Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

PROBABILE VIRUS?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

PROBABILE VIRUS?

Messaggioda SUMMERBOY » dom nov 27, 2016 10:36 am

Salve, potete gentilmente controllarmi il log? Sto notando dei comportamenti anomali sul mio pc, ad esempio cccleaner si avvia da solo appena accendo il pc ma non c'è verso di poterlo usare perché va in blocco, idem se lo chiudo e provo a riaprilo.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10.29.41, on 27/11/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera_crashreporter.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe
C:\Users\WALTER~1\AppData\Local\Temp\scoped_dir4512_16031\HijackThis.exe
C:\Program Files (x86)\Opera\41.0.2353.69\opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Sale Clipper - {b18906df-1dfa-4d50-8a1f-7d076a8c87b7} - C:\Program Files (x86)\Sale Clipper\Extensions\b18906df-1dfa-4d50-8a1f-7d076a8c87b7.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Walter Moretti\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Wondershare Helper Compact.exe] "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" (User 'Default user')
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem8.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14891 bytes
Avatar utente
SUMMERBOY
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: lun dic 10, 2007 11:00 am

Re: PROBABILE VIRUS?

Messaggioda stevens » dom nov 27, 2016 11:11 pm

e certo che ti parte appena avvii il pc lo hai in avvio automatico

ora apri hit e spunta questa voce poi premi su fix checked

O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

controlla se il problema e' risolto altrimenti fai questa scansione

scarica sul desktop questo tool
n.b. Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)

•Doppio click per avviarlo.
•Quando ti chiede di accettare le condizioni clicca su yes.
•Clicca sul pulsante SCAN
Quando finito il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
•La prima volta che FRST sarà avviato verrà creato un altro log chiamato Addition.txt
Allega entrambi i log
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: PROBABILE VIRUS?

Messaggioda SUMMERBOY » lun nov 28, 2016 4:55 pm

Per sicurezza prima ho fatto la scansione, ecco i log (ho provato ad incollarli tramite MEMO ma superavano i caratteri disponibili
FRST
https://mega.nz/#!hpsGRAKK!8r6kdE0AyIgD ... b8PboStyv4
Addition
https://mega.nz/#!5t11xD4J!pdBecshbyToN ... nsiezN8cYQ
Avatar utente
SUMMERBOY
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: lun dic 10, 2007 11:00 am


Re: PROBABILE VIRUS?

Messaggioda stevens » lun nov 28, 2016 9:57 pm

ora fammi questa scansione

•Scarica Adwcleaner sul desktop
http://www.bleepingcomputer.com/download/adwcleaner/
•Avvialo e clicca sul pulsante ANALISI.
Al termine della scansione il pulsante PULIZIA diventerà attivo.Clicca su PULIZIA.
•Conferma con OK le varie finestre che ti compariranno.
•Il pc si riavvierà, e uscirà il log con le eliminazioni.
•Salva il log.

ora dimmi come va il pc poi riesegui una scansione con frst e allega i due log
Avatar utente
stevens
Bronze Member
Bronze Member
 
Messaggi: 678
Iscritto il: mer feb 18, 2009 1:39 pm

Re: PROBABILE VIRUS?

Messaggioda SUMMERBOY » mar nov 29, 2016 11:43 am

Ora finalmente CCcleaner si apre senza bloccarsi :D
ecco il log di Adwcleaner

# AdwCleaner v6.030 - Creato file registro eventi 29/11/2016 in 11:29:24
# Aggiornato su 19/10/2016 da Malwarebytes
# Database : 2016-11-28.2 [Server]
# Sistema operativo : Windows 8.1 (X64)
# Utente : Walter Moretti - WALTER
# In esecuzione da : C:\Users\Walter Moretti\AppData\Local\Temp\scoped_dir652_19045\adwcleaner_6.030.exe
# Modo: pulizia
# Supporto : hxxps://www.malwarebytes.com/support



