Condividi:        

ANALISI FILE LOG HIJACKTHIS

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 13/09/14 16:17

Ciao a tutti,

ho il problema che mi si aprono siti indesiderati ogni qualvolta sono in internet.
Copio il file log hijackthis; qualcuno potrebbe dirmi se ci sono dei file che devo eliminare e come farlo ?
Grazie mille.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.33.31, on 13/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\lsm\lsm.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alice ti aiuta\McciTrayApp.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
C:\Program Files\Marcs Updater\Marcs Updater.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\giorgio\Documents\Downloads\SoftonicDownloader_per_hijackthis (3).exe
C:\Users\giorgio\Application Data\Contacts\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Shopp ... r&dpid=OB_[[PubID]]_CH&co=IT&userid=f3e460ae-63e4-13d3-e6c3-796e320faa02&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Shopp ... r&dpid=OB_[[PubID]]_CH&co=IT&userid=f3e460ae-63e4-13d3-e6c3-796e320faa02&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://isearch.omiga-plus.com/web/?type ... MAAC69F&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://isearch.omiga-plus.com/web/?type ... MAAC69F&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - (no file)
O4 - HKLM\..\Run: [AliceRV_McciTrayApp] C:\Program Files\Alice ti aiuta\McciTrayApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SmAudio] C:\Program Files\Conexant\SmartAudio\SmAudio.exe -c
O4 - HKLM\..\Run: [Marcs Updater] "C:\Program Files\Marcs Updater\Marcs Updater.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O8 - Extra context menu item: Cerca nel web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\giorgio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1617E3E8-FB69-4D92-BA3F-2F52EB2A6FC6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE5ED4A-5F03-4FC5-91A2-5C80BF310AEF}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61409B1-AB4E-4B7D-9C66-CA2E67518CAB}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files\lsm\aus.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Login Session Manager (LSM) - MS - C:\Program Files\lsm\lsm.exe
O23 - Service: Marcs Updater - Marc Hörsken - C:\Program Files\Marcs Updater\Marcs Updater.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Service Updater (ServUpdater) - ServiceUpd - C:\Users\giorgio\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Update Fortunitas - Unknown owner - C:\Program Files\Fortunitas\updateFortunitas.exe (file missing)
O23 - Service: Update WebSpades - Unknown owner - C:\Program Files\WebSpades\updateWebSpades.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10217 bytes
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Sponsor
 

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 13/09/14 18:11

salva sul desktop questi 2 tool necessariamente sul desktop

http://www.bleepingcomputer.com/downloa ... ol/dl/131/
http://www.bleepingcomputer.com/downloa ... er/dl/125/

chiudi i browser e disattiva la protezione avast , quindi esegui JRT si aprira un prompt , lascia finire la scansione senza eseguire altre attività , al temrine chiudi la finestra

esegui adwcleaner e clicca prima su scansione e attendi i risultati .... quindi clicca su pulisci, infine
conferma con OK i seguenti messaggi per il riavvio del pc

al riavvio posta i 2 log adwcleaner.txt e jrt.txt che trovi sul desktop
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 13/09/14 19:13

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grazie Davide
ho fatto come mi hai detto
questi i log:



Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by giorgio on 13/09/2014 at 19.42.38,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{0BA50F68-348C-48A2-A7B4-C991E3435145}
Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{0D5C1539-DF70-470E-931F-1DB58EFAE4CB}
Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{2F1EDAE5-7B38-4C52-82DB-D47D9054817B}
Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{51F78851-D42C-47E7-A5B3-973C2D5FD8BF}
Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{CCEA6A8E-229A-4DCA-97FC-878923F85EE7}
Successfully deleted: [Empty Folder] C:\Users\giorgio\appdata\local\{EC48ECBF-1FEF-4B3E-B1BD-70BDD658BD3A}
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/09/2014 at 19.46.51,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v3.310 - Rapporto creato 13/09/2014 in 19:51:28
# Aggiornato 12/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nome utente : giorgio - PC-GIORGIO
# In esecuzione da : C:\Users\giorgio\Application Data\Contacts\Desktop\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

[#] Servizio Eliminato : ServUpdater
[#] Servizio Eliminato : Update Fortunitas
[#] Servizio Eliminato : Update WebSpades
Servizio Eliminato : WindowsMangerProtect
Servizio Eliminato : {ed7eb956-75ed-460d-8f69-29a93b07afd1}w

