CERCA
PER MODELLO
FullScreen Chatbox! :)

Utente del giorno: pumaro con ben 1 Thanks ricevuti nelle ultime 24 ore
Utente della settimana: gianpassa con ben 8 Thanks ricevuti negli ultimi sette giorni
Utente del mese: 9mm con ben 33 Thanks ricevuti nell'ultimo mese

NEWS DAL BLOG:
Pagina 1 di 3 123 ultimoultimo
Ultima pagina
Visualizzazione dei risultati da 1 a 10 su 27
Discussione:

Possibile rootkit?
Se questa discussione ti è stata utile, ti preghiamo di lasciare un messaggio di feedback in modo che possa essere preziosa in futuro anche per altri utenti come te!
  1. 20-11-14 10:35 #1
    MicheleGalbiati
    Guest
    Predefinito

    Possibile rootkit?

    Da diversi giorni il mio pc windows apre da solo internet explorer caricando continuamente nuove schede a raffica. Inoltre pur non avendo aperto il browser si sentono delle pubblicità ma non si vede il video di queste. Il problema si è presentato dopo l'installazione di un falso programma che invece di installarsi mi ha riempito il computer di altri programmi come PowerOffers. Devo aggiungere che dopo aver disinstallato questi programmi mi rimaneva impostata sul browser Websearch come pagina principale,che ho rimosso usando Yac antivirus disinstallando anche quest'ultimo dopo l'utilizzo. Qualcuno mi può aiutare? Grazie in anticipo!

    Michele.
    Rispondi quotando Rispondi quotando
  2.  
  3. 20-11-14 18:15 #2
    Malaya
    Guest
    Predefinito

    Ciao, guarda da tempo non uso Windows dal momento che uso solo Linux, comunque ricordo come procedere con un sistema Windows.

    Prova con Malwarebytes: anti-Malware gratuito a fare una scansione completa del PC, meglio ancora se avvii il PC in modalità provvisoria. Buono anche Spybot © ? ? Search & Destroy | Safer-Networking Ltd. attento perché Spybot ha delle opzioni che rischi di far danni al sistema.

    Utilissimo, scarica HiJackThis | SourceForge.net oppure da Scarica HijackThis 2.0.5 Beta - FileHippo.com tutti siti sicuri. Per avviare la scansione basta selezionare: "Do a System scan and save a logfile" e poi posta il risultato facendo copia/incolla dal log del blocco note, vediamo se c'e' qualcosa da rimuovere.

    Ti consiglio anche CCleaner per una bella pulita, registro compreso dopo un backup, naturalmente.

    Come ultima spiaggia si potrebbe usare ComboFix in caso di PC molto infetto, ma per ora andiamo per gradi senza panico.
    Rispondi quotando Rispondi quotando

  4. Il seguente Utente ha ringraziato Malaya per il post:

  5. 20-11-14 19:12 #3
    MicheleGalbiati
    Guest
    Predefinito

    Devo scaricare Malwarebytes e HiJackThis o solo uno dei due? Poi come faccio a entrare in modalita provvisoria?
    Grazie delle risposte in anticipo Malaya.
    Rispondi quotando Rispondi quotando
  6. 20-11-14 20:27 #4
    Malaya
    Guest
    Predefinito

    Quote Originariamente inviato da MicheleGalbiati Visualizza il messaggio
    Devo scaricare Malwarebytes e HiJackThis o solo uno dei due? Poi come faccio a entrare in modalita provvisoria?
    Grazie delle risposte in anticipo Malaya.
    Per entrare in modalità provvisoria si preme ripetutamente F8 quando avvii il PC. Comunque aspetta a fare la scansione in modalità provvisoria, prova subito con Malwarebytes a fare la scansione "completa del sistema".

    HiJackThis ti fa vedere delle voci di registro dei programmi avviati, della pagina principale del browser, tra queste voci ci può essere il problema. Si vede subito e' un ottimo strumento.
    Rispondi quotando Rispondi quotando
  7. 20-11-14 20:31 #5
    MicheleGalbiati
    Guest
    Predefinito

    Ok farò sapere.
    Rispondi quotando Rispondi quotando
  8. 20-11-14 20:42 #6
    Malaya
    Guest
    Predefinito

    Quote Originariamente inviato da MicheleGalbiati Visualizza il messaggio
    Ok farò sapere.
    Ok, Malwarebytes mette qualche ora a fare la scansione, mentre HiJackThis fa subito.
    Rispondi quotando Rispondi quotando
  9. 20-11-14 20:56 #7
    MicheleGalbiati
    Guest
    Predefinito

    Ecco i log
    Di HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 20:38:15, on 20/11/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17420)

