Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 7 su 7
  1. 17-07-2013, 14:04 #1
    rebelia
    rebelia non è in linea
    Lupa bannara L'avatar di rebelia
    Registrato dal
    Nov 2003
    Messaggi
    16,836

    virus "fantasma" o altro problema?

    ciao a tutti

    mi hanno portato un laptop dicendo che "era sparito opera" e internet explorer non si connetteva, cosi' ho verificato l'errore ed effettivamente opera era sparito e internet explorer crashava; pensando a uno di quei malware che impediscono di connettersi in rete per cercare soluzioni, ho proceduto come da tabella di marcia:

    -cclean
    -aggiornamento so
    -superantispyware
    -avira antivir
    -malwarebytes
    -hijackthis

    il fatto e' che nulla (da superantispyware in giu') sembra aver trovato qualcosa; ie crasha ancora (poco male: non e' mai stato usato) e io avrei gentilmente bisogno che qualcuno desse un'occhiata ai log di malwarebytes e di hijackthis per confermare che il problema sta altrove

    grazie


    malwarebytes:
    ------

    Malwarebytes Anti-Malware (Prova) 1.75.0.1300
    www.malwarebytes.org

    Versione database: v2013.07.16.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    xxx :: PC-xxx [amministratore]

    Protezione: Attivata

    17/07/2013 11.57.00
    mbam-log-2013-07-17 (11-57-00).txt

    Tipo di scansione: Scansione completa (C:\|E:\|F:\|)
    Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
    Opzioni di scansione disattivate: P2P
    Elementi esaminati: 326689
    Tempo impiegato: 1 ore, 23 minuti, 34 secondi

    Processi rilevati in memoria: 0
    (non sono stati rilevati elementi nocivi)

    Moduli di memoria rilevati: 0
    (non sono stati rilevati elementi nocivi)

    Chiavi di registro rilevate: 0
    (non sono stati rilevati elementi nocivi)

    Valori di registro rilevati: 0
    (non sono stati rilevati elementi nocivi)

    Voci rilevate nei dati di registro: 0
    (non sono stati rilevati elementi nocivi)

    Cartelle rilevate: 0
    (non sono stati rilevati elementi nocivi)

    File rilevati: 0
    (non sono stati rilevati elementi nocivi)

    (fine)




    hijackthis:
    ----
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 13.50.02, on 17/07/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16496)


    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digisoft AntiDialer\AntiDialer.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Opera\15.0.1147.141\opera.exe
    C:\Program Files\Opera\15.0.1147.141\opera_crashreporter.exe
    C:\Program Files\Opera\15.0.1147.141\opera.exe
    C:\Program Files\Opera\15.0.1147.141\opera.exe
    C:\Program Files\Opera\15.0.1147.141\opera.exe
    C:\Program Files\Opera\15.0.1147.141\opera.exe
    C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe
    C:\Users\xxx\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Avira SearchFree Toolbar plus Web Protection BHO - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier .exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Program Files\Digisoft AntiDialer\AntiDialer.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Inizia a fare affari su eBay.it! - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: Servizio di aggiornamento Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9367 bytes
    fotti il sistema... studia!
    Rispondi quotando Rispondi quotando
  2. 17-07-2013, 14:46 #2
    SkinBonno
    SkinBonno non è in linea
    Utente di HTML.it L'avatar di SkinBonno
    Registrato dal
    Dec 2007
    residenza
    Bologna
    Messaggi
    1,139
    ciao, c'è qualche toolbar da togliere e un file che poi controlleremo, intanto fai queste due scansioni per essere certi che il pc sia effettivamente pulito

    Scarica adwcleaner , avvialo, premi delete e attendi la fine dell'operazione.
    Posta il log generato.

    Scarica Combofix usando Internet Explorer e salvalo sul desktop. Quando lo salvi, rinominalo in abc.exe. Disconnettiti da internet, disattiva l'antivirus. Avvia Combofix (abc.exe) e attendi la fine della scansione.
    Non eseguire nessuna operazione mentre Combofix analizza il pc, non muovere nemmeno il mouse, potresti bloccare la scansione.
    Finita la scansione il pc si dovrebbe riavviare e in C: dovresti avere un rapporto Combofix.txt. Carica questo rapporto su Wikisend e riporta sul forum il link che otterrai.

    N.B. Nel caso non riesci a fare partire combofix, da start-->esegui copia e incolla questa riga di comando comprese le virgolette e dai invio:

    "%userprofile%\desktop\abc.exe" /killall

    La scansione dovrebbe partire in automatico.
    La vita è fatta a scale, c'è chi scende e c'è chi cade.

