RISOLTO Problema con pagine internet che si aprono da sole!!!

Pubblicità
M

Marty Ross

Nuovo Utente
Messaggi
12
Reazioni
0
Punteggio
25
Buongiorno a tutti scusate qualcuno potrebbe aiutarmi per evitare questo fastidioso problema di pagine pubblicitarie che si aprono da sole.....ho provato a fare scansioni complete con avast,ccleaner,malwarebytes, ma nessun file nocivo mi viene segnalato..scusate sono poco pratica...un grazie in anticipo a chi potrebbe dare consigli su cosa fare per risolvere questo problema
 
tecnico24 ha detto:
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html

Date un occhio alle discussioni in rilievo , ogni tanto.

Segui le istruzioni e allega il log di combofix.
Clicca per espandere...
ringrazio per le direttive....una volta che ho postato il log su Wikisend: free file sharing service che dovrei fare?? chiedo scusa della mia poca praticità

- - - Updated - - -

non so se devo postare anche quì il report di combofix, lo allego in ogni caso http://wikisend.com/download/897130/ComboFix.txt

- - - Updated - - -

ComboFix 12-09-24.02 - Samsung 25/09/2012 2:29.4.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.3033.2094 [GMT 2:00]
Eseguito da: c:\desktop\ComboFix.exe
Opzioni usate :: / uninstall
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-08-25 al 2012-09-25 )))))))))))))))))))))))))))))))))))
.
.
2012-09-25 00:35 . 2012-09-25 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 09:51 . 2012-09-22 09:51 -------- d-----w- c:\windows\it
2012-09-22 09:47 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-09-22 09:47 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-09-22 09:47 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-09-22 09:47 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-09-22 09:44 . 2012-09-22 09:44 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3e1643a1cd98a604\DSETUP.dll
2012-09-22 09:44 . 2012-09-22 09:44 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3e1643a1cd98a604\DXSETUP.exe
2012-09-22 09:44 . 2012-09-22 09:44 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\e3e1643a1cd98a604\dsetup32.dll
2012-09-22 09:44 . 2012-09-22 09:44 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\dea145e81cd98a603\DSETUP.dll
2012-09-22 09:44 . 2012-09-22 09:44 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\dea145e81cd98a603\DXSETUP.exe
2012-09-22 09:44 . 2012-09-22 09:44 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\dea145e81cd98a603\dsetup32.dll
2012-09-22 09:44 . 2012-09-22 09:44 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7b4dee21cd98a602\DSETUP.dll
2012-09-22 09:44 . 2012-09-22 09:44 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7b4dee21cd98a602\DXSETUP.exe
2012-09-22 09:44 . 2012-09-22 09:44 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\d7b4dee21cd98a602\dsetup32.dll
2012-09-21 14:21 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F78B7155-8AC3-48CD-998D-6BFB62FA4010}\mpengine.dll
2012-09-20 00:11 . 2012-09-20 00:11 -------- d-----w- c:\users\Samsung\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 00:06 . 2012-09-21 00:08 -------- d-----w- c:\programdata\HitmanPro
2012-09-19 21:51 . 2012-09-25 00:35 -------- d-----w- c:\users\Samsung\AppData\Local\temp
2012-09-14 23:33 . 2012-09-14 23:33 -------- d-----w- c:\windows\system32\wbem\en-US
2012-09-14 22:47 . 2012-09-14 22:47 -------- d-----w- c:\windows\system32\BestPractices
2012-09-14 22:47 . 2012-09-14 22:47 -------- d-----w- C:\inetpub
2012-09-14 22:09 . 2012-09-14 22:09 -------- d-----w- c:\users\Samsung\AppData\Local\Macromedia
2012-09-13 01:11 . 2012-09-13 01:11 -------- d-----w- c:\program files\Intel
2012-09-12 15:02 . 2012-08-21 09:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-09-12 15:02 . 2012-08-21 09:13 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-09-12 15:02 . 2012-08-21 09:13 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-09-12 15:02 . 2012-07-13 10:47 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-09-12 13:53 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-12 13:53 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-12 13:53 . 2012-08-21 09:13 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-12 13:53 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-12 13:53 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-12 13:52 . 2012-08-21 09:13 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-12 13:52 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-12 13:52 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-12 13:51 . 2012-09-12 13:51 -------- d-----w- c:\programdata\AVAST Software
2012-09-12 13:51 . 2012-09-12 13:51 -------- d-----w- c:\program files\AVAST Software
2012-09-12 12:17 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:17 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:17 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:17 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:17 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 12:17 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-08 23:04 . 2012-09-08 23:04 -------- d-----w- c:\users\Samsung\AppData\Roaming\Malwarebytes
2012-09-08 23:03 . 2012-09-08 23:03 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 23:52 . 2012-09-06 23:52 -------- d-----w- c:\programdata\GFI Software
2012-09-06 23:19 . 2012-09-06 23:19 -------- d-----w- c:\programdata\Lavasoft
2012-09-06 23:19 . 2012-09-06 23:19 -------- d-----w- c:\users\Samsung\AppData\Local\Downloaded Installations
2012-09-06 23:10 . 2012-09-06 23:44 -------- d-----w- c:\users\Samsung\AppData\Roaming\Ad-Aware Antivirus
2012-09-05 20:21 . 2012-09-05 20:23 -------- d-----w- c:\program files\lsm
2012-09-01 14:53 . 2012-09-01 14:53 -------- d-----w- C:\usr
2012-08-30 16:11 . 2012-08-30 16:11 -------- d-----w- c:\program files\InstallShield Installation Information
2012-08-30 15:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 01:26 . 2012-04-03 16:35 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 01:26 . 2012-04-03 16:35 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 01:09 . 2012-07-28 01:09 57792 ----a-w- c:\windows\system32\sirenacm.dll
2012-07-28 00:54 . 2012-07-28 00:54 321472 ----a-w- c:\windows\WLXPGSS.SCR
2012-07-26 17:08 . 2012-07-26 17:08 862664 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-18 17:47 . 2012-08-15 23:03 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-17 12:49 . 2012-07-17 12:49 209648 ----a-w- c:\windows\system32\LIVESSP.DLL
2012-07-17 12:37 . 2012-07-17 12:37 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-04 21:14 . 2012-08-15 23:03 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 23:03 102912 ----a-w- c:\windows\system32\browser.dll
2011-12-09 18:15 . 2011-12-09 18:15 8335640 ----a-w- c:\program files\mseinstall.exe
2011-12-06 02:01 . 2011-12-06 02:01 713472 ----a-w- c:\program files\RealPlayer_it.exe
2011-12-06 00:18 . 2011-12-06 00:18 5772 ----a-w- c:\program files\sharedaccess.reg
2011-11-20 20:45 . 2011-11-20 20:45 15160720 ----a-w- c:\program files\AdobeAIRInstaller.exe
2012-08-19 22:50 . 2012-04-10 15:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\Samsung\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe" [2012-04-17 525680]
"Facebook Update"="c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 LSM;Login Session Manager;c:\program files\lsm\lsm.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 AUS;Auto Update Service;c:\program files\lsm\aus.exe [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;Driver miniport NDIS6.2 per controller Ethernet Marvell Yukon;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 01:26]
.
2012-09-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4264532475-2926564507-2349934350-1000Core.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 01:42]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4264532475-2926564507-2349934350-1000UA.job
- c:\users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-05 01:42]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 17:24]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-03 17:24]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.yahoo.it/
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\jwl6ting.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mps.it/index.htm
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111792&babsrc=KW_ss&mntrId=70e3e7870000000000008a39dfab9432&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111792
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70e3e7870000000000008a39dfab9432
FF - user.js: extensions.BabylonToolbar_i.hardId - 70e3e7870000000000008a39dfab9432
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15488
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:14
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2012-09-25 02:36:40
ComboFix-quarantined-files.txt 2012-09-25 00:36
ComboFix2.txt 2012-09-24 23:48
.
Pre-Run: 101.324.034.048 byte disponibili
Post-Run: 101.277.155.328 byte disponibili
.
- - End Of File - - 2DBEF60BDF03980F6177B4AE19C7D264
 