***** [ Servizi ] *****



***** [ Cartelle ] *****

[-] Cartella eliminata: C:\Users\Walter Moretti\AppData\Roaming\1H1Q
[-] Cartella eliminata: C:\Users\Walter Moretti\AppData\Roaming\sweet-page
[-] Cartella eliminata: C:\ProgramData\IePluginServices
[-] Cartella eliminata: C:\ProgramData\WindowsMangerProtect
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\IePluginServices
[#] Cartella eliminata al riavvio: C:\ProgramData\Application Data\WindowsMangerProtect
[-] Cartella eliminata: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileOpener
[-] Cartella eliminata: C:\Program Files (x86)\SupTab
[-] Cartella eliminata: C:\Program Files (x86)\Tweaks
[-] Cartella eliminata: C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj


***** [ File ] *****

[-] File eliminato: C:\Users\Public\Desktop\FileOpener.lnk
[-] File eliminato: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
[#] File eliminato: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
[#] File eliminato: C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Collegamenti ] *****



***** [ Attività pianificate ] *****



***** [ Registro ] *****

[-] Chiave eliminata: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginServices
[#] Chiave eliminata al riavvio: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\IePluginServices
[-] Chiave eliminata: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
[#] Chiave eliminata al riavvio: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowsMangerProtect
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Chiave eliminata al riavvio: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\CLSID\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
[-] Chiave eliminata: HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
[-] Chiave eliminata: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Chiave eliminata: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
[-] Chiave eliminata: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\APN PIP
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\InstallCore
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\Mozilla\Extends
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\PRODUCTSETUP
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\SupHpUISoft
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
[#] Chiave eliminata al riavvio: HKCU\Software\APN PIP
[#] Chiave eliminata al riavvio: HKCU\Software\InstallCore
[#] Chiave eliminata al riavvio: HKCU\Software\Mozilla\Extends
[#] Chiave eliminata al riavvio: HKCU\Software\PRODUCTSETUP
[#] Chiave eliminata al riavvio: HKCU\Software\SupHpUISoft
[-] Chiave eliminata: HKLM\SOFTWARE\SupDp
[-] Chiave eliminata: HKLM\SOFTWARE\SupTab
[-] Chiave eliminata: HKLM\SOFTWARE\supWindowsMangerProtect
[-] Chiave eliminata: HKLM\SOFTWARE\supWPM
[-] Chiave eliminata: HKLM\SOFTWARE\sweet-pageSoftware
[#] Chiave eliminata al riavvio: HKLM\SOFTWARE\SUPDP
[#] Chiave eliminata al riavvio: HKLM\SOFTWARE\SUPTAB
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sweet-page uninstall
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tweaks FileOpener
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\APN PIP
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\InstallCore
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Mozilla\Extends
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\PRODUCTSETUP
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\SupHpUISoft
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\File Opener Packages
[-] Dato ripristinato: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Dato ripristinato: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Dato ripristinato: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Dato ripristinato: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Chiave eliminata: HKU\S-1-5-21-205474941-508661116-599923359-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Chiave eliminata al riavvio: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Chiave eliminata: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[#] Chiave eliminata al riavvio: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Chiave eliminata: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Dato ripristinato: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Valore eliminato: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[-] Valore eliminato: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fmconverter@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fmconverter@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
[#] Valore eliminato al riavvio: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fmconverter@gmail.com]
[-] Chiave eliminata: HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj


***** [ Browser ] *****

[-] [C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminato: sweet-page.com
[-] [C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminato: sweet-page
[-] [C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Eliminato: hxxp://www.sweet-page.com/?type=hp&ts=1 ... D3CG6TD3CX
[-] [C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminato: jbolfgndggfhhpbnkgnpjkfhinclbigj
[-] [C:\Users\Walter Moretti\AppData\Local\Google\Chrome\User Data\Default] [homepage] Eliminato: hxxp://www.sweet-page.com/?type=hp&ts=1 ... D3CG6TD3CX


*************************

:: " tracciamento " chiavi eliminate
:: Impostazioni Winsock ripristinate

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [9158 Byte] - [29/11/2016 11:29:24]
C:\AdwCleaner\AdwCleaner[S0].txt - [9152 Byte] - [29/11/2016 11:21:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [9302 Byte] ##########
Avatar utente
SUMMERBOY
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: lun dic 10, 2007 11:00 am

Re: PROBABILE VIRUS?

Messaggioda SUMMERBOY » mar nov 29, 2016 12:18 pm

Avatar utente
SUMMERBOY
Aficionado
Aficionado
 
Messaggi: 78
Iscritto il: lun dic 10, 2007 11:00 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising