Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Apertura pagine internet indesiderate controlo log Opzioni
tempesta10
Inviato: Saturday, November 23, 2013 6:36:13 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Salve a tutti, ho un problema di apertura di pagine internet indesiderate . Preciso che ho appena effettuato tutte le scansioni per cui al momento non sono in grado di riferire se ho risolto il problema. Ho seguito la guida di r16 posto i log, qualcuno li potrebbe controllare.
MBAM-log-2013-11-23 (17-37-16).txt

.txt]AdwCleaner[S3].txt

JRT.txt

Extras.Txt

OTL.Txt

Ringrazio anticipatamente.
Sponsor
Inviato: Saturday, November 23, 2013 6:36:13 PM

 
shapiro
Inviato: Saturday, November 23, 2013 6:55:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

con tutte le scansioni fatte ora dovresti ripeterne una nuova con otl, elimina il vecchio log e posta il nuovo
tempesta10
Inviato: Sunday, November 24, 2013 5:23:55 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Scusa shapiro, ho fatto la scansione con otl dopo aver fatto tutte le altre. Dammi conferma se devo rifarlo.
Grazie.
shapiro
Inviato: Sunday, November 24, 2013 6:35:15 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164


no va bene cosi'

vedo invece che con mbam non hai eliminato quello che ha trovato

>>>
Nessuna azione intrapresa.

ripeti la scansione con mbam ( completa) e quando finisce clicca su ''Rimuovi elementi selezionati'' Riavvia il pc se non lo fa in automatico e controlla se hai sempre il problema di apertura pagine
tempesta10
Inviato: Monday, November 25, 2013 7:20:15 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Scusa il ritardo, fra lavoro ed altro.
Posto il nuovo log mbam, ho fatto il riavvio del sistema, comunque non ho risolto il problema si aprono ancora delle pagine indesiderate.

mbam-log-2013-11-25 (17-36-06).txt

Ancora grazie per l'aiuto.
shapiro
Inviato: Monday, November 25, 2013 8:11:05 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai fatto una scansione rapida, rieseguila facendone una completa

poi

Disattiva temporaneamente l'antivirus e riattivalo subito dopo il download

scarica Junkware Removal Tool
clicca sull'icona di JRT e attendi pazientemente la fine della scansione
Una volta terminata dovrebbe aprirsi il log sul desktop come JRT.txt

esegui anche una nuova scansione con otl

Allega i rapporti
tempesta10
Inviato: Tuesday, November 26, 2013 7:57:04 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao shapiro, fatto le scansioni come richiesto, posto i log in ordine di scansione:

mbam-log-2013-11-26 (18-02-38).txt

JRT.txt

OTL.Txt


Ciao e Grazie.
tempesta10
Inviato: Thursday, November 28, 2013 7:19:28 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Salve a tutti, dopo le varie scansioni eseguite non sono riuscito a risolvere il problema, allego il log di hijackthis qualcuno potrebbe controllarlo cortesemente?
hijackthis.log

P.S. ho eseguito tutte le scansione senza disattivare il ripristino di sistema, è giusto ho dovevo disattivarlo?

Ancora Grazie per l'aiuto.
tempesta10
Inviato: Tuesday, December 10, 2013 10:48:21 AM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Salve a tutti,
non c'e` nessuno che mi possa aiutare a risolvere il problema?Brick wall Brick wall Brick wall

