Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate il LOG di Hijack Opzioni
marameo
Inviato: Monday, February 10, 2014 12:18:49 AM
Rank: Member

Iscritto dal : 11/22/2007
Posts: 1

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:07:02, on 10/02/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\acer\AppData\Local\VNT\vntldr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHBE.EXE
C:\Windows\System32\rundll32.exe
C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\acer\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1389039809&from=tugs&uid=HitachiXHTS541612J9SA00_SB2D04E4HB33RDHB33RDX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=IT&userid=57461534-6592-429a-45dd-4a15f1fef573&searchtype=ds&q={searchTerms}&installDate=06/01/2014
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=IT&userid=57461534-6592-429a-45dd-4a15f1fef573&searchtype=ds&q={searchTerms}&installDate=06/01/2014
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP0D109978-B799-41BB-9007-812E6DFC47F5&SSPV=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1389039809&from=tugs&uid=HitachiXHTS541612J9SA00_SB2D04E4HB33RDHB33RDX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1389039809&from=tugs&uid=HitachiXHTS541612J9SA00_SB2D04E4HB33RDHB33RDX&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1389039809&from=tugs&uid=HitachiXHTS541612J9SA00_SB2D04E4HB33RDHB33RDX&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0101aw&cd=2XzuyEtN2Y1L1QzutDtDtCzyyB0DyDzyyBtDtCtBzz0A0E0EtN0D0Tzu0CyByDtBtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=1143941858&ir=
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=IT&userid=57461534-6592-429a-45dd-4a15f1fef573&searchtype=ds&q={searchTerms}&installDate=06/01/2014
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerND&co=IT&userid=57461534-6592-429a-45dd-4a15f1fef573&searchtype=ds&q={searchTerms}&installDate=06/01/2014
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: OKitSpace Ads - {3543619C-D563-43f7-95EA-4DA7E1CC396A} - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\IE\OkitSpace.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O2 - BHO: (no name) - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files\VNT\vntldr.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX440"
O4 - HKCU\..\Run: [NextLive] C:\Windows\system32\rundll32.exe "C:\Users\acer\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON1A63AA (Epson Stylus SX440)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE /FU "C:\Windows\TEMP\E_S5737.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON1A63AA (Epson Stylus SX440)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIHBE.EXE /FU "C:\Windows\TEMP\E_S5737.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: Dropbox.lnk = C:\Users\acer\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Servizio di aggiornamento Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Protect your browser's extensions (srvPlgProtect) - Unknown owner - C:\Users\acer\AppData\Roaming\okitspace\protect\PluginProtect.exe

--
End of file - 10566 bytes


grazie mille
Sponsor
Inviato: Monday, February 10, 2014 12:18:49 AM

 
cbbusto
Inviato: Tuesday, February 11, 2014 3:22:52 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Devi postare il log nella sezione dedicata, sicurezza e virus.
Comunque hai degli adware e dirottatori.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Clicca su: Link al sito principale, poi nella pagina che appare clicca su: Free Version Download.
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione COMPLETA del sistema. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Scarica JunkerRemovalTool da qui: http://thisisudax.org/downloads/JRT.exe
Una volta scaricato chiudere tutti i programmi e il browser, per evitare conflitti disattiva momentaneamente anche l’antivirus, lancialo cliccando sull’eseguibile.
Per Vista win 7 e win 8 clic col destro sull’eseguibile ed Eseguire come Amministratore.
Appare il prompt dei comandi, premere un tasto per continuare e il programma inizia la scansione, può durare diversi minuti, lascia fare senza toccare nulla anche se sembra fermo, alla fine appare il Blocco Note col log, JRT.txt copialo e postalo qui.

Tutte le scansioni vanno fatte in modalità NORMALE.

Alla fine rifai la scansione con HJT e posta il nuovo log aggiornato.

I log postali nell'altra sezione, ti rispondo la. Ciao


Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.