vediamo se si riavvia anche con mbam
scaricalo da qui
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
Se ricordi ieri ti ho scritto di aver gia fatto la scansione completa con mbam e non aveva trovato nulla! La rifaccio?Originariamente inviato da menatwork
vediamo se si riavvia anche con mbam
scaricalo da qui
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto .
facciamo una scansione piu' approfondita visto che non so' ancora se in quel pc c'e' qualche processo stranoLa rifaccio?
scarica combofix sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt
come usare correttamente combofix
ComboFix 12-09-24.03 - micro 25/09/2012 20.10.29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.2039.1077 [GMT 2:00]
Eseguito da: c:\users\micro\Desktop\File scaricati\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\programdata\Roaming
c:\users\micro\AppData\Roaming\chrtmp
c:\windows\IsUn0410.exe
c:\windows\system32\DEBUG.log
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
c:\windows\system32\tmpD523.tmp
c:\windows\system32\tmpD524.tmp
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-25 al 2012-09-25 )))))))))))))))))))))))))))))))))))
.
.
2012-09-25 18:19 . 2012-09-25 18:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-25 18:19 . 2012-09-25 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-25 15:16 . 2012-09-25 15:16 -------- d-----w- C:\_OTL
2012-09-25 13:15 . 2012-09-25 13:15 -------- d-----w- c:\users\micro\AppData\Roaming\Avira
2012-09-25 13:08 . 2012-06-05 22:40 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-09-25 13:08 . 2012-06-05 22:40 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-09-25 13:08 . 2012-06-05 22:40 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-09-25 13:08 . 2012-09-25 13:08 -------- d-----w- c:\program files\Avira
2012-09-25 08:03 . 2012-09-25 13:08 -------- d-----w- c:\programdata\Avira
2012-09-25 07:48 . 2012-09-25 07:48 -------- d-----w- c:\users\micro\AppData\Local\Adobe
2012-09-24 13:31 . 2012-09-24 13:31 -------- d-----w- c:\program files\Trend Micro
2012-09-22 17:30 . 2012-09-22 17:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-19 17:36 . 2012-09-19 17:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-09-19 17:36 . 2012-09-19 17:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-09-19 09:45 . 2012-09-24 21:12 -------- d-----w- c:\users\micro\AppData\Roaming\vlc
2012-09-04 05:20 . 2012-09-04 05:20 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-09-07 15:04 . 2011-03-06 22:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 18:24 . 2012-06-25 18:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2010-12-22 11:48 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 22:55 . 2012-07-06 22:55 716318 ----a-w- c:\windows\unins000.exe
2012-09-19 17:36 . 2011-07-24 00:55 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-12-30 39408]
"Akamai NetSession Interface"="c:\users\micro\AppData\Local\Akamai\ne tsession_win.exe" [2012-08-10 4440896]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-09-25 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-04 166424]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2008-04-04 133656]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
.
c:\users\micro\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\micro\AppData\Local\Facebook\Messenger\2. 1.4631.0\FacebookMessenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-4 727592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^micro^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.85u1.lnk]
path=c:\users\micro\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\FreeRapid 0.85u1.lnk
backup=c:\windows\pss\FreeRapid 0.85u1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^micro^AppData^Roamin g^Microsoft^Windows^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\users\micro\AppData\Roaming\Microsoft\Wind ows\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvgUninstallURL]
start http://www.avg.com/it.special-uninst...21165901319969 [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
c:\combofix\CF9050.cfxxe [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-09-25 10:03 116648 ----atw- c:\users\micro\AppData\Local\Google\Update\GoogleU pdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
c:\program files\Samsung\Kies\KiesHelper.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-02-27 12:43 801792 ----a-w- c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
"Google Update"="c:\users\micro\AppData\Local\Google\Updat e\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"IgfxTray"=c:\windows\system32\igfxtray.exe
"PlusService"=c:\program files\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3973232790-3541760369-3520787654-1000]
"EnableNotificationsRef"=dword:00000001
.
S0 86519692;86519692 Boot Guard Driver;c:\windows\system32\DRIVERS\86519692.sys [x]
S1 86519691;86519691;c:\windows\system32\DRIVERS\8651 9691.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-12-30 10:52]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 00:25]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-30 00:25]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973232790-3541760369-3520787654-1000Core.job
- c:\users\micro\AppData\Local\Google\Update\GoogleU pdate.exe [2012-09-25 10:03]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3973232790-3541760369-3520787654-1000UA.job
- c:\users\micro\AppData\Local\Google\Update\GoogleU pdate.exe [2012-09-25 10:03]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
mStart Page =
uInternet Settings,ProxyOverride = <local>
IE: Compila Modulo - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Personalizza - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Barra strumenti - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Salva Moduli - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 62.13.173.92 62.13.173.93
FF - ProfilePath - c:\users\micro\AppData\Roaming\Mozilla\Firefox\Pro files\q6l988lt.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - www.libero.it
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={7F374998-3E26-4B77-8073-F293AA711270}&mid=7612807bccc847d18fd6d157710e2381-cc6d22c8a768088eab90cf6c7521165901319969&lang=it&d s=AVG&pr=pr&d=2011-09-09 23:08&v=12.2.5.32&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4619105f-8f56-4dc3-bb47-ede6e2993355} - (no file)
HKCU-Run-Facebook Update - c:\users\micro\AppData\Local\Facebook\Update\Faceb ookUpdate.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-KiesPDLR - c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDL R.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\micro\AppData\Local\PowerOffer\unins000.e xe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-Akamai - c:\users\micro\AppData\Local\Akamai\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\micro\AppData\Local\Unity\WebPlayer\Unins tall.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-25 20:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\A kamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{724D43A0-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,ce,40,5 e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{4619105F-8F56-4DC3-BB47-EDE6E2993355}"=hex:51,66,7a,6c,4c,1d,38,12,31,13,0 a,
42,64,c1,ad,08,c4,51,ae,a6,e7,c7,77,41
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,e a,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a 4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{9421DD08-935F-4701-A9CA-22DF90AC4EA6}"=hex:51,66,7a,6c,4c,1d,38,12,66,de,3 2,
90,6d,dd,6f,02,d6,dc,61,9f,95,f2,0a,b2
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0 b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,c c,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b 1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{724D43A9-0D85-11D4-9908-00400523E39A}"=hex:51,66,7a,6c,4c,1d,38,12,c7,40,5 e,
76,b7,43,ba,54,e6,1e,43,00,00,7d,a7,8e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,2 3,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4 b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,d b,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,1 6,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f 9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:60,e5,d5,72,53,1d,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2012-09-25 20:22:41
ComboFix-quarantined-files.txt 2012-09-25 18:22
ComboFix2.txt 2011-08-12 13:38
ComboFix3.txt 2011-04-28 10:22
.