Grazie
cbbusto
Inviato: Tuesday, December 10, 2013 3:16:49 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Tutti i log che hai postato sono illeggibili, devono essere in formato .txt, vengono rilasciati col blocco note devi copiare e allegare.
Posta quello di HJT, copialo e postalo qui senza andare su wikisend, poi devi dire qual'è il problema attuale. Ciao
tempesta10
Inviato: Thursday, December 12, 2013 5:58:04 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao cbbusto, scusa il ritardo ma avevo perso ogni speranza.
Il mio problema è che si aprono della pagine di internet da sole mi capita anche dopo aver chiuso Explorer si apre subito una pagina non richiesta, S.O. Win 7 Home premiun, posto il log appena fatto.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:39, on 12/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\LSM\lsm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [EPSONFF5C22] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRE.EXE /FU "C:\Windows\TEMP\E_SA62.tmp" /EF "HKCU" (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart (User 'Stella')
O4 - S-1-5-21-1294507179-1061758829-1366383323-1001 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Stella')
O4 - S-1-5-21-1294507179-1061758829-1366383323-1001 User Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Stella')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\LSM\aus.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Log Session Manager (Log S.M.) - MS - C:\Program Files (x86)\LSM\lsm.exe
O23 - Service: Marine Aquarium LiteService (MarineAquarium3Free_57Service) - COMPANYVERS_NAME - C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14617 bytes
Grazie per l'aiuto. Ciao
cbbusto
Inviato: Thursday, December 12, 2013 11:55:45 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Dal log di HJT non c'è niente di pericoloso, solo troppe voci in avvio e parecchi servizi attivi.
Rifai queste 2 scansioni, segui bene le istruzioni e posta qui i log perchè con wikisend non riesci.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346, clicca su: link al sito principale e nella pagina che appare clicca su Free Version Download.
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione COMPLETA del sistema. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Se si tratta di adware e dirottatori li dovrebbero eliminare. Ciao
tempesta10
Inviato: Friday, December 13, 2013 7:10:49 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao cbbusto,
ho fatto le scansioni consigliate, ha eliminato un bel po' di schifezze posto i log.
Mi hai segnalato parecchie voci in avvio e servizi attivi, se hai possibilità potresti indicarmi cortesemente cosa disattivare e come.
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Versione database: v2013.12.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Alberto :: ALBERTO-PC [amministratore]

13/12/2013 17:04:48
mbam-log-2013-12-13 (17-04-48).txt

Tipo di scansione: Scansione completa (C:\|D:\|J:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 505777
Tempo impiegato: 1 ore, 39 minuti, 26 secondi

Processi rilevati in memoria: 3
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (PUP.Optional.AmazonTB.A) -> 2464 -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe (PUP.Optional.BetterBrowse.A) -> 2164 -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe (PUP.Optional.BetterBrowse.A) -> 2496 -> Verrà eliminato al riavvio.

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 42
HKCR\CLSID\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\TypeLib\{44444444-4444-4444-4444-440444364428} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\Interface\{55555555-5555-5555-5555-550455365528} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CrossriderApp0043628.BHO.1 (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411361128} (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{964cfd95-89cb-4ba5-a122-36258ea0662a} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\TypeLib\{A8EAFA31-FCFD-4CDD-A132-D9EA3C2A7EE9} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\Interface\{849316F2-8DD4-4F01-9CCD-3D579079132A} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{964CFD95-89CB-4BA5-A122-36258EA0662A} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{964CFD95-89CB-4BA5-A122-36258EA0662A} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{964CFD95-89CB-4BA5-A122-36258EA0662A} (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\AlxTB2.TBLayoutBHO.1 (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\AlxTB2.TBLayoutBHO (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\AlxTB2.AlxHelper.1 (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\AlxTB2.AlxHelper (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305} (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SYSTEM\CurrentControlSet\Services\Updater Service for AMZN (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SYSTEM\CurrentControlSet\Services\Update BetterBrowse (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\SYSTEM\CurrentControlSet\Services\Util BetterBrowse (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CrossriderApp0043628.BHO (PUP.Optional.CrossRider.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CrossriderApp0043628.Sandbox (PUP.Optional.CrossRider.A) -> Spostato in quarantena ed eliminato con successo.
HKCR\CrossriderApp0043628.Sandbox.1 (PUP.Optional.CrossRider.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\Software\Alexa Internet\Alexa9\Amazon (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Spostato in quarantena ed eliminato con successo.
HKLM\Software\BetterBrowse (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.

