . 2013-01-06 20:36 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2012-12-29 10:26 . 2013-01-06 20:36 201728 ----a-w- c:\windows\system32\nvinit.dll
2012-12-29 10:26 . 2013-01-06 20:36 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:26 . 2013-01-06 20:36 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2012-12-29 10:26 . 2013-01-06 20:36 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:26 . 2013-01-06 20:36 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:26 . 2012-11-07 22:53 958272 ----a-w- c:\windows\system32\nvumdshim.dll
2012-12-29 10:26 . 2012-11-07 22:53 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-11-07 22:53 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26 . 2012-11-07 22:53 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26 . 2012-11-07 22:53 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26 . 2012-11-07 22:54 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26 . 2012-11-07 22:54 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25 . 2012-11-07 22:54 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25 . 2012-11-07 22:54 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25 . 2012-11-07 22:54 2557880 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:25 . 2012-11-07 22:54 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-24 15:34 . 2012-12-24 15:34 13584 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-12-24 15:34 . 2012-12-24 15:34 16656 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-12-24 15:33 . 2012-12-24 15:33 55056 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2012-12-16 14:13 . 2012-12-21 17:58 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 17:58 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-10 16:10 . 2012-12-10 01:33 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-10 01:33 . 2012-12-10 01:33 138056 ----a-w- c:\users\Vincenzo\AppData\Roaming\PnkBstrK.sys
2012-12-07 12:26 . 2013-01-20 20:19 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-20 20:19 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-20 20:19 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-20 20:19 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-20 20:19 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-20 20:19 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-20 20:19 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-20 20:19 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-20 20:19 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-20 20:19 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-20 20:19 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-20 20:19 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-20 20:19 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-20 20:19 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-20 20:19 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-20 20:19 51712 ----a-w- c:\windows\system32\esrb.rs
2013-02-20 17:30 . 2013-02-20 17:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-06-30 36864]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 1851192]
"Turbo Key"="c:\program files\ASUS\Turbo Key\TurboKey.exe" [2009-06-02 1769472]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 153672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
Torna in alto
 
cbbusto
Inviato: Friday, March 01, 2013 4:23:09 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao, sicuramente hai qualche sw che ti dorotta verso siti non richiesti che ti mandano pubblicità, probabile si tratti di PowerOffer. Combofix non li rintraccia, questo programma va usato con cautela.
Fai prima questa scansione:
Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner
Avvialo e clicca sul pulsante "Elimina".
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Poi scarica HJT da QUI attendi che appaia la finestra salvare il file.
HJT va eseguito come amministratore, clic su HijackThis.exe e poi clic sul primo pulsante Do a systemscan and save a logfile. Ti rilascia il log che posti qui. Ciao
Torna in alto
 
Viky68
Inviato: Friday, March 01, 2013 4:38:15 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
# AdwCleaner v2.113 - Logfile creato il 01/03/2013 alle 16:37:16
# Aggiornamento 23/02/2013 by Xplode
# Sistema Operativo : Windows 7 Professional Service Pack 1 (32 bits)
# Utente : Vincenzo - VINCENZO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Vincenzo\Downloads\adwcleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\ProgramData\APN
Cartella Trovato : C:\ProgramData\BetterSoft
Cartella Trovato : C:\ProgramData\InstallMate
Cartella Trovato : C:\ProgramData\RightClick
Cartella Trovato : C:\ProgramData\Tarma Installer
Cartella Trovato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\extensions\511b6cc38f5ed@511b6cc38f628.com
Cartella Trovato : C:\Users\Vincenzo\AppData\Roaming\OpenCandy
File Trovato : C:\Users\Vincenzo\AppData\Local\funmoods-speeddial.crx
File Trovato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\babylon1.xml
File Trovato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\search.xml
File Trovato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\WebSearch.xml

***** [Registro] *****

Chiave Trovata : HKCU\Software\5828b8fbc35ee48
Chiave Trovata : HKCU\Software\AppDataLow\SProtector
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Trovata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Trovata : HKCU\Software\Softonic
Chiave Trovata : HKLM\Software\Babylon
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Trovata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Trovata : HKLM\SOFTWARE\Classes\f
Chiave Trovata : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chiave Trovata : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chiave Trovata : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chiave Trovata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Trovata : HKLM\Software\Freeze.com
Chiave Trovata : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Chiave Trovata : HKLM\Software\Iminent
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chiave Trovata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chiave Trovata : HKLM\Software\SP Global
Chiave Trovata : HKLM\Software\SProtector
Chiave Trovata : HKU\S-1-5-21-3779659807-2908217341-3138710112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Trovata : HKU\S-1-5-21-3779659807-2908217341-3138710112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Trovata : HKU\S-1-5-21-3779659807-2908217341-3138710112-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16464

