| Autore |
 Discussione  |
|
|
alejandro
New Member
42 Messaggi |
 Inserito il - 18/01/2013 : 22:41:44
|
Buonasera, sono nuovo di qua;-)
Spero che qualcuno possa aiutarmi perché ne ho veramente bisogno!
A volte quando cerca qualcosa su google (ho mozilla) mi si aprono pagine pubblicitarie di telecom o di vestiti o di chat ecc..
Ho eseguito il controllo pc con l'antivirus ma niente.
Il log di hijack è questo:
Running processes:
C:\Windows\PLFSetI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://homepage.packardbell[.com]/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273606119705l0444z195f4752c630
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://[www].google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt*://homepage.packardbell[.com]/rdr.aspx?b=ACPW&l=0410&m=easynote_tm85&r=273606119705l0444z195f4752c630
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt*://go.microsoft[.com]/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt*://search.chatzum[.com]/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [20090604] C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.exe /r "C:\Program Files (x86)\Common Files\Datalode\Encore\Hoyle Puzzle Games 2010\encore_reg.rpd"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_Chiavetta Internet] "C:\Program Files (x86)\Chiavetta Internet\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ED5A95A-0242-4EE0-9A4C-7E2F2F778D5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FC01077-9F34-46DD-81F0-053E6BF89F5C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{4EE5E7AB-65AC-4C33-BE5A-180A3B1B8430}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{8660C2F0-5ECD-4069-8721-D1216F83F4B1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{A19680E2-058D-43A6-8340-B3C9EA440349}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0333306-FB93-4C8F-AD9F-A9896D5D11B6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ED5A95A-0242-4EE0-9A4C-7E2F2F778D5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2ED5A95A-0242-4EE0-9A4C-7E2F2F778D5E}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service:  %SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Chiavetta Internet. OUC (Chiavetta Internet. RunOuc) - Unknown owner - C:\Program Files (x86)\Chiavetta Internet\UpdateDog\ouc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: %SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: %systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: %SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Ale\AppData\Local\PosService\Pos.exe
O23 - Service: %systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: %SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ale\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: %SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Ale\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: %systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: %SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: %SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: %SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: %SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: %systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: %SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: %systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: %Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14326 bytes
|
Modificato da - in Data
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 19/01/2013 : 08:35:55
|
ciao e benvenuto nel forum, hai delle infezioni abbastanza rognose da eliminare, segui questi passaggi
la prima scansione devi eseguirla con adwcleaner scegli l'opzione delete o elimina, tralascia le altre e posta il log che rilascia
scarica combofix sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt
come usare correttamente combofix
non usare il pc durante la scansione, nemmeno il mouse! |
 |
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 19/01/2013 : 16:44:02
|
Grazie Shang per l'aiuto.
ecco il log di adwcleaner:
Fermato & Eliminato : Application Updater
***** [File / Cartelle] *****
Cartella Eliminato : C:\Program Files (x86)\Application Updater
Cartella Eliminato : C:\Program Files (x86)\Common Files\spigot
Cartella Eliminato : C:\ProgramData\boost_interprocess
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\Users\Ale\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\Ale\AppData\Local\Tarma Installer
Cartella Eliminato : C:\Users\Ale\AppData\LocalLow\Search Settings
Cartella Eliminato : C:\Users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\vg2whhnd.default\extensions\staged
***** [Registro] *****
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Search Settings
Chiave Eliminata : HKCU\Software\Search Settings
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKCU\Software\Tarma Installer
Chiave Eliminata : HKLM\Software\Application Updater
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Chiave Eliminata : HKLM\Software\Search Settings
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Valore Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
***** [Browser Internet] *****
-\\ Internet Explorer v9.0.8112.16457
Sostituito : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum[.com]/ --> hxxp://[www].google[.com]
-\\ Mozilla Firefox v10.0.2 (it)
File : C:\Users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\vg2whhnd.default\prefs.js
C:\Users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\vg2whhnd.default\user.js ... Eliminato !
Eliminata : user_pref("browser.startup.homepage", "hxxp://search.chatzum[.com]/");
Eliminata : user_pref("browser.newtab.url", "search.chatzum[.com]");
-\\ Google Chrome v24.0.1312.52
File : C:\Users\Ale\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File Pulito.
*************************
AdwCleaner[S1].txt - [4492 octets] - [19/01/2013 16:38:58]
########## EOF - C:\AdwCleaner[S1].txt - [4552 octets] ##########
Ora proseguo con il secondo passaggio. |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 19/01/2013 : 16:50:33
|
cerca di seguire le regole del forum, i log vanno allegati non copiati |
|
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 19/01/2013 : 17:05:48
|
Ops, scusa. il problema è che se clicco su allega file mi dice che non sono autorizzato ad usare questa funzione...