Valori di registro rilevati: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Dati: -> Spostato in quarantena ed eliminato con successo.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EA582743-9076-4178-9AA6-7393FDF4D5CE} (PUP.Optional.AmazonTB.A) -> Dati: -> Spostato in quarantena ed eliminato con successo.

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 5
C:\Users\Alberto\AppData\Local\Amazon Browser Bar (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar (PUP.Optional.AmazonTB.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse (PUP.Optional.BetterBrowse.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\bin (PUP.Optional.BetterBrowse.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\bin\plugins (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 39
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho.dll (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\BetterBrowseBHO.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\search_protect.exe (PUP.Optional.Searchprotect) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bg.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-buttonutil64.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-chromeinstaller.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-codedownloader.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-enabler.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-updater.exe (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\WEB\chicken invaders 2 setup.exe (PUP.Optional.Soft32.A) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Alberto\AppData\Local\Amazon Browser Bar\protect.xml (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.ini (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\AlxSSBPS.dll (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBarSSB.3.0.dll (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\installer.xml (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe (PUP.Optional.AmazonTB.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\Amazon Browser Bar\uninstall.ico (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\uninstall.json (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\uninstaller.exe (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\Amazon Browser Bar\update.xml (PUP.Optional.AmazonTB.A) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\Tasks\weDownload Manager Pro-chromeinstaller.job (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\Tasks\weDownload Manager Pro-codedownloader.job (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\Tasks\weDownload Manager Pro-enabler.job (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Windows\Tasks\weDownload Manager Pro-updater.job (PUP.Optional.WeDownload.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\BetterBrowse.ico (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\BetterBrowseUninstall.exe (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe (PUP.Optional.BetterBrowse.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.InstallState (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\sqlite3.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe (PUP.Optional.BetterBrowse.A) -> Verrà eliminato al riavvio.
C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.InstallState (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\plugins\BetterBrowse.CompatibilityChecker.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\plugins\BetterBrowse.FFUpdate.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\plugins\BetterBrowse.GCUpdate.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.
C:\Program Files (x86)\BetterBrowse\bin\plugins\BetterBrowse.IEUpdate.dll (PUP.Optional.BetterBrowse.A) -> Spostato in quarantena ed eliminato con successo.

(fine)

# AdwCleaner v3.015 - Report created 13/12/2013 at 18:57:44
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alberto - ALBERTO-PC
# Running from : C:\Users\Alberto\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Users\Alberto\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Stella\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Stella\AppData\Local\Google\Chrome\User Data\Default\Extensions\kikjpgpbpnapbimplfcbcbakjacpgceb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422362228}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466366628}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13a747ac-0f75-4834-889a-033e8f849beb}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2ff0943e-3ec4-4e3a-94c4-b7a2d3650ff6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c325bb22-92cd-42c3-99e5-6cb47d88377c}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c93b67c2-12bf-469d-9b8c-a20a807e7d99}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71aadf3-fa71-478f-bd7a-c531dd46acb2}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\weDownload Manager Pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weDownload Manager Pro
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v19.0.2 (it)

