frankguitarist

Utenti
  • Numero contenuti

    62
  • Iscritto

  • Ultima visita

Su frankguitarist

  • Livello
    Apprendista

Contact Methods

  • ICQ
    0
  1. Office 2013 si chiude improvvisamente e dice di non trovare la licenza, win 8 mi mostra il numero di build 9200 ma dice che non riesce ad attivarlo. Se faccio scansione con avira mi trova sempre 4 file infetti messi in quarantena, per aere un pò di tregua devo disattivare la protezione in real-time. Secondo te cosa devo fare, formattare tutto senza pietà e reinstallare. non so proprio sono costretto a scrivere con notepad che frustrazione, word si chiude subito, non so cosa fare. Ti prego aiutami. Ho rifatto la scansione con malware bytes ma trova ancora files infetti e ti allego l'ultimo log. Grazie MBAM-log-2014-03-01 (21-44-38).txt
  2. Grazie Mille questi sono i log, te li allego rmexpiro.log log malwarebytes.txt
  3. Ciao ragazzi vi pregua aiutatemi, il virus expiro caia mi ha fatto saltare l'attivazione di win 8 originale su notebook nuovo hp, vi allego il log di eset antivirus online. Vi ringrazio per tutto. eset online scanner log.txt
  4. Salve, per cortesia aiutatemi, mi è saltata l'attivazione di win 8 originale su notebook nuovo hp. Vi posto il log di HiJackThis. Grazie mille per quanto potrete fare. Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 19.03.04, on 28/02/2014 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16537) FIREFOX: 27.0.1 (it) Boot mode: Normal Running processes: C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\ProgramData\FLEXnet\Connect\11\agent.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Users\Michele\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Michele\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://g.uk.msn.com/HPCON13/6"]http://g.uk.msn.com/HPCON13/6[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://google.it/"]http://google.it/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://g.uk.msn.com/HPCON13/6"]http://g.uk.msn.com/HPCON13/6[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft....k/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Program Files (x86)\Power Translator 15\Applications\LEC IE Translation Extension.dll O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun O4 - HKLM\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2486300W05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Michele\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [spotify] "C:\Users\Michele\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart O4 - .DEFAULT User Startup: cuor.exe (User 'Default user') O4 - .DEFAULT User Startup: kexi.exe (User 'Default user') O4 - Global Startup: simplicheck.lnk = C:\Program Files (x86)\simplitec\simplicheck\simplicheck.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: @oem18.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files (x86)\Power Translator 15\LogoMedia TranslateDotNet Server.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13164 bytes
  5. Pazienza....avevo un altro hdd dove c'era un fresh install di xp. L'ho montato e rimosso il drive incriminato.Grazie cmq del supporto!
  6. ho rifatto scansione con avira rescue disk e non ha trovato niente.Ho usato drweb ed ha trovato un adware che ho eliminato.Nuovo log di hijackthis e screenshot di opened files view da cui potete vedere quel file temp che combofix doveva eliminare. http://wikisend.com/download/441626/ hijackthis.log
  7. Ho provato avira e dice che nella cartella restore c'era un trojan.Ma io il ripristino lo avevo disabilitato....Mi dice di averlo cancellato,ma il pc i problemi rimangono ancora.Ad ogni modo ecco il log. Con kaspersky non capivo dove salvare il log perchè uscivano cartelle tipo linux... P.s. ho trovato questa procedura manuale voi che dite? http://www.pcsafedoc....AH.trojan.html Intendo la seconda procedura. rescue-system_scan.log
  8. Ok sto già facendo scansione dopo averlo aggiornato via internet.Nel mentre scarico kaspersky
  9. Ciao,non te la prendere......mi 6 stato cmq vicino e per questo ti ringrazio!Magari nel frattempo che dici se faccio qualche log in mod. normale?Oppure passo un rescue disk dal boot?Magari posto un nuovo log di gmer da mod. normale?
  10. Possibile?Ci ha messo ben 16 ore!eccolo log di combofix ComboFix.txt
  11. Li ho fatti in provvisoria, mi sono accorto che da quando avevo lanciato combofix si è riattivato il ripristino configurazione di sistema e ora l'ho disabilitato nuovamente.Ho fatto scansione personalizzata cliccando i 2 drives e poi tolto spunta ad analisi euristica come mi hai detto tu. Ecco il log di drweb. http://wikisend.com/download/290560/
  12. Li lancio entrambi da provvisoria?
  13. Sto eseguendo combofix adesso.Grazie del prezioso aiuto nel frattempo son connesso da 1 portatile vecchio di fortuna! Ecco il log, sembra che abbia tolto un bel pò di roba. http://wikisend.com/download/191700/
  14. Si, infatti mi riferivo proprio a quegli ultimi.Mi dice di riavviare e poi nessun messaggio al riavvio di conferma o errore.Ho provato anche in provvisoria a lanciarli quelli linkati da te.
  15. Ora controllo.Nel frattempo ho fatto scansioni con questi 2 consigliati per un utente che aveva dei problemi simili. Aggiornamento:ieri sera ho aggiornato malwarebites e faccio scansione completa e mi trova regedit disabled allora lo fixo ma niente. Scaricati i files ma niente, al riavvio del sistema tutto come prima! Startup Programs (203068530001) 2011-09-06 19.25.30.txt rootalyzer script cbfix.txt