Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto log HiJackThis

2 pages: [1] 2
Aiuto log HiJackThis Opzioni
Topic Precedente · Topic Sucessivo
hydrax
Inviato: Friday, October 17, 2014 3:14:24 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
Ciao a tutti mi serve un aiuto con il log di HiJackThis
sto cercando di capire cos'ha il pc di mio fratello si aprono troppe finestre di pubblicita aitomaticamente

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.01.29, on 17/10/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Programmi\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IPSSVC.EXE
C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Programmi\AVG\AVG2015\avgidsagent.exe
C:\Programmi\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Programmi\Intel\WiFi\bin\EvtEng.exe
C:\Programmi\AVG\AVG2015\avgnsx.exe
C:\Programmi\AVG\AVG2015\avgemcx.exe
C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
C:\Programmi\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programmi\Trend Micro\OfficeScan Client\TmPfw.exe
C:\Programmi\Trend Micro\BM\TMBMSRV.exe
C:\Programmi\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Programmi\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrator\Documenti\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dati applicazioni\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Programmi\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-1757981266-152049171-725345543-1018\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thetis.local
O17 - HKLM\Software\..\Telephony: DomainName = thetis.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thetis.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Programmi\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:     
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Programmi\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Programmi\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG2015\avgwdsvc.exe
O23 - Service: AVM_InfoUtenza_Broker - Unknown owner - C:\Server\serviceWrapper\bin\wrapper.exe
O23 - Service: AVM_InfoUtenza_PanelDriver - Unknown owner - C:\Server\serviceWrapper\bin\wrapper.exe
O23 - Service: AVM_InfoUtenza_Server - Unknown owner - C:\Server\serviceWrapper\bin\wrapper.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Programmi\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - c:\postgreSQL\bin\pg_ctl.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Programmi\ThinkPad\Utilities\PWMDBSVC.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Programmi\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Programmi\File comuni\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RTIGGateway - Unknown owner - C:\Server\RTIGGateway\RTIGGateway.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Programmi\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Programmi\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: Ssro Service (SsroService) - SsroService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe
O23 - Service: Ssupd Service (SsupdService) - SsupdService - C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programmi\Trend Micro\OfficeScan Client\TmProxy.exe

--
End of file - 11956 bytes
Torna in alto
 
Sponsor
Inviato: Friday, October 17, 2014 3:14:24 PM

 
Torna in alto
 
r16
Inviato: Friday, October 17, 2014 6:32:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Segui le indicazioni di questa guida:
http://forum.aiutamici.com/yaf_postst90814_Guida-per-eliminare-le-pagine-pubblicitarie-SOLO-LETTURA.aspx
Posta i log richiesti nelle modalità indicate a fine link.
Torna in alto
 
hydrax
Inviato: Saturday, October 18, 2014 10:44:44 AM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
Grazie della risposta r16
poi i log li posto qui o ce una sezione apposita????
Torna in alto
 
giza
Inviato: Saturday, October 18, 2014 11:02:05 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
continua qui altrimenti è difficile seguire il discorso
Torna in alto
 
r16
Inviato: Saturday, October 18, 2014 1:08:04 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Sì, come detto da giza, posta i log, e le tue risposte, sempre in questo topic.
Ciao.
Torna in alto
 
hydrax
Inviato: Saturday, October 18, 2014 3:05:33 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
ok e dopo mezza giornata di scan vi posto finalmente i miei fantastici log

MbamLog.txt
AdwCleanerLog.txt
JRT.txt
OTL.Txt
Extras.Txt

Dovrebbe essere tutto almeno spero :D
Torna in alto
 
giza
Inviato: Saturday, October 18, 2014 4:42:52 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
e adesso come va? si era beccato anche il lyric
Torna in alto
 
hydrax
Inviato: Saturday, October 18, 2014 4:57:45 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
va come prima ancora aspetto le voste risposte :D
Torna in alto
 
hydrax
Inviato: Saturday, October 18, 2014 5:02:01 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
io avrei formattato direttamente il pc ma lui non vuole (non capisco il perche) ha installato roba del 2013 cose da manicomio
Torna in alto
 
r16
Inviato: Saturday, October 18, 2014 9:37:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
SRV - (SsupdService) -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe (SsupdService)
SRV - (SsroService) -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ServiceManager\ssro.exe (SsroService)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:3433;https=127.0.0.1:3433;
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [SsroService]  File not found
O15 - HKLM\..Trusted Domains: thetis.it ([myapps] https in Local intranet)
O15 - HKLM\..Trusted Domains: thetis.it ([mysite] https in Local intranet)
O15 - HKLM\..Trusted Domains: thetis.it ([thetisnet] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: thetis.it ([myapps] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: thetis.it ([mysite] https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: thetis.it ([thetisnet] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: thetis.it ([myapps] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: thetis.it ([mysite] https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: thetis.it ([thetisnet] https in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
[2014/10/06 11.57.24 | 000,004,130 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\kmytnfun.aqy
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Administrator\Documenti\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\Temp:373E1720
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\Temp:AD022376

:Files
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd\ssupd.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ssupd
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\ServiceManager
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log che rilascia.

Poi:
Ripristina Firefox:
https://support.mozilla.org/it/kb/funzione-ripristino-firefox

Ripristina Chrome:
https://support.google.com/chrome/answer/3296214?hl=it

Reimposta IE:
http://support.microsoft.com/kb/923737/it

Infine chiedi se conosce questo:
RTIGGateway
Sembra proveniente dall'India.
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 9:47:26 AM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
no non credo conosca RTIGGateway
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 10:25:30 AM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
nuovo log OTL

10192014_094509.log
Torna in alto
 
r16
Inviato: Sunday, October 19, 2014 11:35:07 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avrei bisogno di una nuova scansione con OTL per completare delle eliminazioni.
Posta il log.
Poi a mio avviso disinstalla Spybot - Search & Destroy. (basta e avanza Malwarebytes Anti-Malware)
Come funziona il pc?
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 3:09:09 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
questo e il nuovo log otl

OTL2.Txt

grazie ancora r16
Torna in alto
 
r16
Inviato: Sunday, October 19, 2014 6:26:03 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

Code:
:OTL
SRV - (RTIGGateway) -- C:\Server\RTIGGateway\RTIGGateway.exe ()
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2014/10/13 10.58.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\McAfee
[2014/10/09 10.55.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
[2013/05/02 17.49.45 | 000,004,934 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\mtbjfghn.xbe
[2013/07/20 11.50.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\OfferBox

:commands
[emptytemp]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log che rilascia.

Dimmi quali problemi riscontri.
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 8:50:10 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
OTL3.log
Torna in alto
 
r16
Inviato: Sunday, October 19, 2014 9:13:53 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Problemi?
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 9:29:53 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
si uno ma non credo sia la sezione giusta

praticamente ho scoperto che mio fratello sta facendo girare windows (xp) da amministratore
ho cercato di creare un account utente ma mi da errore

questo e lo screen del errore
errore.JPG

se sto sbagliando sezione chiedo di essere spostato gentilente
Torna in alto
 
hydrax
Inviato: Sunday, October 19, 2014 9:30:58 PM
Rank: Member

Iscritto dal : 10/17/2014
Posts: 12
per quanto riguarda a quello che abbiamo parlato fin ora e tutto ok spam sparito e il pc si e velocizzato
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Aiuto log HiJackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.