Olimpo Informatico

Baltus · Eroe in grazia degli dei Registrato: 22/09/11 13:42 Messaggi: 111

Salve,

problema con trovit.com che mi ha "inhvaso" i browsers!! Rolling Eyes

Allego log AdwCleaner

.txt]AdwCleaner[S0].txt

Baltus · Eroe in grazia degli dei Registrato: 22/09/11 13:42 Messaggi: 111

Wikisend non mi carica il log di adwCleaner, lo posto direttamente:

# AdwCleaner v6.000 - Logfile created 20/08/2016 at 21:54:58
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-20.1 [Server]
# Operating System : Windows 8.1 Pro (X86)
# Username : poi - POI8
# Running from : C:\Users\poi\Desktop\adwcleaner_6.000.exe
# Mode: Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found: CltMngSvc
Service Found: Orbiter
Service Found: SPPD

***** [ Folders ] *****

Folder Found: C:\Users\poi\AppData\Local\SearchProtect
Folder Found: C:\Users\poi\AppData\Local\bvyvbvhx
Folder Found: C:\Program Files\ORBTR
Folder Found: C:\Program Files\SearchProtect

***** [ Files ] *****

File Found: C:\Windows\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found: C:\Windows\AppPatch\nbin\VC32Loader.dll
File Found: C:\Users\poi\AppData\Roaming\Mozilla\Firefox\Profiles\xnnx1qv9.default\searchplugins\trovi.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

Task Found: bvyvbvhx

***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKU\S-1-5-21-382136830-1405898088-1604346383-1001\Software\SearchProtect
Key Found: HKU\S-1-5-21-382136830-1405898088-1604346383-1001\Software\SEARCHPROTECT
Key Found: HKCU\Software\SearchProtect
Key Found: HKCU\Software\SEARCHPROTECT
Key Found: HKLM\SOFTWARE\ORBTR
Key Found: HKLM\SOFTWARE\SearchProtect
Key Found: HKLM\SOFTWARE\SPPDCOM
Key Found: HKLM\SOFTWARE\SEARCHPROTECT
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEARCHPROTECT
Data Found: HKU\S-1-5-21-382136830-1405898088-1604346383-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E4395938-12A9-4D05-9D96-A315ED5B5229&SearchSource=55&CUI=&UM=8&UP=SPB10A4E5C-EC73-4A38-99D6-A3CE96FC6EBB&D=082016&SSPV=
Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E4395938-12A9-4D05-9D96-A315ED5B5229&SearchSource=55&CUI=&UM=8&UP=SPB10A4E5C-EC73-4A38-99D6-A3CE96FC6EBB&D=082016&SSPV=
Key Found: HKU\S-1-5-21-382136830-1405898088-1604346383-1001\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Value Found: HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]
Value Found: HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]
Value Found: HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]
Key Found: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
Value Found: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]
Value Found: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]
Value Found: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe [{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb]

***** [ Web browsers ] *****

Firefox pref Found: [C:\Users\poi\AppData\Roaming\Mozilla\Firefox\Profiles\xnnx1qv9.default\prefs.js] - "browser.newtab.url" - "hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E4395938-12A9-4D05-9D96-A315ED5B5229&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPB10A4E5C-EC73-4A38-99D6-A3CE96FC6EBB&D=082016"
Firefox pref Found: [C:\Users\poi\AppData\Roaming\Mozilla\Firefox\Profiles\xnnx1qv9.default\prefs.js] - "browser.startup.homepage" - "hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=E4395938-12A9-4D05-9D96-A315ED5B5229&SearchSource=55&CUI=&UM=8&UP=SPB10A4E5C-EC73-4A38-99D6-A3CE96FC6EBB&D=082016&SSPV="
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4608 Bytes] - [20/08/2016 21:54:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4681 Bytes] ##########

R16 · Dio maturo Registrato: 07/03/08 21:58 Messaggi: 10123

Ciao.
Elimina quello che ha trovato Adwcleaner, cliccando sul pulsante "Clean", alla fine delle eliminazioni, ti chiederà di riavviare il pc: acconsenti.
Al riavvio, controlla se il problema è risolto.
In tutti i casi, fai una scansione con Malwarebytes, ed elimina quello che trova.

Baltus · Eroe in grazia degli dei Registrato: 22/09/11 13:42 Messaggi: 111

Allora, tutto sembra funzionare bene!

MBAM non ha trovato nulla di rilevante se non i soliti PUB.

Grazie R16! ... in servizio attivo anche sotto l'ombrellone Very Happy