www.MegaLab.it

[alcianpas]

Era gia capitato, solo che stavolta si tratta di pagine di incontri o ahimè addirittura porno ! In passato avevo risolto scansionando con Malwarebytes Anti-Malware , che è ritenuto ottimo anche dagli addetti ai lavori. Ma stavolta non mi trova niente. Oltretutto mi appoggio ad un wireless col consenso dei proprietario che si fida di me:glie lo dirò ma non vorrei che a suo carico nascano incresciusi equivoci .
Per favore, ditemi vostre esperienze analoghe , aiutatemi a risolvere il problema.
E se conoscete qualche antispyware in versione portable di cui garantiate efficacia vi ringrazio il doppio.

[crazy.cat]

POsta un log di hijackthis e usa Hitman pro.

[alcianpas]

POsta un log di hijackthis e usa Hitman pro.

Hitman pro non lo conosco . l'altra cosa che mi chiedi spero sia questo (scusate: è un po' lungo) :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:23:32, on 20/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\lsm\lsm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\utente\AppData\Local\fTalk\ftalk.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\eMule\emule.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\utente\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [fTalk] "C:\Users\utente\AppData\Local\fTalk\ftalk.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: Verifica aggiornamenti.lnk = C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A4B223E-17C6-4C82-A10F-B552972C97ED}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9D8A9EC-CFA0-4AE7-BBA2-E63E61AE8ACE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{F754204E-9C00-41BA-BC8A-84302286126C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A4B223E-17C6-4C82-A10F-B552972C97ED}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A4B223E-17C6-4C82-A10F-B552972C97ED}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\lsm\aus.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Login Session Manager (LSM) - MS - C:\Program Files (x86)\lsm\lsm.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\utente\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13136 bytes

[crazy.cat]

Sgui le istruzioni dell'articolo ed elimina quello che ti indico qui sotto.
http://www.MegaLab.it/8144/come-rimuove ... i-computer
C:\Users\Public\Documents\AppData\PoApp\PService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\utente\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

[alcianpas]

Sgui le istruzioni dell'articolo ed elimina quello che ti indico qui sotto.
http://www.MegaLab.it/8144/come-rimuove ... i-computer
C:\Users\Public\Documents\AppData\PoApp\PService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\utente\AppData\Local\PosService\Pos.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\utente\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\utente\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

l'ho felicemente rimosso, power off , anche se non ho idea di quale programma di recente instalalzione fosse aggiogato, per arrivare nel mio computer.
Le altre tue indicazioni fatico a capirle: dovrei rifare il log con HiJackThis e poi ?

[crazy.cat]

selezioni le caselle di queste righe e premi fix checked per eliminarle.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O20 - AppInit_DLLs: c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll

[alcianpas]

Precisissimi comunque i tuoi consigli, ero io che mi ero allarmato prima di provarci. il problema, dopo la sola rimozione di power off, persisteva. Adesso però ho attuato la seconda parte del tuo consiglio e starò a vedere, intanto riavvierò (non posso farlo subito) Ma purtroppo al momento il problema persiste.

[farbix89]

Se non risolvi riprova a fare tutte le scansioni (Avira, Malwarebytes e Hijackthis) in provvisoria e riposta i log.

[hashcat]

Leggi questo articolo e posta il log del prodotto menzionato.

Poi cambia i DNS seguendo questa guida impostando questi DNS ([url=ww.fooldns.com/fooldns-community/]FoolDNS[/url]):

Server DNS preferito: 87.118.111.215
Server DNS alternativo: 80.79.54.55



P.S.: Se utilizzi una connessione Wi-Fi, in "Connessioni di rete" devi modificare i DNS anche della voce "Wireless Network Connection" (oltre che di "Local Area Connection").

[alcianpas]

Se non risolvi riprova a fare tutte le scansioni (Avira, Malwarebytes e Hijackthis) in provvisoria e riposta i log.

provvisoria? Cosa vuol dire e come si fa?

[alcianpas]

mi trovo con questo notebook in un altro domicilio, e il fenomeno non avviene: è un caso ? Poche ore fa nella dimora abituale si era manifestato fino a che ci sono stato.

[alcianpas]

Leggi questo articolo e posta il log del prodotto menzionato.

