Come evitare l'apparizione di pop-up "Powered by Gems"?

[R16]

@Nunni

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

:OTL
PRC - C:\Users\Nunzi\AppData\Local\Context2pro\contextprod.exe ()
PRC - C:\Users\Nunzi\AppData\Local\Context2pro\conadvanced.exe ()
PRC - C:\Users\Nunzi\AppData\Local\Context2pro\contextfr.exe ()
MOD - C:\Users\Nunzi\AppData\Local\Context2pro\contextprod.exe ()
MOD - C:\Users\Nunzi\AppData\Local\Context2pro\conadvanced.exe ()
MOD - C:\Users\Nunzi\AppData\Local\Context2pro\contextfr.exe ()
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-541176005-4027257523-2224585182-1000..\Run: [conadvanced] C:\Users\Nunzi\AppData\Local\Context2pro\conadvanced.exe ()
O4 - HKU\S-1-5-21-541176005-4027257523-2224585182-1000..\Run: [contextfr] C:\Users\Nunzi\AppData\Local\Context2pro\contextfr.exe ()
O4 - HKU\S-1-5-21-541176005-4027257523-2224585182-1000..\Run: [contextprod] C:\Users\Nunzi\AppData\Local\Context2pro\contextprod.exe ()
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found [MENTION=102884]alt[/MENTION]ernate Data Stream - 24 bytes -> C:\Windows:62EB44F7C95283C3 [MENTION=102884]alt[/MENTION]ernate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9 [MENTION=102884]alt[/MENTION]ernate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

:Files
C:\Users\Nunzi\AppData\Local\Context2pro
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

 

[Nunni]

Grazie mille per l'aiuto, si è finalmente risolto quel problema fastidioso! :D

 

[SAIRON]

All processes killed
========== OTL ==========
No active process named conadvanced.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack not found.
File C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012/11/05 19:29:08 | 000,137,034 | ---- | M] not found.
Registry key HKEY_USERS\S-1-5-21-3935488313-1780361500-1005935258-1002\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\Margherita\AppData\Local\Context2pro\conadvanced.exe not found.
Registry key HKEY_USERS\S-1-5-21-3935488313-1780361500-1005935258-1002\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\Margherita\AppData\Local\Context2pro\contextfr.exe not found.
Registry key HKEY_USERS\S-1-5-21-3935488313-1780361500-1005935258-1002\Software\Microsoft\Windows\CurrentVersion\Run not found.
File C:\Users\Margherita\AppData\Local\Context2pro\contextprod.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
========== FILES ==========
File\Folder C:\Users\Margherita\AppData\Local\Context2pro\conadvanced.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Proprietario
->Temp folder emptied: 792 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 13470051 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Proprietario
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Proprietario
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06092014_183000

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Questo blocco note mi è venuto fuori al riavvio dopo la scanzione dell' OTL,
purtroppo il problema persiste, hai qualche altra dritta da daemi?

 

[R16]

@SAIRON

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

:OTL
PRC - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe ()
MOD - C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKU\S-1-5-21-682003330-1563985344-1801674531-1003..\Run: [contextprod] C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe ()
[2012/12/20 14.42.28 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\@
[2012/12/20 14.42.28 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\L
[2012/12/20 14.42.28 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\U
[2011/01/12 18.46.32 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

:Files
C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4
C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro
ipconfig /flushdns /c

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*" 

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

 

[SAIRON]

All processes killed
========== OTL ==========
No active process named contextprod.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-682003330-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\contextprod not found.
File C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe not found.
File C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\@ not found.
Folder C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\L\ not found.
Folder C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4\U\ not found.
File C:\WINDOWS\assembly\Desktop.ini not found.
========== FILES ==========
File\Folder C:\RECYCLER\S-1-5-18\$c06edfa3ff47ff58146ad32c81dbeaa4 not found.
File\Folder C:\Documents and Settings\Proprietario\Impostazioni locali\Dati applicazioni\Context2pro not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Svuotata la cache del resolver DNS.
C:\Documents and Settings\Proprietario\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Proprietario\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Proprietario
->Temp folder emptied: 398957 bytes
->Temporary Internet Files folder emptied: 33300 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14458868 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Proprietario
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb

HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Proprietario
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06102014_165058

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Ecco il blocco note che mi è uscito dopo il secondo tentativo,
è un pò che navigo e non mi è ancora comparsa nessuna pubblicità,
forse mi hai risolto il problema

 

[R16]

forse mi hai risolto il problema

Non ne sono convinto.
Puoi per cortesia fare una scansione con OTL che verifico se sono ancora presenti le infezioni?
Grazie.

 

[SAIRON]

Ti allego OTL.
Grazie mille per la disponibilità

 

[R16]

@SAIRON

Ci sono delle vecchie infezioni di Zero Access, e del ransom Ukash
Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

:OTL
[2012/08/31 08.31.56 | 004,503,728 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\ism_0_llatsni.pad
[2012/04/12 09.31.48 | 000,002,905 | ---- | C] () -- C:\Documents and Settings\Proprietario\Ahmbed.gz

:Files
C:\WINDOWS\$NtUninstallKB9854$
C:\RECYCLER\S-1-5-21-682003330-1563985344-1801674531-1003\$c06edfa3ff47ff58146ad32c81dbeaa4\n.
C:\RECYCLER\S-1-5-21-682003330-1563985344-1801674531-1003\$c06edfa3ff47ff58146ad32c81dbeaa4

:commands
[emptytemp]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log.