    Se avrei studiato, avessi imparato. [Cit. Leone di Lernia ]
    Rispondi quotando Rispondi quotando
  3. 17-07-2013, 18:52 #3
    rebelia
    rebelia non è in linea
    Lupa bannara L'avatar di rebelia
    Registrato dal
    Nov 2003
    Messaggi
    16,836
    adwcleaner:
    ---
    # AdwCleaner v2.305 - Logfile creato il 17/07/2013 alle 17:57:58
    # Aggiornamento 11/07/2013 by Xplode
    # Sistema Operativo : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Utente : xxx - PC-xxx
    # Modalità Avvio : Modalità Normale
    # Eseguito da : D:\adwcleaner.exe
    # Opzioni [Elimina]


    ***** [Servizi] *****

    Fermato & Eliminato : APNMCP

    ***** [File / Cartelle] *****

    Cartella Eliminato : C:\Program Files\Ask.com
    Cartella Eliminato : C:\Program Files\AskPartnerNetwork
    Cartella Eliminato : C:\ProgramData\APN
    Cartella Eliminato : C:\ProgramData\AskPartnerNetwork
    Cartella Eliminato : C:\Users\xxx\AppData\Local\AskToolbar
    Cartella Eliminato : C:\Users\xxx\AppData\Local\Ilivid
    Cartella Eliminato : C:\Users\xxx\AppData\Local\Temp\APN
    Cartella Eliminato : C:\Users\xxx\AppData\LocalLow\AskToolbar
    Cartella Eliminato : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

    ***** [Registro] *****

    Chiave Eliminata : HKCU\Software\APN
    Chiave Eliminata : HKCU\Software\APN PIP
    Chiave Eliminata : HKCU\Software\AppDataLow\AskToolbarInfo
    Chiave Eliminata : HKCU\Software\AppDataLow\Software\AskToolbar
    Chiave Eliminata : HKCU\Software\Ask.com
    Chiave Eliminata : HKCU\Software\AskPartnerNetwork
    Chiave Eliminata : HKCU\Software\AskToolbar
    Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uni nstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Chiave Eliminata : HKLM\Software\APN
    Chiave Eliminata : HKLM\Software\AskPartnerNetwork
    Chiave Eliminata : HKLM\Software\AskToolbar
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Chiave Eliminata : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd .1
    Chiave Eliminata : HKLM\Software\Classes\Installer\Features\A28B4D68D EBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\Software\Classes\Installer\Products\A28B4D68D EBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Chiave Eliminata : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UpgradeCodes\F928123A039649549966D4C29D35B1 C9
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
    Chiave Eliminata : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Chiave Eliminata : HKLM\SOFTWARE\Software
    Valore Eliminata : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
    Valore Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

    ***** [Browser Internet] *****

    -\\ Internet Explorer v9.0.8112.16496

    [OK] Registro Pulito.

    -\\ Opera v [Impossibile rilevare la versione]

    File : C:\Users\xxx\AppData\Roaming\Opera\Opera\operapref s.ini

    [OK] File Pulito.

    *************************

    AdwCleaner[R1].txt - [6630 octets] - [17/07/2013 17:57:08]
    AdwCleaner[S1].txt - [6572 octets] - [17/07/2013 17:57:58]

    ########## EOF - C:\AdwCleaner[S1].txt - [6632 octets] ##########
    ---


    combofix: combofix.txt


    nel frattempo mi sono accorta che la home di ie era strana, cosi' l'ho modificata (offline non crashava) e ora sembra essersi sistemato (ie9)

    la home che caricava e' questa: w*w.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA; (l'asterisco l'ho aggiunto io perche' non diventi un link)
    fotti il sistema... studia!
    Rispondi quotando Rispondi quotando
  4. 17-07-2013, 23:30 #4
    SkinBonno
    SkinBonno non è in linea
    Utente di HTML.it L'avatar di SkinBonno
    Registrato dal
    Dec 2007
    residenza
    Bologna
    Messaggi
    1,139
    i log a una prima occhiata mi sembrano puliti.
    mi sembra che hai installato ccleaner, in caso positivo dai una pulita ai file e al registro.
    se non riscontri altri problemi, posta un log di hijack per un ultimo controllo.
    La vita è fatta a scale, c'è chi scende e c'è chi cade.

    Se avrei studiato, avessi imparato. [Cit. Leone di Lernia ]
    Rispondi quotando Rispondi quotando
  5. 18-07-2013, 00:01 #5
    rebelia
    rebelia non è in linea
    Lupa bannara L'avatar di rebelia
    Registrato dal
    Nov 2003
    Messaggi
    16,836
    passato ccleaner e questo e' il log di hijackthis:

    ---
    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 23.59.07, on 17/07/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16496)


    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe
    C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Digisoft AntiDialer\AntiDialer.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Users\xxx\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
    O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Program Files\Digisoft AntiDialer\AntiDialer.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Inizia a fare affari su eBay.it! - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/...k-21&site=home (file missing)
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7585 bytes
    ---
    fotti il sistema... studia!
    Rispondi quotando Rispondi quotando
  6. 18-07-2013, 00:28 #6
    SkinBonno
    SkinBonno non è in linea
    Utente di HTML.it L'avatar di SkinBonno
    Registrato dal
    Dec 2007
    residenza
    Bologna
    Messaggi
    1,139
    fai una nuova scansione con hijack, seleziona le caselle di questi due elementi e premi fix checked:
    O9 - Extra button: Inizia a fare affari su eBay.it! - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/724-44559-9400-3/4 (file missing)
    O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos...1&site=home (file missing)

    se il pc non ti da altri problemi, dovresti essere a posto.
    La vita è fatta a scale, c'è chi scende e c'è chi cade.

    Se avrei studiato, avessi imparato. [Cit. Leone di Lernia ]
    Rispondi quotando Rispondi quotando
  7. 18-07-2013, 00:58 #7
    rebelia
    rebelia non è in linea
    Lupa bannara L'avatar di rebelia
    Registrato dal
    Nov 2003
    Messaggi
    16,836
    ok, grazie mille per il tuo aiuto
    fotti il sistema... studia!
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.