UFFICIALE Apertura pagine pubblicitarie

[ricciox]

ciao tecnico fatto tutto quello suggerito da te ma ancora il banner continua a spuntare, anche mentre scrivo qui è presente, ti riporto il log di malwarebtes
Visualizza allegato log malwarebytes.txt

- - - Updated - - -

scoperto l'arcano, è un'estensione dal nome video download helper che creava questo banner, una volta eliminata ho risolto, grazie.

 

[1133090]

ciao il mio pc apre da solo pagine pubblicitarie e pop-up, allego il report di combofit

ComboFix 15-04-09.01 - Francesca 13/04/2015 20:29:11.5.2 - x64Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.4063.2468 [GMT 2:00]
Eseguito da: d:\users\Francesca\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0\6
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\background.html
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\chromeCoreFilesIndex.txt
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\crossriderManifest.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\manifest.xml
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\1.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\102.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\103.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\104.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\119.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\123.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\124.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\13.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\14.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\155.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\17.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\177.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\178.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\179.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\180.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\182.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\183.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\184.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\189.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\19.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\190.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\191.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\194.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\195.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\198.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\199.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\207.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\21.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\213.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\22.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\220.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\221.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\223.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\232.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\236.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\244.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\246.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\28.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\4.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\47.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\64.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\7.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\72.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\78.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\79.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\80.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\9.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\91.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\93.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\plugins\97.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\userCode\background.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\extensionData\userCode\extension.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\icons\actions\1.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\icons\icon128.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\icons\icon16.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\icons\icon48.png
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\chrome.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\cookie.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\message.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\monitor.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\pageAction.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\api\pageActionBG.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\background.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\app_api.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\bg_app_api.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\consts.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\cookie_store.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\crossriderAPI.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\delegate.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\events.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\extensionDataStore.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\installer.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\logFile.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\logging.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\onBGDocumentLoad.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\popupResource\newPopup.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\popupResource\popup.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\reports.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\storageWrapper.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\updateManager.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\util.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\lib\xhr.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\main.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\js\platformVersion.js
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\manifest.json
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjflmfkjppbmejlfbhlpgjnomdoefkfa\1.26.117_0\popup.html
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\CURRENT
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jjflmfkjppbmejlfbhlpgjnomdoefkfa\LOG.old
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jjflmfkjppbmejlfbhlpgjnomdoefkfa_0.localstorage-journal
c:\users\Francesca\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Francesca\AppData\Local\lollipop
c:\users\Francesca\AppData\Local\lollipop\Lollipop.exe
.
c:\windows\SysWow64\ntdll.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2015-03-13 al 2015-04-13 )))))))))))))))))))))))))))))))))))
.
.
2015-04-13 18:36 . 2015-04-13 18:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-04-13 18:36 . 2015-04-13 18:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-13 18:36 . 2015-04-13 18:36 -------- d-----w- c:\users\Francesca\AppData\Local\temp
2015-04-13 18:36 . 2015-04-13 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-13 09:37 . 2015-04-13 09:37 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF848E43-17DC-457E-84F4-CEDB1BD228B6}\offreg.dll
2015-04-11 05:26 . 2015-04-13 08:47 -------- d-s---w- c:\windows\system32\GWX
2015-04-11 05:26 . 2015-04-11 05:26 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-10 16:23 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-04-10 16:23 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-04-10 16:23 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-04-10 16:23 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-04-10 16:20 . 2015-02-03 03:31 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-04-10 16:18 . 2015-02-03 03:31 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-04-10 16:18 . 2015-02-03 03:12 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-04-10 16:18 . 2015-02-13 05:22 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-04-10 16:16 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-04-10 16:15 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-04-10 15:50 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-10 15:50 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-26 19:14 . 2012-01-18 06:27 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 02:17 . 2012-01-18 05:58 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 13:19 . 2015-02-17 13:19 1614496 ----a-w- c:\windows\system32\FM20.DLL
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110411591118}]
2013-12-14 12:41 641896 ----a-w- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:37 151576 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2014-10-14 911032]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Francesca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Francesca\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-2 43382072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys;c:\windows\SYSNATIVE\DRIVERS\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys;c:\windows\SYSNATIVE\DRIVERS\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 09:47]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-31 09:47]
.
2015-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386625674-3826157362-4037655265-1000Core.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 20:06]
.
2015-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2386625674-3826157362-4037655265-1000UA.job
- c:\users\Francesca\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31 20:06]
.
2015-04-13 c:\windows\Tasks\Plus-HD-4.9-chromeinstaller.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-chromeinstaller.exe [2013-12-14 12:41]
.
2015-04-13 c:\windows\Tasks\Plus-HD-4.9-codedownloader.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe [2013-12-14 12:41]
.
2015-04-13 c:\windows\Tasks\Plus-HD-4.9-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-firefoxinstaller.exe [2013-12-14 12:41]
.
2015-04-13 c:\windows\Tasks\Plus-HD-4.9-updater.job
- c:\program files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe [2013-12-14 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-04-02 18:38 184856 ----a-w- c:\users\Francesca\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-05-14 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"tworcgmrrv"="wscript.exe" [2013-10-12 168960]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant =
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2015-04-13 20:39:15
ComboFix-quarantined-files.txt 2015-04-13 18:39
ComboFix2.txt 2014-04-21 16:05
.
Pre-Run: 33.124.954.112 byte disponibili
Post-Run: 33.044.955.136 byte disponibili
.
- - End Of File - - A421A234193D44DCE9C0AAD1563025DD
A36C5E4F47E84449FF07ED3517B43A31