[ File : C:\Users\Alberto\AppData\Roaming\Mozilla\Firefox\Profiles\id4cghps.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2192 octets] - [23/10/2013 16:40:20]
AdwCleaner[R1].txt - [2252 octets] - [23/10/2013 16:43:56]
AdwCleaner[R2].txt - [2045 octets] - [31/10/2013 17:25:46]
AdwCleaner[R3].txt - [1078 octets] - [31/10/2013 17:48:46]
AdwCleaner[R4].txt - [1729 octets] - [23/11/2013 17:43:07]
AdwCleaner[R5].txt - [10188 octets] - [13/12/2013 18:57:04]
AdwCleaner[S0].txt - [2357 octets] - [23/10/2013 16:44:19]
AdwCleaner[S1].txt - [1835 octets] - [31/10/2013 17:26:11]
AdwCleaner[S2].txt - [1141 octets] - [31/10/2013 17:49:11]
AdwCleaner[S3].txt - [1814 octets] - [23/11/2013 17:43:39]
AdwCleaner[S4].txt - [8260 octets] - [13/12/2013 18:57:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [8320 octets] ##########
cbbusto
Inviato: Friday, December 13, 2013 11:47:59 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Adesso hai fatto le scansioni giuste, certo che ne avevi di schifezze, il pc è sicuramente migliorato.
Per le voci da eliminare devi rifare la scansione con HJT e postare il log aggiornato con tutte le eliminazioni fatte devo vedere cos'è rimasto.
Dimmi se il pc va bene. Ciao
tempesta10
Inviato: Saturday, December 14, 2013 3:50:08 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao cbbusto,
posto il nuovo log di HJT, prima di fare il log ho eseguito una pulizia con Ccleaner eliminando altre voci dal registro di sistema.
Il computer effettivamente va meglio, ma da quanto ho visto non ho risolto il problema ci sono ancore delle pagine che si aprono da sole.

Ecco qualche esempio:
Prova a vincere un iPhone 4!
Incontri Adult - Pagina principale
http://ad.payclick.it/scripts/click....6a1f&chan=6290
InfoJobs.it - Il numero 1 in Italia per l'offerta di lavoro
http://ad.payclick.it/scripts/click....6a1f&chan=6290
Redirect
https://secure.dcode.eu/itag/urlRedi...82115108764672


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:43:29, on 14/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\LSM\lsm.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [EPSONFF5C22] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRE.EXE /FU "C:\Windows\TEMP\E_SA62.tmp" /EF "HKCU" (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Stella')
O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart (User 'Stella')
O4 - S-1-5-21-1294507179-1061758829-1366383323-1001 Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Stella')
O4 - S-1-5-21-1294507179-1061758829-1366383323-1001 User Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (User 'Stella')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\LSM\aus.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Log Session Manager (Log S.M.) - MS - C:\Program Files (x86)\LSM\lsm.exe
O23 - Service: Marine Aquarium LiteService (MarineAquarium3Free_57Service) - COMPANYVERS_NAME - C:\PROGRA~2\MARINE~2\bar\1.bin\57barsvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service (McOobeSv) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14486 bytes

Grazie ancora per l'aiuto
cbbusto
Inviato: Saturday, December 14, 2013 6:36:26 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il log non presenta infezioni c'è solo qualche voce in avvio da eliminare.
Le pagine pubblicitarie o i banner di pubblicità appaiono in molti siti, quelli che hai citato possono essere siti che hai visitato e avendo memorizzato la tua visita ti inviano la pubblicità, non si tratta di infezioni ma di seccature.
La pubblicità si può bloccare con delle estensioni per il browser, un'estensione molto valida per firefox è AdblockPlus, se non l'hai installato lo trovi QUI prova ad installarlo e molta pubblicità verà bloccata.
Ho visto cher hai la pagina iniziale di Libero, quel sito contiene molta pubblicità, cambiala e metti quella di Google.

Elimina le seguenti voci:

Chiudi tutti i programmi e disconnesso lanci HJT e clicca sul secondo pulsante: Do a system scan only poi metti la spunta alle voci che ti indico e alla fine clic su Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll - questa toolbar è inutile.

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'Stella')

O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Stella')

O4 - HKUS\S-1-5-21-1294507179-1061758829-1366383323-1001\..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe -AutoStart (User 'Stella') - Questo sarebbe bene non usarlo.

Ora vai in C:1windows, cerca la cartella Prefetch la apri e cancella tutto il contenuto, lascia la cartella.

Non c'è altro, fai sapere se la pubblicità appare ancora. Ciao




tempesta10
Inviato: Sunday, December 15, 2013 5:57:28 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao cbbusto,
fatto tutto, per il momento sembra risolto.

Ancora Molte Grazie.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.