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\ParetoLogic
Cartella Eliminato : C:\ProgramData\WindowsMangerProtect
Cartella Eliminato : C:\Program Files\globalUpdate
Cartella Eliminato : C:\Program Files\iMesh Applications
Cartella Eliminato : C:\Users\giorgio\AppData\Local\freetvradio Air
Cartella Eliminato : C:\Users\giorgio\AppData\Local\genienext
Cartella Eliminato : C:\Users\giorgio\AppData\Local\globalUpdate
Cartella Eliminato : C:\Users\giorgio\AppData\Local\Ilivid Player
Cartella Eliminato : C:\Users\giorgio\AppData\Local\Mobogenie
Cartella Eliminato : C:\Users\giorgio\AppData\Local\moovida air
Cartella Eliminato : C:\Users\giorgio\AppData\Local\Moovida
Cartella Eliminato : C:\Users\giorgio\AppData\Local\PackageAware
Cartella Eliminato : C:\Users\giorgio\AppData\Local\ServUpdater
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\DigitalSites
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\ParetoLogic
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\Store
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\Uniblue
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\VOPackage
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Cartella Eliminato : C:\Users\giorgio\Documents\Mobogenie
Cartella Eliminato : C:\Users\giorgio\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\ffxtlbr@funmoods.com
File Eliminato : C:\Windows\system32\drivers\{ed7eb956-75ed-460d-8f69-29a93b07afd1}w.sys
File Eliminato : C:\Users\giorgio\daemonprocess.txt
File Eliminato : C:\Users\giorgio\AppData\Roaming\Bubble Dock.boostrap.log
File Eliminato : C:\Program Files\Mozilla Firefox\Components\AskSearch.js
File Eliminato : C:\Users\giorgio\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Eliminato : C:\Users\giorgio\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Eliminato : C:\Users\giorgio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_api.ciuvo.com_0.localstorage-journal
File Eliminato : C:\Users\giorgio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Compiti ] *****

Compito Eliminati : ASP
Compito Eliminati : Desk 365 RunAsStdUser
Compito Eliminati : Digital Sites
Compito Eliminati : LaunchSignup
Compito Eliminati : Omiga Plus RunAsStdUser

***** [ Collegamenti ] *****

Collegamento Disinfetatti : C:\Users\giorgio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Collegamento Disinfetatti : C:\Users\giorgio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Avvio applicazioni di Chrome.lnk
Collegamento Disinfetatti : C:\Users\giorgio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Collegamento Disinfetatti : C:\Users\giorgio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registro ] *****

Valore Eliminati : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerbox@spointer.com]
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Chiave Eliminati : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chiave Eliminati : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
Chiave Eliminati : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Chiave Eliminati : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Chiave Eliminati : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn
Chiave Eliminati : HKLM\SOFTWARE\Classes\ToolBand.EasyHideBtn.1
Chiave Eliminati : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper
Chiave Eliminati : HKLM\SOFTWARE\Classes\ToolBand.SkypeIEHelper.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\IMBooster_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\IMBooster_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxhxxpProxy_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\OfferBoxhxxpProxy_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Torntv Downloader_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chiave Eliminati : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chiave Eliminati : HKLM\SOFTWARE\5d52dadee06dee12
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chiave Eliminati : HKCU\Software\FissaSearch
Chiave Eliminati : HKCU\Software\freeTVRadio
Chiave Eliminati : HKCU\Software\GlobalUpdate
Chiave Eliminati : HKCU\Software\Moovida
Chiave Eliminati : HKCU\Software\Nosibay
Chiave Eliminati : HKCU\Software\ParetoLogic
Chiave Eliminati : HKCU\Software\Spointer
Chiave Eliminati : HKCU\Software\Store
Chiave Eliminati : HKCU\Software\Uniblue
Chiave Eliminati : HKCU\Software\vShare.tv
Chiave Eliminati : HKCU\Software\AppDataLow\Software\mediabarim
Chiave Eliminati : HKCU\Software\AppDataLow\Software\ShoppingReport
Chiave Eliminati : HKLM\SOFTWARE\GlobalUpdate
Chiave Eliminati : HKLM\SOFTWARE\hdcode
Chiave Eliminati : HKLM\SOFTWARE\iLividSRTB
Chiave Eliminati : HKLM\SOFTWARE\omiga-plusSoftware
Chiave Eliminati : HKLM\SOFTWARE\omigaplusSvc
Chiave Eliminati : HKLM\SOFTWARE\ParetoLogic
Chiave Eliminati : HKLM\SOFTWARE\supWindowsMangerProtect
Chiave Eliminati : HKLM\SOFTWARE\Trymedia Systems
Chiave Eliminati : HKLM\SOFTWARE\Uniblue
Chiave Eliminati : HKLM\SOFTWARE\V9
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280

Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Impostazioni Ripristinato : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v

[ File : C:\Users\giorgio\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\giorgio\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Eliminati [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6D47061F3A45E7EB&affID=123925&tt=110813_Dmntr&tsp=4974
Eliminati [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0AyEyD0EyB0E0B0D0AtB0CtN0D0Tzu0CtByDtDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1419058042
Eliminati [Search Provider] : hxxp://slirsredirect.search.aol.com/sli ... 120&query={searchTerms}&invocationType=tb50hpcnnbie7-it-it
Eliminati [Search Provider] : hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
Eliminati [Search Provider] : hxxp://it.kelkoopartners.net/ctl/do/sea ... archQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930
Eliminati [Search Provider] : hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q={searchTerms}&crm=1&toolbar=BT
Eliminati [Search Provider] : hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17164
Eliminati [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
Eliminati [Search Provider] : hxxp://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=it_IT
Eliminati [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={0969C5B8-1224-11E1-BF94-001E68168CE5}
Eliminati [Search Provider] : hxxp://startsear.ch/?aff=1&src=sp&cf=76 ... 8168ce5&q={searchTerms}
Eliminati [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYR ... -cs0g,,&q={searchTerms}
Eliminati [Search Provider] : hxxp://search.conduit.com/Results.aspx? ... 8F769AB&q={searchTerms}&SSPV=
Eliminati [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=5C99B260-8AE4-4314-A2C7-88188AD9D0C7&n=780bfd1a&ind=2014051610&p2=^UX^xdm406^YYA^it&si=CKTXi8mksb4CFckBwwod_CsA5A
Eliminati [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type ... MAAC69F&q={searchTerms}
Eliminati [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=5C99B260-8AE4-4314-A2C7-88188AD9D0C7&n=780bfd1a&ind=2014051610&p2=^UX^xdm406^YYA^it&si=CKTXi8mksb4CFckBwwod_CsA5A
Eliminati [Search Provider] : hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6D47061F3A45E7EB&affID=129300&tt=020914_onst&tsp=5364
Eliminati [Search Provider] : hxxp://www.softonic.it/s/{searchTerms}
Eliminati [Homepage] : hxxp://feed.snapdo.com/?publisher=Shopp ... r&dpid=OB_[[PubID]]_CH&co=IT&userid=f3e460ae-63e4-13d3-e6c3-796e320faa02&searchtype=hp&installDate={installDate}&barcodeid={barcodeID}&um={UM}
Eliminati [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Eliminati [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
Eliminati [Extension] : flpcjncodpafbgdpnkljologafpionhb
Eliminati [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
Eliminati [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [18322 octets] - [13/09/2014 19:48:23]
AdwCleaner[S0].txt - [18059 octets] - [13/09/2014 19:51:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18120 octets] ##########
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 13/09/14 19:31

si aprono ancora le pagine indesiderate? non usare softonic per scaricare i file perchè ti tiri dentro adware dirottatori e toolbar nocive
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 13/09/14 20:08

Si mi si aprono ancora. Provo a rifare le operazioni di prima?
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 13/09/14 20:15

controlla nelle opzioni del browser i motori di ricerca sospetti
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 13/09/14 21:11

La situazione e' peggiorata. Continuano ad aprirsi pagine molto piu' di frequente. Io uso chrome ma sulla barra menu' start si aprono tutti i siti con explorer. non so piu' che fare
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 13/09/14 21:26

proviamo cosi....disattiva avast e salva questo sul desktop http://www.bleepingcomputer.com/downloa ... fix/dl/12/

start >clic destro su computer e proprietà > protezione di sistema >configura > metti la spunta su disattiva protezione di sistema applica ok, chiudi tutti i broweser ed esegui combofix , rispondi con NO ad eventuale messaggio sull' installazione consolle di riprisitno, quindi inizierà una scansione del sistema da finestra di prompt, attendi pazientemente senza eseguire alcuna attività
al termine il pc verrà riavviato automaticamente

carica su wikisend http://wikisend.com/ il log combofix.txt che trovi in C/combofix.txt , e relativo link per visonare il log
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 11:26

