Salve ragazzi
come faccio ad eliminare MyStart IncrediBar.com ? dalla pagina iniziale
uso firefox, ho cancellato MyStart IncrediBar.com dalla pagine predefinita e cancellato nella gestione componenti aggiunive estensione
Salve ragazzi
come faccio ad eliminare MyStart IncrediBar.com ? dalla pagina iniziale
uso firefox, ho cancellato MyStart IncrediBar.com dalla pagine predefinita e cancellato nella gestione componenti aggiunive estensione
ciao
prova con adwcleaner clicca sul pulsante delete e posta il log
grazie per la risposta.
non ha funzionato...ricompare.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22.17.58, on 19/09/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Programmi\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Nokia\Nokia Suite\NokiaSuite.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Updater\Updater.exe
C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Programmi\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Programmi\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1F831FA9-42FC-11D4-95A6-0080AD30DCE1} (InstaFred Control) - file:///C:/Programmi/AutoCAD%20LT%202000i%20Ita/InstFred.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Controllo AcDc oggi) - file:///C:/Programmi/AutoCAD%20LT%202000i%20Ita/AcDcToday.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Controllo AcPreview) - file:///C:/Programmi/AutoCAD%20LT%202000i%20Ita/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8623A30-9C52-40A1-83E8-893E5E599E2D}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Programmi\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
--
End of file - 6959 bytes
scarica OTL e salvalo sul desktop
Metti la spunta su SCAN ALL USERS.
Sotto output, metti la spunta su minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check e Purity Check.
Clicca su RUN SCAN
Lascia fare la scansione senza interferire.
Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
grazie di nuovo menatwork...sto procedento
Originariamente inviato da menatwork
scarica OTL e salvalo sul desktop
Metti la spunta su SCAN ALL USERS.
Sotto output, metti la spunta su minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check e Purity Check.
Clicca su RUN SCAN
Lascia fare la scansione senza interferire.
Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,
ecco
Extras.Txt
OTL.Txt
controlla questa cartella se non la conosci eliminala
C:\Documents and Settings\utente\Dati applicazioni\wtxpcom
vai qui e controlla questo file se viene riconosciuto nocivo
C:\WINDOWS\System32\emptyregdb.dat
adesso apri OTL e copia nello spazio bianco questo testo
clicca su run fix e attendi ...alla fine della scansione verra' prodotto un log che dovrai allegare:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\utente\Desktop\PC WIZARD\pcwiz_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb174/?loc=IB_DS&a=6R8FFvuvei&&i=26&search="
O4 - HKU\S-1-5-21-839522115-1004336348-1177238915-1003..\Run: [] File not found
:file
C:\Programmi\1ClickDownload\1ClickDownload.exe
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Programmi\1ClickDownload\1ClickDownload.ex e" =-
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Reboot]
riesegui una nuova scansione con OTL e posta anche questo rapporto
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File C:\Documents and Settings\utente\Desktop\PC WIZARD\pcwiz_x32.sys not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE9 3-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "http://mystart.incredibar.com/mb174/?loc=IB_DS&a=6R8FFvuvei&&i=26&search=" removed from keyword.URL
Registry value HKEY_USERS\S-1-5-21-839522115-1004336348-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run \\ deleted successfully.
Error: Unable to interpret <:file> in the current context!
Error: Unable to interpret <C:\Programmi\1ClickDownload\1ClickDownload.exe> in the current context!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List\\C:\Programmi\ 1ClickDownload\1ClickDownload.exe deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33177 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: utente
->Temp folder emptied: 73281451 bytes
->Temporary Internet Files folder emptied: 1507039 bytes
->FireFox cache emptied: 71189671 bytes
->Google Chrome cache emptied: 6645443 bytes
->Flash cache emptied: 543 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352329 bytes
%systemroot%\System32 .tmp files removed: 33884997 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 180,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: utente
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.64.0 log created on 09202012_124531
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Originariamente inviato da menatwork
controlla questa cartella se non la conosci eliminala
C:\Documents and Settings\utente\Dati applicazioni\wtxpcom
vai qui e controlla questo file se viene riconosciuto nocivo
C:\WINDOWS\System32\emptyregdb.dat
adesso apri OTL e copia nello spazio bianco questo testo
clicca su run fix e attendi ...alla fine della scansione verra' prodotto un log che dovrai allegare
riesegui una nuova scansione con OTL e posta anche questo rapporto