e quello di Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:11, on 13/04/2015
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Francesca\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Italia: accedi a Hotmail, Outlook, Messenger e Skype
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = This message is from the Microsoft Safety & Security Center
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: CrossriderApp0045918 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-21-2386625674-3826157362-4037655265-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2386625674-3826157362-4037655265-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Francesca\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--
End of file - 9692 bytes

garzie

 

[tecnico24]

Ciao.Ti ho chiesto i log di OTL:le istruzioni al primo post del topic.
Allegali qui

 

[1133090]

Ciao, ti allego i link per scaricare i log:
Visualizza allegato Extras.Txt
Visualizza allegato OTL.Txt
Wikisend: free file sharing service
Wikisend: free file sharing service

Grazie dell'aiuto

 

[tecnico24]

Ciao.
Apri OTL e incolla il codice contenuto in fix.txt qui sotto allegato.
Premi su Run Fix e lascia lavorare il programma fino al riavvio.
Posta il log e verifica.

 

[NewRaiden]

Ciao a tutti!

Anche io ho il problema che mi si aprono schede pubblicitarie in chrome mentre navigo. Ho seguito alla lettera le procedure di pulizia descritte sulla relativa discussione ma il problema persiste. Vi invio quindi di seguito i log di OTL:

Wikisend: free file sharing service
Wikisend: free file sharing service

Vi ringrazio anticipatamente amici ;)

 

[tecnico24]

@NewRaiden
Apri OTL e incolla il codice contenuto in fix.txt .
Premi su Run Fix e aspetta fino al riavvio del pc.
Posta il log che ti uscirà in automatico e verifica.

 

[NewRaiden2]

@NewRaiden
Apri OTL e incolla il codice contenuto in fix.txt .
Premi su Run Fix e aspetta fino al riavvio del pc.
Posta il log che ti uscirà in automatico e verifica.

Ciao. Grazie infinite per la risposta velocissima! Purtroppo posso utilizzare il pc soltanto i primi tre gg della settimana e quindi ho potuto risponderti soltanto ora :)

Sembra che le pubblicità non appaiano più!

Ti posto il LOG di OTL.

Grazie infinite!

PS IMPORTANTE!: Non so per quale motivo ma con il mio account principale (NewRaiden) non mi fa più postare... E' stato bloccato? Eventualmente non ne capisco il motivo...

 

[Giulia Sapio]

Buonasera a tutti, spero di essere nella discussione ufficiale, in caso contrario perdonatemi.
Ho lo lo stesso problema, mentre navigo su Chrome mi si aprono pagine pubblicitarie.
Ho scaricato ed esguito ComboFix disattivando AVG e internet. Non sono riuscita a disattivare Malaware bytes e superantispyware, questo causa prolemi al report?
Ad ogni modo lo allego, vi ringrazio molto.
Ciao!
Giulia

 

[tecnico24]

Ciao , prima di passare alle maniere "forti" utilizza adwcleaner
http://www.tomshw.it/forum/sicurezza/492602-rimozione-malware-un-pc-infetto-aggiornato.html
come spiegato nella guida , dopo la funzione pulisci allega il log e verifica.

 

[edo91]

Ciao,
da qualche giorno ho alcuni problemi sul pc.
Mi si sono installati alcuni programmi fastidiosi sul pc che sono riuscito a rimuovere completamente, eccetto CandyBox 3.0.

Di fatto, ho due problemi fastidiosi:
1) mentre navigo su google chrome si aprono all'improvviso pagine pubblicitarie;
2) sempre su google chrome, ci sono adesso alcune ads by cloudscout che non riesco a rimuovere.