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=719&r=2013/02/13&hid=1301845745&lg=EN&cc=IT

-\\ Mozilla Firefox v19.0 (it)

File : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\prefs.js

Trovata : user_pref("aol_toolbar.default.homepage.check", false);
Trovata : user_pref("aol_toolbar.default.search.check", false);
Trovata : user_pref("browser.search.defaultenginename,S", "WebSearch");
Trovata : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=719&r=2013/02/13&hid[...]
Trovata : user_pref("browser.search.order.1,S", "WebSearch");
Trovata : user_pref("browser.search.selectedEngine,S", "WebSearch");
Trovata : user_pref("extensions.511b6cc38f69b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Trovata : user_pref("extensions.BabylonToolbar.admin", false);
Trovata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Trovata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Trovata : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Trovata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Trovata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Trovata : user_pref("extensions.BabylonToolbar.id", "34ef8929000000000000e0cb4e1ade1f");
Trovata : user_pref("extensions.BabylonToolbar.instlDay", "15716");
Trovata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Trovata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Trovata : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Trovata : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Trovata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Trovata : user_pref("extensions.BabylonToolbar.rvrt", "false");
Trovata : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Trovata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Trovata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Trovata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Trovata : user_pref("extensions.BabylonToolbar_i.babExt", "");
Trovata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=0213_2");
Trovata : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Trovata : user_pref("extensions.BabylonToolbar_i.newTab", false);
Trovata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Trovata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Trovata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:50:57");
Trovata : user_pref("extensions.funmoods.aflt", "nv1");
Trovata : user_pref("extensions.funmoods.autoRvrt", false);
Trovata : user_pref("extensions.funmoods.dfltLng", "");
Trovata : user_pref("extensions.funmoods.dfltSrch", true);
Trovata : user_pref("extensions.funmoods.dnsErr", true);
Trovata : user_pref("extensions.funmoods.envrmnt", "production");
Trovata : user_pref("extensions.funmoods.excTlbr", false);
Trovata : user_pref("extensions.funmoods.hmpg", true);
Trovata : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Trovata : user_pref("extensions.funmoods.id", "E0CB4E1ADE1F8929");
Trovata : user_pref("extensions.funmoods.instlDay", "15676");
Trovata : user_pref("extensions.funmoods.instlRef", "nv1");
Trovata : user_pref("extensions.funmoods.isdcmntcmplt", true);
Trovata : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Trovata : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Trovata : user_pref("extensions.funmoods.prdct", "funmoods");
Trovata : user_pref("extensions.funmoods.prtnrId", "funmoods");
Trovata : user_pref("extensions.funmoods.srchPrvdr", "Search");
Trovata : user_pref("extensions.funmoods.tlbrId", "base");
Trovata : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Trovata : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Trovata : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Trovata : user_pref("extensions.funmoods_i.newTab", true);
Trovata : user_pref("extensions.funmoods_i.smplGrp", "none");
Trovata : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:35:9");
Trovata : user_pref("imtranslator.ImTranslatorSelectedText", "Trend%20Micro%20CWShredder%20is%20the%20premier%[...]
Trovata : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Trovata : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Trovata : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Trovata : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Trovata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Trovata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Trovata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Trovata : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Vincenzo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Trovata [l.81] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Trovata [l.85] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1", "hxxp://websearch.good-results.info/?pid=719&r=2013/02/13&hid=1301845745&lg=EN&cc=IT"]
Trovata [l.88] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Trovata [l.91] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1"],

*************************

AdwCleaner[R1].txt - [10778 octets] - [01/03/2013 16:36:11]
AdwCleaner[R2].txt - [10708 octets] - [01/03/2013 16:37:16]