Ok ce l'ho fatta!
htt*://[www].freefilehosting.net/combofix |
Modificato da - alejandro in data 19/01/2013 17:16:47 |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 19/01/2013 : 17:41:32
|
ora apri un file di testo e copia/incolla questo codice
Citazione:
folder::
c:\users\Ale\AppData\Local\PowerOffer
c:\users\Ale\AppData\Local\ServUpdater
c:\users\Ale\AppData\Local\PosService
c:\users\Ale\AppData\Local\SoftwareUpdater
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PosService"=-
driver::
PowerOffer Service
ServUpdater
SoftwareUpd
Salva il file nella stessa posizione dove è presente combofix.exe e chiamalo CFScript.txt
Adesso trascina il file CFScript.txt su combofix.exe
Riavvia il pc se ti viene richiesto dal programma.
Riavvia e posta il contenuto del file C:\ComboFix.txt
fai anche questa scansione
scarica OTL sul desktop
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)
Allegalo come il precedente |
|
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 19/01/2013 : 19:10:17
|
primo passaggio:
htt*://[www].freefilehosting.net/combofix_2 |
|
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 19/01/2013 : 19:26:43
|
htt*://[www].freefilehosting.net/extras
htt*://[www].freefilehosting.net/otl |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 19/01/2013 : 20:05:33
|
non hai eseguito correttamente il passaggio di combofix, dovevi salvarlo sul desktop
adesso cerca di non sbagliare questo passaggio
apri otl e copia nello spazio bianco del programma questo codice (non copiare Citazione)
Citazione:
:OTL
PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService)
SRV - (SoftwareUpd) -- C:\Users\Ale\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
SRV - (PowerOffer Service) -- C:\Users\Ale\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\Ale\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = htt*://search.chatzum[.com]/?q={searchTerms}
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = htt*://search.findeer[.com]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = htt*://search.findeer[.com]
FF - prefs.js..browser.startup.homepage: ' htt*://search.findeer[.com]'
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\microsoft[.com]/GENUINE: disabled File not found
CHR - homepage: htt*://search.findeer[.com]
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2ED5A95A-0242-4EE0-9A4C-7E2F2F778D5E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FC01077-9F34-46DD-81F0-053E6BF89F5C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EE5E7AB-65AC-4C33-BE5A-180A3B1B8430}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8660C2F0-5ECD-4069-8721-D1216F83F4B1}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A19680E2-058D-43A6-8340-B3C9EA440349}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0333306-FB93-4C8F-AD9F-A9896D5D11B6}: NameServer = 176.31.229.24,176.31.229.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/01/19 16:46:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/07 12:09:04 | 000,000,000 | ---D | C] -- C:\Users\Ale\AppData\Local\PowerOffer
[2013/01/07 12:09:03 | 000,000,000 | ---D | C] -- C:\Users\Ale\AppData\Local\ServUpdater
[2013/01/07 12:09:03 | 000,000,000 | ---D | C] -- C:\Users\Ale\AppData\Local\PosService
[2012/12/04 16:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Toolbar
:Files
ipconfig /flushdns /c
:commands
[purity]
[Reboot]
clicca su run fix e allega il log, lo trovi nella cartella di otl
|
|
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 19/01/2013 : 21:53:12
|
non sono riuscito a trovarlo in txt, allora l'ho copiato ed incollato su word, spero non sia un problema.
htt*://[www].freefilehosting.net/otl_3 |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 20/01/2013 : 10:31:31
|
va bene cosi'
esegui una nuova scansione con otl e dimmi se hai ancora problemi
allega il log |
|
|
|
alejandro
New Member
42 Messaggi |
Inserito il - 20/01/2013 : 14:24:47
|
ecco il log:
htt*://[www].freefilehosting.net/otl_5
ti ringrazio infinitamente, per adesso va tutto bene caso mai ti riscriverò.
ho anche notato che all'avvio il pc è molto più rapido e carica tutte le icone in molto meno tempo!
Complimenti per il forum, ho trovato tante cose interessanti! |
Modificato da - alejandro in data 20/01/2013 14:25:30 |
|
|
|
shang
Advanced Member
Città: Roma
4879 Messaggi |
Inserito il - 25/01/2013 : 23:42:58
|
e' tutto a posto
apri otl e clicca su cleanup
scarica e installa CCleaner
Una volta installato configuralo in questo modo:
lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi clicca su:
Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
alla voce Pulizia, nella sezione Avanzate spunta le voci Vecchi dati Prefetch e Disinstallatori aggiornamenti di WinUpdate
nel menu a sinistra, clicca sulla voce Pulizia
clicca su tasto Avvia pulizia per eseguire la scansione
finita la scansione, sempre nel menu a sinistra, clicca sulla voce Registro e spunta tutte le voci comprese nella sezione meno la voce estensioni file non usate
clicca sul tasto Trova problemi ed avvia una scansione
al termine della scansione clicca sulla voce Ripara selezionati e prosegui con la riparazione (questo ultimo passaggio ripetilo più volte, fino a quando non verranno rilevati più problemi da correggere)
disattiva il ripristino
riavvia
riattivalo e crea un nuovo punto
svuota la cartella prefetch ( non eliminarla)
|
|
|
| |
Discussione |
|
|
|
pubblicità che si apre da sola
Forum Bloccato