tecnico24 ha detto:
Manca il log di Hijackthis:
http://www.tomshw.it/forum/sicurezza/106542-guida-hijackthis-come-creare-e-allegare-il-log.html
e di TDSS Killer.

A primo impatto sembrerebbero popup pubblicitari , sei sicuro che hai attivato la funzione di blocco popup del tuo broswer?
Clicca per espandere...
si è tutta pubblicità in effetti...ora cerco di allegare i restanti dati che mi hai detto...grazie x ora

- - - Updated - - -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:41, on 25/09/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\lsm\lsm.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Samsung\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
C:\Users\Samsung\AppData\Local\Sky Italia\Sky Go Player\NDSPCShowServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PCShowServer] "C:\Users\Samsung\AppData\Local\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Samsung\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files\lsm\aus.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Login Session Manager (LSM) - MS - C:\Program Files\lsm\lsm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 5117 bytes
 
tecnico24 ha detto:
Scarica AdwCleaner
http://general-changelog-team.fr/fr/downloads/view.download/2

Estrai ed avvia AdwCleaner.exe
Clicca su Search
Quando ha finito clicca su Delete , il pc si riavvierà da solo e al termine allega il log delle operazioni.

Utilizza Ccleaner per pulire i file temporanei e il registro di windows

Svuota la cache di Java
Come si svuota la cache Java?

Attendo il log di TDSS Killer.
Clicca per espandere...

ecco fatto spero di esserci riuscita

- - - Updated - - -

mi scuso per il ritardo nell'invio dei log

- - - Updated - - -

di Adwcleaner mi da varie operazioni,è corretta quella che ho inviato (S1)?

- - - Updated - - -

tecnico24 ha detto:
Manca il log di Hijackthis:
http://www.tomshw.it/forum/sicurezza/106542-guida-hijackthis-come-creare-e-allegare-il-log.html
e di TDSS Killer.

A primo impatto sembrerebbero popup pubblicitari , sei sicuro che hai attivato la funzione di blocco popup del tuo broswer?
Clicca per espandere...

si i popup sono bloccati
 

Allegati

Allegati

Verifica se nel pannello di controllo c'è la voce PowerOffer , altrimenti abbiamo finito , il pc è pulito.
 
Pubblicità
Pubblicità
Indietro
Top