Grazie,
la scansione e' stata effettuata, mi ha creato il log che ho sullo schermo ma il PC non si riavvia in automatico. Posso procedere comunque con wikisend?
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 12:01

ah si scusa, mi son confuso con un altro tool che riavviava automaticamente il pc, quindi fai cosi...posta pure il log di combofix su wikisend
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 12:06

giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 12:26

non va bene, perchè combofix non è stato eseguito dalla directory desktop corretta quindi elimina il log di combofix.txt
poi vai qui c:\users\giorgio\Application Data\Contacts\Desktop\ComboFix.exe clic destro su combofix.exe e taglia
poi vai qui c:\users\giorgio\Desktop\ nella colonna di sinistra seleziona Desktop quindi incolla

premesso che avast e protezione di sistema siano disattivati, fai clic destro sull' icona di combofix ed esegui come amministratore
e ripeti la stessa procedura , scansione ecc...al termine non riavviare il pc e posta il nuovo log di combofix
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 13:27

apri un blocco note come amministratore e copia incolla questo codice , quindi salvalo con nome CFScript.txt quindi chiudi i broweser e trascina il CFScript.txt sull' icona di combofix per eseguire la pulizia (nota che combofix deve essere in questo percorso c:\users\giorgio\Desktop\) poi posta il log

Codice: Seleziona tutto
DDS ::
IE: Cerca nel web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{2AE5ED4A-5F03-4FC5-91A2-5C80BF310AEF}\35F6E6970285075627961602479607F6F566833313: NameServer = 8.8.8.8,8.8.4.4
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 13:43

Questo e il log di combo eseguito come amministratore.
http://wikisend.com/download/544030/ComboFix.txt
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 13:48

come vedi è stato ancora eseguito da qui: c:\users\giorgio\Application Data\Contacts\Desktop\ComboFix.exe, quando invece ti avevo chiesto di eseguirlo da qui c:\users\giorgio\Desktop, cmq rileggi il mio post sopra e segui la procedura del CFScript

poi posta il log
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 15:19

giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 15:30

ok, adesso elimina tutti i log di combofix e poi apri un blocco note come amministratore e copia incolla il codice qui sotto , quindi salvalo con nome CFScript.txt poi chiudi i browser , disattiva avast e trascina il CFScript.txt sull' icona di combofix per eseguire la pulizia, al termine posta il nuovo log

Codice: Seleziona tutto
DDS ::
IE: Cerca nel web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{2AE5ED4A-5F03-4FC5-91A2-5C80BF310AEF}\35F6E6970285075627961602479607F6F566833313: NameServer = 8.8.8.8,8.8.4.4
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 16:05

giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Re: ANALISI FILE LOG HIJACKTHIS

Postdi davide72 » 14/09/14 16:29

niente , riprova col nuovo codice , ricorda di salvare come CFScript e posta il log

Codice: Seleziona tutto
Killall ::

DDS ::
IE: Cerca nel web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{2AE5ED4A-5F03-4FC5-91A2-5C80BF310AEF}\35F6E6970285075627961602479607F6F566833313: NameServer = 8.8.8.8,8.8.4.4
Folder ::
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
File ::
c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
davide72
Utente Senior
 
Post: 6494
Iscritto il: 10/06/14 22:01

Re: ANALISI FILE LOG HIJACKTHIS

Postdi giurgeta 72 » 14/09/14 22:05

Ho riprovato, comunque sembrerebbe risolto il problema.Non si aprono piu' pagine indesiderate. Questo l'ultimo log. Grazie di tutto

http://wikisend.com/download/457990/Combo1.txt
giurgeta 72
Utente Junior
 
Post: 19
Iscritto il: 13/09/14 16:10

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "ANALISI FILE LOG HIJACKTHIS":

pc non scarica file IPK
Autore: carlin
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 51 ospiti