########## EOF - C:\AdwCleaner[R2].txt - [10769 octets] ##########
Torna in alto
 
Viky68
Inviato: Friday, March 01, 2013 4:42:38 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
# AdwCleaner v2.113 - Logfile creato il 01/03/2013 alle 16:39:02
# Aggiornamento 23/02/2013 by Xplode
# Sistema Operativo : Windows 7 Professional Service Pack 1 (32 bits)
# Utente : Vincenzo - VINCENZO-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Vincenzo\Downloads\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\ProgramData\APN
Cartella Eliminato : C:\ProgramData\BetterSoft
Cartella Eliminato : C:\ProgramData\InstallMate
Cartella Eliminato : C:\ProgramData\RightClick
Cartella Eliminato : C:\ProgramData\Tarma Installer
Cartella Eliminato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\extensions\511b6cc38f5ed@511b6cc38f628.com
Cartella Eliminato : C:\Users\Vincenzo\AppData\Roaming\OpenCandy
File Eliminato : C:\Users\Vincenzo\AppData\Local\funmoods-speeddial.crx
File Eliminato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\babylon1.xml
File Eliminato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\search.xml
File Eliminato : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\searchplugins\WebSearch.xml

***** [Registro] *****

Chiave Eliminata : HKCU\Software\5828b8fbc35ee48
Chiave Eliminata : HKCU\Software\AppDataLow\SProtector
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminata : HKLM\SOFTWARE\Classes\f
Chiave Eliminata : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Chiave Eliminata : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Chiave Eliminata : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\Software\Freeze.com
Chiave Eliminata : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Chiave Eliminata : HKLM\Software\SP Global
Chiave Eliminata : HKLM\Software\SProtector
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16464

Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.good-results.info/?pid=719&r=2013/02/13&hid=1301845745&lg=EN&cc=IT --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0 (it)

File : C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\prefs.js

C:\Users\Vincenzo\AppData\Roaming\Mozilla\Firefox\Profiles\v849rrot.default\user.js ... Eliminato !

Eliminata : user_pref("aol_toolbar.default.homepage.check", false);
Eliminata : user_pref("aol_toolbar.default.search.check", false);
Eliminata : user_pref("browser.search.defaultenginename,S", "WebSearch");
Eliminata : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=719&r=2013/02/13&hid[...]
Eliminata : user_pref("browser.search.order.1,S", "WebSearch");
Eliminata : user_pref("browser.search.selectedEngine,S", "WebSearch");
Eliminata : user_pref("extensions.511b6cc38f69b.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Eliminata : user_pref("extensions.BabylonToolbar.admin", false);
Eliminata : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Eliminata : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Eliminata : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Eliminata : user_pref("extensions.BabylonToolbar.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar.id", "34ef8929000000000000e0cb4e1ade1f");
Eliminata : user_pref("extensions.BabylonToolbar.instlDay", "15716");
Eliminata : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Eliminata : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Eliminata : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Eliminata : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Eliminata : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Eliminata : user_pref("extensions.BabylonToolbar.rvrt", "false");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Eliminata : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Eliminata : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Eliminata : user_pref("extensions.BabylonToolbar_i.babExt", "");
Eliminata : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=0213_2");
Eliminata : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.newTab", false);
Eliminata : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Eliminata : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Eliminata : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.220:50:57");
Eliminata : user_pref("extensions.funmoods.aflt", "nv1");
Eliminata : user_pref("extensions.funmoods.autoRvrt", false);
Eliminata : user_pref("extensions.funmoods.dfltLng", "");
Eliminata : user_pref("extensions.funmoods.dfltSrch", true);
Eliminata : user_pref("extensions.funmoods.dnsErr", true);
Eliminata : user_pref("extensions.funmoods.envrmnt", "production");
Eliminata : user_pref("extensions.funmoods.excTlbr", false);
Eliminata : user_pref("extensions.funmoods.hmpg", true);
Eliminata : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2[...]
Eliminata : user_pref("extensions.funmoods.id", "E0CB4E1ADE1F8929");
Eliminata : user_pref("extensions.funmoods.instlDay", "15676");
Eliminata : user_pref("extensions.funmoods.instlRef", "nv1");
Eliminata : user_pref("extensions.funmoods.isdcmntcmplt", true);
Eliminata : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Eliminata : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEt[...]
Eliminata : user_pref("extensions.funmoods.prdct", "funmoods");
Eliminata : user_pref("extensions.funmoods.prtnrId", "funmoods");
Eliminata : user_pref("extensions.funmoods.srchPrvdr", "Search");
Eliminata : user_pref("extensions.funmoods.tlbrId", "base");
Eliminata : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2Xzuy[...]
Eliminata : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Eliminata : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Eliminata : user_pref("extensions.funmoods_i.newTab", true);
Eliminata : user_pref("extensions.funmoods_i.smplGrp", "none");
Eliminata : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:35:9");
Eliminata : user_pref("imtranslator.ImTranslatorSelectedText", "Trend%20Micro%20CWShredder%20is%20the%20premier%[...]
Eliminata : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Eliminata : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Eliminata : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Eliminata : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Eliminata : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Eliminata : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Impossibile rilevare la versione]