Ho fatto le seguenti operazioni:
1) pulizia completa con Ccleaner (non fa disinstallare CandyBox);
2) ho provato a killare processi aus.exe e cab.exe ma questi si ripresentano dopo il riavvio;
3) ho fatto scansione con malwarebytes ed adwcleaner e OTL.

Allego i log delle scansioni.
OTL: https://drive.google.com/file/d/0B58UK9TjclLcdFU0b3pMUi1wZTg/view?usp=sharing
Malwarebytes: https://drive.google.com/file/d/0B58UK9TjclLcdFMyd045dUVHUkU/view?usp=sharing
AdwCleaner (1): https://drive.google.com/file/d/0B58UK9TjclLcazhOM21XaHhwZTA/view?usp=sharing
AdwCleaner (2): https://drive.google.com/file/d/0B58UK9TjclLcQjRnYUFYZTd4ams/view?usp=sharing

Al momento il problema persiste, cosa posso fare?

Grazie

 

[tecnico24]

Ciao edo91.
Apri OTL e incolla sotto custom scans/fixes queste voci

:otl
PRC - C:\Program Files (x86)\CandyBox\cab.exe (Link Up Advertising)
PRC - C:\Program Files (x86)\CandyBox\aus.exe (MS)
SRV - (Log S.M.) -- C:\Program Files (x86)\CandyBox\cab.exe (Link Up Advertising)
SRV - (AUS) -- C:\Program Files (x86)\CandyBox\aus.exe (MS)
O4 - HKU\S-1-5-21-1237455604-4215812669-178868022-1001..\Run: [EPSON S22 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\WINDOWS\TEMP\E_S956C.tmp" /EF "HKCU" File not found
[2015/04/14 14.24.21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CandyBox
PRC - C:\Program Files (x86)\MaxComputerCleaner_v17.298\MaxComputerCleaner_Maintenance.exe ()
[2015/04/14 14.04.47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxComputerCleaner_v17.298
[2015/04/14 14.04.46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxComputerCleaner


:files
ipconfig /flushdns /c


:Commands
[emptytemp]
[emptyjava]

clicca in alto su RUN FIX.
Attendi le operazioni e il riavvio del PC.
Al ritorno ti mostrerà il log , allegalo qui e verifica se si riaprono.

 

[Giulia Sapio]

Ciao , prima di passare alle maniere "forti" utilizza adwcleaner
http://www.tomshw.it/forum/sicurezza/492602-rimozione-malware-un-pc-infetto-aggiornato.html
come spiegato nella guida , dopo la funzione pulisci allega il log e verifica.

Ciao Tecnico 24, ho installato ed eseguito adwleaner.
Le pagine pubblicitarie continuano a uscire.
In allegato i report di adwcleaner.

Grazie
Ciao!
Giulia

 

[edo91]

Ciao edo91.
Apri OTL e incolla sotto custom scans/fixes queste voci

:otl
PRC - C:\Program Files (x86)\CandyBox\cab.exe (Link Up Advertising)
PRC - C:\Program Files (x86)\CandyBox\aus.exe (MS)
SRV - (Log S.M.) -- C:\Program Files (x86)\CandyBox\cab.exe (Link Up Advertising)
SRV - (AUS) -- C:\Program Files (x86)\CandyBox\aus.exe (MS)
O4 - HKU\S-1-5-21-1237455604-4215812669-178868022-1001..\Run: [EPSON S22 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGEE.EXE /FU "C:\WINDOWS\TEMP\E_S956C.tmp" /EF "HKCU" File not found
[2015/04/14 14.24.21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CandyBox
PRC - C:\Program Files (x86)\MaxComputerCleaner_v17.298\MaxComputerCleaner_Maintenance.exe ()
[2015/04/14 14.04.47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxComputerCleaner_v17.298
[2015/04/14 14.04.46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MaxComputerCleaner


:files
ipconfig /flushdns /c


:Commands
[emptytemp]
[emptyjava]

clicca in alto su RUN FIX.
Attendi le operazioni e il riavvio del PC.
Al ritorno ti mostrerà il log , allegalo qui e verifica se si riaprono.

Ciao Tecnico 24,

ho eseguito quanto mi hai indicato, ad al momento non si aprono pagine pubblicitarie improvvise, nè ci sono più gli ads by cloudscout.
CandyBox risulta eliminato.

Allego la scansione con OTL: https://drive.google.com/file/d/0B58UK9TjclLcWlBtTlNrNHcxemc/view?usp=sharing

Grazie mille per l'attenzione e la disponibilità!

Edo

 

[tecnico24]

Apri OTL e premi su cleanup per rimuoverlo.
Ciao ;)