    FIREFOX: 33.1 (x86 it)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\snuvcdsm.exe
    C:\Program Files\Intel\AMT\atchk.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\ManyCam\ManyCam.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Users\HP\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com/?fr=hp-avast&type=avastbcl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://it.yahoo.com/?fr=hp-avast&type=avastbcl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: QueeneCoupon - {9340bb03-e1e7-4e61-a3b6-b7331e3b27cc} - (no file)
    O2 - BHO: LuckyyCoUpOnn - {b696a911-c8b7-491e-a5fe-e8bcfdc0a345} - (no file)
    O2 - BHO: FineDaealSoft - {cc56591b-503b-4134-9bd4-bd814b67b2bf} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
    O2 - BHO: ClaickForSaLe - {e19fc73e-33c7-4d89-86e4-db2b82c345ad} - (no file)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [snuvcdsm] C:\Windows\snuvcdsm.exe
    O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam\ManyCam.exe" --silent
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - Unknown owner - C:\Program Files\BlueStacks\HD-Service.exe (file missing)
    O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - Unknown owner - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (file missing)
    O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - Unknown owner - C:\Program Files\BlueStacks\HD-UpdaterService.exe (file missing)
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: VO Service component (servervo) - Unknown owner - C:\Users\HP\AppData\Roaming\VOPackage\VOsrv.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

    --
    End of file - 6285 bytes
    Rispondi quotando Rispondi quotando
  10. 20-11-14 21:00 #8
    MicheleGalbiati
    Guest
    Predefinito

    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software

    Scan Date: 20/11/2014
    Scan Time: 20:39:29
    Logfile: text log.txt
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.20.07
    Rootkit Database: v2014.11.18.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: HP

    Scan Type: Hyper Scan
    Result: Completed
    Objects Scanned: 288005
    Time Elapsed: 10 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Disabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE, , [f3144af4e59770c6072e56f9927140c0],
    PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}, , [6e99dc62cfad270fd37c133f798af60a],
    PUP.Optional.DeltaFix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\24c54e38, , [0106a5991f5d54e25b6f3602857e47b9],
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\AP PLICATION\WindowsMangerProtect, , [c443033bbdbf00366591d16ade257789],
    PUP.Optional.CinemaPlus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.4cV12.11, , [31d6cf6f532966d0501efa48857e35cb],
    PUP.Optional.CinemaProGo.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinemaProGoV31.10, , [7b8c83bbabd1d75f93ddce6ff70c7c84],
    PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CinPlus-2.4cV12.11, , [2bdc80be1666e84e77f77dc5d92a4eb2],
    PUP.Optional.SmartSaver.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 3, , [2cdbc37b4834241292f587e92bd83ec2],
    PUP.Optional.FastStart.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [2fd8d668daa283b3708b72d1cd366c94],
    PUP.Optional.CouponFactor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNI NSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, , [1ceb99a55d1f5bdb6c372d05e3201ce4],

    Registry Values: 3
    PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\GLOBALUPDATE\UPDATE|path, C:\Program Files\globalUpdate\Update\GoogleUpdate.exe, , [f3144af4e59770c6072e56f9927140c0]
    PUP.Optional.FastStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|faststart ff@gmail.com, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profil es\tnntqxiq.default\extensions\faststartff@gmail.c om, , [897e4fef146860d643669c0f33d1da26]
    PUP.Optional.FastStart.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, , [2fd8d668daa283b3708b72d1cd366c94]

    Registry Data: 2
    PUP.Optional.HelperBar.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}, Good: (Google), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}),,[bc4bc07e5b21a690eabc3213fa0b35cb]
    PUP.Optional.HelperBar.A, HKU\S-1-5-21-1294725635-1902755520-2728578113-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}, Good: (Google), Bad: (http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q={searchTerms}),,[a36439051567e254456268ddff06f20e]

    Folders: 1
    PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor, , [1ceb99a55d1f5bdb6c372d05e3201ce4],

    Scusa ma devo dividere il messaggio in due.
    Rispondi quotando Rispondi quotando
  11. 20-11-14 21:01 #9
    MicheleGalbiati
    Guest
    Predefinito

    Ecco la seconda parte:

    Files: 49
    PUP.Optional.Nosibay.A, C:\Windows\System32\Tasks\WindApp Update, , [9e69370733493ef817d8eb5c2ed5837d],
    PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, , [54b31e20afcd7abc84248bbe35ce847c],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-1, , [5cab42fc6b118caa2c0472ddd52eaa56],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-11, , [16f1bc8280fc69cde34d222d62a1e21e],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-2, , [3acd132b6f0de3534ce4b09f9b6808f8],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-3, , [eb1ca896007cfe3846ea9db207fcb34d],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-4, , [ca3dce7085f7a98d8da390bf35cec23e],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-5, , [7b8c56e86b11d26477b93619b94a19e7],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-5_user, , [b255221c0c7074c254dc66e9aa59cf31],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-1, , [ed1aa69899e3251140f00b44c53e23dd],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-11, , [15f2ed5188f49a9c6ac6311eb94a30d0],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-2, , [b651b28cdf9dbc7a74bcf55a31d2b24e],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-3, , [2dda0f2f49336cca7ab6410e14efbf41],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-4, , [7e89fa44bac2bd793cf43d1232d1a15f],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-5, , [f512c97599e3c274dd53c788de25da26],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-5_user, , [689f77c72953f93d9e924d0281825aa6],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-1, , [8c7b4ef0413b5fd7ed43e46b40c3867a],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-11, , [7790f24c6e0e9d990c24341b0df62cd4],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-2, , [8d7aea5454281d196cc43d1250b3db25],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-5, , [7f883fff4c30c373c070a5aa2cd7ce32],
    PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-5_user, , [52b5d76788f450e6a38df55aae55a55b],
    PUP.Optional.Trovi.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profil es\tnntqxiq.default\searchplugins\trovi-search.xml, , [0afd58e629538da9c6d5d5892bd813ed],
    PUP.Optional.WebSearch.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profil es\tnntqxiq.default\searchplugins\Web Search.xml, , [85826dd13b41ef477332224a38cb32ce],
    PUP.Optional.Bubbledock.A, C:\Users\HP\AppData\Roaming\Bubble Dock.boostrap.log, , [818697a79ae2f93d9c311065788bf010],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-1.job, , [34d37dc1d3a940f66ebf2588ab5921df],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-11.job, , [7e89e05ea3d9ff378ca1d1dc51b304fc],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-2.job, , [5daae35b2a5250e6919cd0dd0ef67888],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-3.job, , [53b4f34b6b1143f325085d5054b0e31d],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-4.job, , [a265b28c6a125bdbc36aa70640c4d030],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-5.job, , [6a9d3806ceae77bf9b92c8e510f40cf4],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\129f744e-5575-45e0-9bc6-759ac28acfed-5_user.job, , [6c9b28168af232045ecfd6d72dd7d12f],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-1.job, , [42c593ab6d0f5ed8a08d94197e86916f],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-11.job, , [56b17ec0e39967cfca63efbee123e31d],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-2.job, , [ff08c579403cb68030fdb0fd9c68c838],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-3.job, , [4cbb83bb314b3ff72eff6647da2a32ce],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-4.job, , [d82f37072d4f79bd6ac33c719e6646ba],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-5.job, , [d73081bd5e1eb5815fce9e0f3dc79f61],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\4d11dfd5-6550-4d60-8116-30764c3c8418-5_user.job, , [ed1ac678502cc86ecc61ffae8f757c84],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-1.job, , [0afddd610a72a78fc4697a3329dbf40c],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-11.job, , [df28e25c304cce689c91307db74d857b],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-2.job, , [b1564af4c1bb75c136f7307d986c7e82],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-5.job, , [0bfc1925a6d6c37368c5a9048480f50b],
    PUP.Optional.CrossRider.T, C:\Windows\Tasks\8bd6dd44-7fff-4236-9d9a-cca8f9ca1874-5_user.job, , [709780bef983dc5a39f4dcd1e71d6799],
    PUP.Optional.CrossRider.A, C:\Windows\Tasks\3f39d4f8-5f68-4cbb-9639-81ff709eb7b0.job, , [ab5c9ea0433950e69ef76a45729210f0],
    PUP.Optional.CrossRider.A, C:\Windows\Tasks\5f133ecf-c4fb-49b3-b212-bdae0e6d24a2.job, , [9572b18d4b3153e33c59ebc4f113619f],
    PUP.Optional.CrossRider.A, C:\Windows\System32\Tasks\3f39d4f8-5f68-4cbb-9639-81ff709eb7b0, , [04037fbf75071c1a5c3aecc3cc38da26],
    PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor\CouponFactor.exe, , [1ceb99a55d1f5bdb6c372d05e3201ce4],
    PUP.Optional.HelperBar.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profil es\tnntqxiq.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StK2q0U14moCf-ET1EM4uwmcoMATq2P4iyuY8EHOjuVQO5PSeVPWIZWoDGVcYwa9 3mbvh1u2Ztp52iXXgY6_4YJ7q1tWESQ0PTK2tgx0VBR3ShSR3m mj2NArSiRieEwdx-YPcp0EHTcF7hw-0hVcnO83peyc0MUmbc3ykTP39BWQXcvCMBqGkgOJUNPkO7jWFV _noOeLw,&q="), ,[8c7bdb636616f83e62dfc0c631d406fa]
    PUP.Optional.CrossRider.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profil es\tnntqxiq.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1496676840673da2226d121502aa2479"), ,[fd0aa09ee19b3ef8ec90fd898d78eb15]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
    Rispondi quotando Rispondi quotando
  12. 20-11-14 21:07 #10
    MicheleGalbiati
    Guest
    Predefinito

    Quote Originariamente inviato da Malaya Visualizza il messaggio
    Ok, Malwarebytes mette qualche ora a fare la scansione, mentre HiJackThis fa subito.
    :o Il mio ha fatto in dieci minuti! Ho selezionato scan e poi Hiperscan. Ho sbagliato qualcosa?
    Rispondi quotando Rispondi quotando
Pagina 1 di 3 123 ultimoultimo
Ultima pagina
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire risposte
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Torna su
Privacy Policy