mgbaffo
Nuovo Utente
- 7
- 0
- CPU
- Intel Core 2 Duo Centrino
- Scheda Madre
- Asus F3SC
- HDD
- 250gb
- RAM
- 2gb
- Case
- ASUS notebook
- OS
- windows 7
@Xaide
E' normale che qualche volta appaiono pubblicità , dipende in quali siti web navighi.
Utilizza adwcleaner come spiegato nella guida : http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
posta il report.
Ecco il log :
All processes killed
========== OTL ==========
Process PService.exe killed successfully!
Service PowerOffer Service stopped successfully!
Service PowerOffer Service deleted successfully!
C:\Users\admin\AppData\Local\PosService\Pos.exe moved successfully.
Service ServUpdater stopped successfully!
Service ServUpdater deleted successfully!
C:\Users\admin\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PosService deleted successfully.
C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe moved successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0AE00389-15FD-491D-9CB7-CC1FD9AEEC3D}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70F71101-1571-45A7-8CA5-9A9B465E5140}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C86C7735-E655-4FB2-A658-B0D77100CBB2}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}\\NameServer| /E : value set successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Laura\Desktop\cmd.bat deleted successfully.
C:\Users\Laura\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: admin
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 3686973 bytes
->Java cache emptied: 362305 bytes
->FireFox cache emptied: 53552117 bytes
->Google Chrome cache emptied: 115702641 bytes
->Flash cache emptied: 2071 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Laura
->Temp folder emptied: 205672 bytes
->Temporary Internet Files folder emptied: 151135312 bytes
->Java cache emptied: 296920 bytes
->FireFox cache emptied: 60808265 bytes
->Google Chrome cache emptied: 246991158 bytes
->Flash cache emptied: 29042 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 604,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01022013_220601
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
ho eseguito OTL come indicato in guida, allego i report generati
grazie ancora per l'attenzione!
Marco
buongiorno tecnico, vorrei sapere se hai avuto modo di verificare i miei allegati, e se hai un consiglio su come posso procedere.
grazie!
:OTL
PRC - C:\Users\Public\Documents\AppData\PoApp\PService.exe (PService)
SRV - (PowerOffer Service) -- C:\Users\Valentina\AppData\Local\PosService\Pos.exe (PowerOfferService)
SRV - (ServUpdater) -- C:\Users\Valentina\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
SRV - (SoftwareUpd) -- C:\Users\Valentina\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08A16107-11EA-4E02-919C-F786ACCE5EF8}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A9142A0-FB22-4438-A926-F06D2FA7AB61}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
[2012/12/20 18:55:49 | 000,000,000 | ---D | M] -- C:\Users\Valentina\AppData\Local\PosService
[2012/12/20 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\Valentina\AppData\Local\SoftwareUpdater
[2012/12/20 18:54:19 | 000,000,000 | ---D | M] -- C:\Users\Valentina\AppData\Local\PowerOffer
:Files
C:\Users\All Users\Mondadori\MyComposer\{06BAEFAC-2676-4BB8-8D1D-BC647011A6EF}\Data\Products\ShirtVFull\L
C:\Users\All Users\Mondadori\MyComposer\{06BAEFAC-2676-4BB8-8D1D-BC647011A6EF}\Data\Products\ShirtRFull\L
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[Reboot]