Dimmi se o quali problemi riscontri.

 

[luclor97]

Ciao a tutti, ho lo stesso problema con POWERED BY GEMS e volevo chiedervi se è sufficiente allegare il "log" di ComboFix.

Grazie per il vostro aiuto.

 

[londar]

Salve, anche io ho lo stesso problema, ecco i log

Visualizza allegato AdwCleaner[S2].txt
Visualizza allegato OTL.Txt

Grazie per l'aiuto

 

[R16]

Avvia OTL.

Sotto "Custom Scans\Fixes" copia-incolla questo codice:

:OTL
PRC - C:\Users\Nicola Londero\AppData\Local\Context2pro\contextprod.exe ()
PRC - C:\Users\Nicola Londero\AppData\Local\Context2pro\conadvanced.exe ()
PRC - C:\Users\Nicola Londero\AppData\Local\Context2pro\contextfr.exe ()
MOD - C:\Users\Nicola Londero\AppData\Local\Context2pro\contextprod.exe ()
MOD - C:\Users\Nicola Londero\AppData\Local\Context2pro\conadvanced.exe ()
MOD - C:\Users\Nicola Londero\AppData\Local\Context2pro\contextfr.exe ()
SRV - (ServUpdater) -- C:\Users\Nicola Londero\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=ds&q={searchTerms}&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=ds&q={searchTerms}&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=hp&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=ds&q={searchTerms}&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=ds&q={searchTerms}&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=IT&userid=dabcc210-92e6-7880-87cd-0c8a58a3c1fa&searchtype=ds&q={searchTerms}&installDate=25/08/2013
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1001\..\SearchScopes\{00000000-0000-0000-0000-000000000001}: "URL" = http://www.quick-seeker.com/sf/search?q={searchTerms}
IE - HKU\S-1-5-21-3876224622-3083355412-495750589-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://search.findeer.com [binary data]
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3876224622-3083355412-495750589-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:[b]64bit:[/b] - HKU\S-1-5-21-3876224622-3083355412-495750589-1001\..\Toolbar\WebBrowser: (Astroburn Toolbar) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar64.dll File not found
O4 - HKU\S-1-5-21-3876224622-3083355412-495750589-1001..\Run: [conadvanced] C:\Users\Nicola Londero\AppData\Local\Context2pro\conadvanced.exe ()
O4 - HKU\S-1-5-21-3876224622-3083355412-495750589-1001..\Run: [contextfr] C:\Users\Nicola Londero\AppData\Local\Context2pro\contextfr.exe ()
O4 - HKU\S-1-5-21-3876224622-3083355412-495750589-1001..\Run: [contextprod] C:\Users\Nicola Londero\AppData\Local\Context2pro\contextprod.exe ()
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found

:Files
C:\Users\Nicola Londero\AppData\Local\Context2pro
C:\Users\Nicola Londero\AppData\Local\ServUpdater
ipconfig /flushdns /c

:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]

Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.

 

[londar]

Grazie Mille!!! Adesso è tutto apposto!

 

[luclor97]

Ciao a tutti, ho lo stesso problema con POWERED BY GEMS e volevo chiedervi se è sufficiente allegare il "log" di ComboFix.

Grazie per il vostro aiuto.

Allego il log di ComboFix

 

[R16]

@luclor97
Apri un file di testo con il Block Note sul Desktop

Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

KillAll::

Driver::
SoftwareUpd

File::
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\contextfr.exe
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\conadvanced.exe
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe
Folder::
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"contextfr"=-
"conadvanced"=-
"contextprod"=-

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Poi fai una scansione completa con Malwarebytes.
Elimina quello che trova.

Poi il pc ha qualche infezione adware, per cui:
Scarica Adwcleaner sul desktop:
Downloads - AdwCleaner - ToolsLib
Chiudi tutti i browser (è importante che siano chiusi: IE,Firefox, Chrome ecc...)
Clicca sul pulsante "Scansiona".
Finita la scansione clicca su "Pulisci"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

 

[luclor97]

Re: Come evitare l'apparizione di pop-up &quot;Powered by Gems&quot;?

@luclor97
Apri un file di testo con il Block Note sul Desktop

Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

KillAll::

Driver::
SoftwareUpd

File::
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\contextfr.exe
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\conadvanced.exe
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro\contextprod.exe
Folder::
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\SoftwareUpdater
c:\documents and settings\USER\Impostazioni locali\Dati applicazioni\Context2pro

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"contextfr"=-
"conadvanced"=-
"contextprod"=-

e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.

Poi fai una scansione completa con Malwarebytes.
Elimina quello che trova.

Poi il pc ha qualche infezione adware, per cui:
Scarica Adwcleaner sul desktop:
Downloads - AdwCleaner - ToolsLib
Chiudi tutti i browser (è importante che siano chiusi: IE,Firefox, Chrome ecc...)
Clicca sul pulsante "Scansiona".
Finita la scansione clicca su "Pulisci"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Ciao R16, innanzi tutto ti ringrazio per l'aiuto che mi dai !

Ti allego il nuovo log di ComboFix, spero di aver fatto giusto, non sono un grande informatico...
Ora per la scansione con Malwarebytes, penso sia un programma che devo scaricare ?

- - - Updated - - -

Dove posso scaricarlo in modo sicuro, senza tirarmi dentro altri virus ?