Pre-Run: 54.658.756.608 byte disponibili
Post-Run: 54.682.095.616 byte disponibili
.
- - End Of File - - FD683EAC588E69AB8500F6D035A78FEF
apri otl e clicca su clean up verra' rimosso combofix e lo stesso otl
scarica ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)
Correzione errori File di Registro
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI
scarica atf cleaner
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select
disattiva il ripristino
riavvia
riattivalo e crea un nuovo punto
posta un nuovo log di hijackthis e fammi sapere se ricontri altri problemi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.44.13, on 26/09/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\micro\AppData\Local\Akamai\netsession_win .exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\micro\AppData\Local\Akamai\netsession_win .exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Users\Public\Documents\AppData\PoApp\PService.e xe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {4619105f-8f56-4dc3-bb47-ede6e2993355} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher. exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [EPSON29B9D6 (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\Windows\TEMP\E_S5D8A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON29B9D6 (Epson Stylus SX420W) (Copia 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\Windows\TEMP\E_SF5C8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\Windows\TEMP\E_SFCE8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series (Copia 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\Windows\TEMP\E_S4E6D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series (Copia 2)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIG CE.EXE /FU "C:\Windows\TEMP\E_SEAEC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\micro\AppData\Local\Akamai\netsession_wi n.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\micro\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = C:\Users\micro\AppData\Local\Facebook\Messenger\2. 1.4631.0\FacebookMessenger.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Compila Modulo - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Personalizza - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Barra strumenti - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Salva Moduli - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Compila - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Compila Modulo - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Salva - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Salva Moduli - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Barra strumenti - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmn...Detection2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D6A2BB4-CE18-4D23-9E4B-7AD58DB0CA4E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEEEC86C-995F-47C5-9BE1-8ADE7D08288F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F96D83CD-0DA1-4C9F-9E59-9D4863478E04}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\Networ kLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\onda_mon.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
--
End of file - 11315 bytes
apri hijackthis riesegui la scansione e metti la spunta a queste righe poi premi fix checked (te lo avevo gia' chiesto all'inizio della discussione) se non mi segui e' inutile
riesegui adwcleaner e clicca su delete
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R3 - URLSearchHook: (no name) - {4619105f-8f56-4dc3-bb47-ede6e2993355} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKUS\S-1-5-18\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = C:\Users\micro\AppData\Local\Facebook\Messenger\2. 1.4631.0\FacebookMessenger.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D6A2BB4-CE18-4D23-9E4B-7AD58DB0CA4E}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEEEC86C-995F-47C5-9BE1-8ADE7D08288F}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F96D83CD-0DA1-4C9F-9E59-9D4863478E04}: NameServer = 176.31.229.24,176.31.229.25
appena finito fammi sapere se il pc va bene
Allora menat forse e' meglio che ti spiego il dilemma, io ho fatto il tutto ma il problema e' capitato gia ieri e l'altro ieri sera Le operazioni le ho effettuate stando collegato con la chiavetta ma una volta tornato a casa ho dovuto ripristinare ilOriginariamente inviato da menatwork
apri hijackthis riesegui la scansione e metti la spunta a queste righe poi premi fix checked (te lo avevo gia' chiesto all'inizio della discussione) se non mi segui e' inutile
riesegui adwcleaner e clicca su delete
appena finito fammi sapere se il pc va bene
sistema in quanto nn mi fa piu' connettere alla rete wireless. Ora ogni volta che apro una pagina ie mi dice errore nello script della pagina continuare?
una cortesia, segui prima le procedure di pulizia dopo si fanno i controlli per la rete
solo per questa volta chiudiamo un occhio ai moderatori
scarica Scanner Servizio Farbar sul desktop :
Metti la spunta in tutte le caselle
Clicca su "Scan".
Si creerà un log (FSS.txt) nella stessa directory in cui viene eseguito lo strumento.
Posta il log.
mi raccomando allega il log
edit
prova a reimpostare explorer
start > esegui digita inetcpl.cpl e dai invio > avanzate > reimposta
Permessi di invio
Rispondi quotando