File : C:\Users\Vincenzo\AppData\Local\Google\Chrome\User Data\Default\Preferences

Eliminata [l.81] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Eliminata [l.85] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1", "hxxp://w[...]
Eliminata [l.88] : homepage = "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1",
Eliminata [l.91] : urls_to_restore_on_startup = ["hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1"],

*************************

AdwCleaner[R1].txt - [10778 octets] - [01/03/2013 16:36:11]
AdwCleaner[R2].txt - [10839 octets] - [01/03/2013 16:37:16]
AdwCleaner[S1].txt - [10605 octets] - [01/03/2013 16:39:02]

########## EOF - C:\AdwCleaner[S1].txt - [10666 octets] ##########
Torna in alto
 
r16
Inviato: Friday, March 01, 2013 6:05:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
cbbusto ha scritto:
Combofix non li rintraccia

Non li rintraccia perchè il log non è completo.
Ne manca quasi la metà.
Torna in alto
 
Viky68
Inviato: Friday, March 01, 2013 8:30:34 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
non so come ma sono riuscito a usare haijck this ecco il log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:28:36, on 01/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Turbo Key] "C:\Program Files\ASUS\Turbo Key\TurboKey.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

--
End of file - 6009 bytes
Torna in alto
 
cbbusto
Inviato: Friday, March 01, 2013 11:39:40 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
r16 ha scritto:
cbbusto ha scritto:
Combofix non li rintraccia

Non li rintraccia perchè il log non è completo.
Ne manca quasi la metà.


E' risaputo che certi tipi di sw che ti dirottano o ti presentano pubblicità, così come certe toolbar, non essendo grosse infezioni, Combofix come mbam o altri antispyware, non li vedono.
Li trova ADW oppure si vedono dai log HJT o meglio da OTL, a questi mi riferivo.
Torna in alto
 
cbbusto
Inviato: Friday, March 01, 2013 11:45:50 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ADW ha trovato ed eliminato parecchio, da Babylon a varie toolbar, forse qualche miglioramento dovresti notarlo.
DA HJT non si vede niente sembra tutto a posto,fixa ed elimina questa voce:
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)

Non vedo nessun antivirus, cosa usi ? dimmi come va il pc. Ciao
Torna in alto
 
Viky68
Inviato: Saturday, March 02, 2013 5:33:47 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
adesso provo, non si vede l'antivirus perche' l'avevo disattivato uso quello di microsoft. provo ad eliminare la voce che mi hai detto poi ti faccio sapere.d'oh!
Torna in alto
 
Viky68
Inviato: Saturday, March 02, 2013 9:04:00 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
ciao,sembra tutto a posto,non si aprono piu' finestre web indesiderate.Avevo solo una richiesta ho provato la versione pro di mbam poi l'ho disintallata.L'ho installata nuovamente per utilizzare il programma free ma mi risulta sempre come versione di prova(11giorni rimanenti) come e' possibile questo?
grazie
Torna in alto
 
cbbusto
Inviato: Saturday, March 02, 2013 10:44:32 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Viky68 ha scritto:
ciao,sembra tutto a posto,non si aprono piu' finestre web indesiderate.Avevo solo una richiesta ho provato la versione pro di mbam poi l'ho disintallata.L'ho installata nuovamente per utilizzare il programma free ma mi risulta sempre come versione di prova(11giorni rimanenti) come e' possibile questo?
grazie


Malwarebytes con l'ultima vs ha inserito la vs pro che è in prova per rimanere con la vs free non dovevi provare la pro,
comunque Mbam lo puoi anche rimuovere non fa nessuna protezione serve solo per scansionare il pc alla ricerca di malware. Quando lo vorrai usare reinstallalo e non usare la vs Pro così rimane attiva la vs gratuita, tutto qui.
Con tutto quello che ha rimosso ADW il pc ora è pulito, devi fare molta attenzione ai siti che visiti, attento dove clicchi,
quando scarichi qualche sw controlla bene che non ci siano delle spunte su altre applicazioni e soprattutto non scaricare mai nessuna toolbar perchè creano solo caos e rallentamenti. Ciao
Torna in alto
 
Viky68
Inviato: Sunday, March 03, 2013 8:16:45 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
GRAZIEApplause
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » impossibile eseguire haijack this


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.