Poi cambia i DNS seguendo questa guida impostando questi DNS ([url=ww.fooldns.com/fooldns-community/]FoolDNS[/url]):

Server DNS preferito: 87.118.111.215
Server DNS alternativo: 80.79.54.55



P.S.: Se utilizzi una connessione Wi-Fi, in "Connessioni di rete" devi modificare i DNS anche della voce "Wireless Network Connection" (oltre che di "Local Area Connection").

come non detto il problema persiste. Ecco il log di adw cleaner

# AdwCleaner v1.604 - Logfile created 12/25/2012 at 15:45:04
# Updated 23/04/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : utente - UTENTE-PC
# Running from : C:\Users\utente\Downloads\Installer_AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\utente\AppData\Roaming\Babylon
Folder Found : C:\Users\utente\AppData\Roaming\OpenCandy
Folder Found : C:\Users\utente\Documents\widestream
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
File Found : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\j1g1o9sn.default-1355936565134\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKCU\Software\DataMngr
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\DataMngr
[x64] Key Found : HKLM\SOFTWARE\Tarma Installer
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/414

-\\ Mozilla Firefox v17.0.1 (it)

Profile name : default-1355936565134 [Profil par défaut]
File : C:\Users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\j1g1o9sn.default-1355936565134\prefs.js

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

*************************

AdwCleaner[R1].txt - [3213 octets] - [25/12/2012 15:45:04]

########## EOF - C:\AdwCleaner[R1].txt - [3341 octets] ##########

però npon ho capito l'imbeccata che parla delle impostazioni : dove devo andare ?
P.S. Buon Natale a tutti

[hashcat]

Devi utilizzare AdwCleaner cliccando su Remove.

[alcianpas]

provato anche quello, ma l'anatema parrebbe cessato (se è davvero cessato: preferisco aspettare a cantar vittoria) dopo la scansione con Combofix, suggeritomi in Yahoo Answer, che in realtà avevo già ma non avevo mai capito a cosa servisse. Incrocio le dita: prima non cessava il fenomeno per così tante ore.

[alcianpas]

provato anche quello, ma l'anatema parrebbe cessato (se è davvero cessato: preferisco aspettare a cantar vittoria) dopo la scansione con Combofix, suggeritomi in Yahoo Answer, che in realtà avevo già ma non avevo mai capito a cosa servisse. Incrocio le dita: prima non cessava il fenomeno per così tante ore.

come non detto: è tornato.

[123ABC?]

Hai provato a fare una scansione con Norton Security Scan o con TrendMicro HouseCall?

[alcianpas]

Hai provato a fare una scansione con Norton Security Scan o con TrendMicro HouseCall?

No, ma sono riuscito a usare Combofix che prma usavo male. Vediamo un po' l'effetto.

[alcianpas]

Ho notato che spesso prima del link dove questo "mostro " mi porta , nella barra degli indirizzi compare la parola "redirector" . Immagino che l'informazione non sia d'aiuto, vero ? Beh, cosa devo fare disinstallare tutto ciò che ho installato io ? Anche Vdownloader ? Non abbandonatemi proprio nel momento della disperazione. E a soli 20 gg dala formattazione !

[alcianpas]

Ho notato che spesso prima del link dove questo "mostro " mi porta , nella barra degli indirizzi compare la parola "redirector" . Immagino che l'informazione non sia d'aiuto, vero ? Beh, cosa devo fare disinstallare tutto ciò che ho installato io ? Anche Vdownloader ? Non abbandonatemi proprio nel momento della disperazione. E a soli 20 gg dala formattazione !

Ho saputo di questo antivirus portable che in quanto tale non va in conflitto col mio . Mi è venuto fuori questo report, ma questo AV pare che non abbia la quarantena:

Scan Started Mon Dec 31 16:17:56 2012
-------------------------------------------------------------------------------


Scan Started Mon Dec 31 16:18:21 2012
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***


*** Scanned 35 processes - 393 modules ***
*** Computer Memory Scan Completed ***


----------- SCAN SUMMARY -----------
Known viruses: 1499322
Engine version: 0.97.6
Scanned directories: 0
Scanned files: 428
Infected files: 0
Data scanned: 477.79 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 232.670 sec (3 m 52 s)


Scan Started Mon Dec 31 16:22:40 2012
-------------------------------------------------------------------------------

WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\703d86c4e1c8c2f33a9dc30c84db1a18_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7286d31cd871b04830123dffc2a2cb8d_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\83d06a6feb7ce82cc458b99dba98c399_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.67: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.7E: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.80: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.87: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.A0: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VE0: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VE1: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VF: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
WARNING: Can't open file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\System Volume Information\Syscache.hve: Permission denied
WARNING: Can't open file C:\System Volume Information\Syscache.hve.LOG1: Permission denied
WARNING: Can't open file C:\System Volume Information\{171bc00e-504b-11e2-83ed-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{2883da29-51bb-11e2-9cbf-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{2883da8e-51bb-11e2-9cbf-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{2883db16-51bb-11e2-9cbf-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{a01c3c9a-5281-11e2-a399-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{a9fc31ed-5032-11e2-83f0-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{a9fc31f1-5032-11e2-83f0-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{a9fc31f5-5032-11e2-83f0-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c05-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c14-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c19-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c1d-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c22-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{afba3c26-505b-11e2-83cc-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{c6fd3661-50fc-11e2-9c84-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{de2668df-5334-11e2-a424-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{ded1bbb3-50f6-11e2-9124-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e310-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e321-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e328-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e32c-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e331-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\System Volume Information\{e306e332-51a1-11e2-94f6-002186e9686d}{3808876b-c176-4e48-b7ae-04046e6cc752}: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\703d86c4e1c8c2f33a9dc30c84db1a18_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\7286d31cd871b04830123dffc2a2cb8d_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\83d06a6feb7ce82cc458b99dba98c399_a1af0b30-d122-498a-b5ca-ae2fcbbf6478: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-0.bin: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.67: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.7E: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.80: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.87: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.A0: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VE0: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VE1: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\mpcache-0196EB9504214C7B233B3621CC64EAF32C4D92DC.bin.VF: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb: Permission denied
WARNING: Can't open file C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb: Permission denied
WARNING: Can't open file C:\Users\utente\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1: Permission denied
WARNING: Can't open file C:\Users\utente\ntuser.dat.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\DEFAULT.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\DEFAULT: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\RegBack\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SAM.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SECURITY.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SOFTWARE.LOG1: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM: Permission denied
WARNING: Can't open file C:\Windows\System32\config\SYSTEM.LOG1: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 1499322
Engine version: 0.97.6
Scanned directories: 24733
Scanned files: 121797
Infected files: 0
Data scanned: 28888.43 MB
Data read: 162173.86 MB (ratio 0.18:1)
Time: 8842.590 sec (147 m 22 s)

The following files are Digitally Signed by Microsoft Corporation and may have been incorrectly detected as viruses:
C:\Windows\SysWOW64\adprovider.dll: [Win.Trojan.Agent-61735] FALSE POSITIVE FOUND
C:\Windows\SysWOW64\adsnt.dll: [Win.Trojan.Agent-69677] FALSE POSITIVE FOUND
C:\Windows\winsxs\x86_microsoft-windows-a..face-winnt-provider_31bf3856ad364e35_6.1.7600.16385_none_3a78ef63c81010df\adsnt.dll: [Win.Trojan.Agent-69677] FALSE POSITIVE FOUND
C:\Windows\winsxs\x86_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7600.16385_none_5b7a6e238ef0e573\adprovider.dll: [Win.Trojan.Agent-61735] FALSE POSITIVE FOUND
Please do not be alarmed and help us by submitting the files identified above as FALSE POSITIVE at http://www.clamav.net/sendvirus/

Visto che il problema si è spostato a explorer, che non uso , pensate che se rimuovo explorer torno tranquillo ? Oppure potrei tentrare col ripristino di uno stato precedente del pc, ma con W 7 come si fa ? Buon anno a tutti .

[gigicookie]

ClamAv non ha trovato niente. Però fai le scansioni che ti dicono, altrimenti come fanno ad aiutarti?
Per entrare in provvisoria: F8 subito dopo la schermata del BIOS (premilo cioè appena inizia ad avviarsi windows)
Per cambiare i dns ti hanno linkato la guida. Devi cliccare su remove in adwcleaner per pulire. Ah, un consiglio: disattiva Ripristino configurazione di sistema, è il posto ideale per far annidare i virus, se proprio vuoi tenerlo fai così: Disattivalo, riavvia e riattivalo. Così ti cancella gli stati precedenti (che potrebbero essere infetti) e poi se pronto a riusarlo.