Toggle sidebar Toggle sidebar

RISOLTO [PROBLEMA] Pagine pubblicitarie con Google Chrome che si aprono da sole!

Solvente

Solvente

Nuovo Utente
13
0
Salve a tutti sono un utente nuovo,:) ed ho lo stesso problema affrontato da tanti altri utenti: cioè su Google Chrome ,utilizzando forum o anche video su youtube, al mio clic si aprono pagine pubblicitarie fastidiosissime. Ho letto il Thread Ufficiale ma sono riuscito ad arrivare al punto in cui il computer si riavvia dopo la scansione di combofix. Come continuare? Grazie in anticipo ;)
 
Ultima modifica:
Solvente

Solvente

Nuovo Utente
13
0
dopo aver disattivata l'antivirus (antivir) e dopo aver disattivato firewall, è sufficente aprire direttamente Combofix, oppure devo trascinare CFScript.txt sull'icona di combofix??
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Assolutamente NO.

Lo script è personalizzato , rischi di fare danni irreparabili:Limitati solo ad allegare il report (C:\Combofix) nel forum.
 
Solvente

Solvente

Nuovo Utente
13
0
ComboFix 12-12-17.02 - Giuseppe 18/12/2012 10:49:01.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4026.2900 [GMT 1:00]
Eseguito da: c:\users\Giuseppe\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-18 al 2012-12-18 )))))))))))))))))))))))))))))))))))
.
.
2012-12-18 09:59 . 2012-12-18 09:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 10:13 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 10:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-07 17:16 . 2012-12-07 17:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-07 17:16 . 2012-12-07 17:16 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-01 11:04 . 2012-12-15 19:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-01 11:04 . 2012-12-15 19:58 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-27 17:33 . 2012-11-27 17:33 -------- d-----w- c:\users\Giuseppe\AppData\Local\PowerOffer
2012-11-27 15:00 . 2012-11-27 15:00 -------- d-----w- c:\users\Giuseppe\AppData\Local\Deployment
2012-11-27 15:00 . 2012-11-27 15:00 -------- d-----w- c:\users\Giuseppe\AppData\Local\Apps
2012-11-27 13:41 . 2012-11-27 13:41 -------- d-----w- c:\users\Giuseppe\AppData\Local\CRE
2012-11-27 13:31 . 2012-11-27 17:33 -------- d-----w- c:\users\Giuseppe\AppData\Local\PosService
2012-11-27 13:31 . 2012-11-27 17:33 -------- d-----w- c:\users\Giuseppe\AppData\Local\ServUpdater
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\users\Giuseppe\AppData\Local\Babylon
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\users\Giuseppe\AppData\Roaming\PerformerSoft
2012-11-27 13:28 . 2012-03-14 14:47 19000 ----a-w- c:\windows\system32\roboot64.exe
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\users\Giuseppe\AppData\Roaming\Babylon
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\programdata\Babylon
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\programdata\IBUpdaterService
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\windows\SysWow64\Extensions
2012-11-27 13:28 . 2012-11-27 13:29 -------- d-----w- c:\programdata\PC Performer Manager
2012-11-27 13:28 . 2012-11-27 17:33 -------- d-----w- c:\users\Giuseppe\AppData\Local\SoftwareUpdater
2012-11-27 12:55 . 2012-11-27 14:34 -------- d-----w- c:\users\Giuseppe\AppData\Roaming\uTorrent
2012-11-20 20:06 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-20 20:04 . 2012-11-20 20:04 -------- d-----w- c:\program files\iPod
2012-11-20 18:11 . 2012-11-20 18:11 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 21:20 . 2012-11-28 08:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 08:48 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 08:48 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:45 . 2012-12-12 10:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:39 . 2012-11-14 23:29 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-14 23:29 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 11:18 1519824 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-20 1568976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\PCPERF~1\24897~1.175\{61D8B~1\pcpmngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-13 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-13 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe [2012-11-02 2400800]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 15:00]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360910f115l04e4z105t4552d761
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360910f115l04e4z105t4552d761
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{173DC93C-7476-469B-91B4-B8737CCA3430}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7D52064F-B8CE-4189-A24E-F8F0E1A262E7}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Giuseppe\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2396759448-1796771247-4007374227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2396759448-1796771247-4007374227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @DenieD: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2012-12-18 11:16:22
ComboFix-quarantined-files.txt 2012-12-18 10:16
.
Pre-Run: 254.309.806.080 byte disponibili
Post-Run: 254.267.613.184 byte disponibili
.
- - End Of File - - EE8DC855B7F505C84DA8FC558345B56B

- - - Updated - - -

scusa allego cosi perchè sono impedito, va bene lo stesso?
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Scarica il file CFScript.txt che ti ho allegato qui in basso sul desktop

Trascinalo nell'icona rossa di Combofix

Attendi le operazioni senza interferire , il pc si riavvierà , al ritorno posta il log che ti appare.
 

Allegati

  • CFScript.txt
    1 KB · Visualizzazioni: 183
Solvente

Solvente

Nuovo Utente
13
0
ComboFix 12-12-17.02 - Giuseppe 18/12/2012 11:57:23.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4026.2682 [GMT 1:00]
Eseguito da: c:\users\Giuseppe\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Giuseppe\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\AviraBrowserSecurity.exe
c:\program files (x86)\Ask.com\cb_2127.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_1bba.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\programdata\Babylon
c:\programdata\IBUpdaterService
c:\programdata\IBUpdaterService\repository.xml
c:\programdata\PC Performer Manager
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\bl
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\chrome.manifest
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\pcpmngr-3.6.xpt
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\content\overlay.xul
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\content\pcpmngr.js
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\install.rdf
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.crx
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.dll
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.exe
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\pcpmngr.settings
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\00
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\01
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\02
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\10
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\11
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\12
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\20
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\21
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings\22
c:\programdata\PC Performer Manager\2.4.897.175\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\uninstall.exe
c:\users\Giuseppe\AppData\Local\Apps
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\clic...exe_4fe91ede9f9bdca3_0001.0003_none_815239c964d98cc1\GoogleUpdateSetup.exe
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\manifests\clic...exe_4fe91ede9f9bdca3_0001.0003_none_815239c964d98cc1.cdf-ms
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\manifests\clic...exe_4fe91ede9f9bdca3_0001.0003_none_815239c964d98cc1.manifest
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\manifests\prog...app_4fe91ede9f9bdca3_0001.0003_none_498a192215f524aa.cdf-ms
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\manifests\prog...app_4fe91ede9f9bdca3_0001.0003_none_498a192215f524aa.manifest
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\prog...app_4fe91ede9f9bdca3_0001.0003_1c5a66fc0a66075e\clickonce_bootstrap.exe
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\prog...app_4fe91ede9f9bdca3_0001.0003_1c5a66fc0a66075e\clickonce_bootstrap.exe.manifest
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\prog...app_4fe91ede9f9bdca3_0001.0003_1c5a66fc0a66075e\clickonce_bootstrap_unsigned.manifest
c:\users\Giuseppe\AppData\Local\Apps\2.0\YLZ5TX1E.08W\7YJD5V4O.4DE\prog...app_4fe91ede9f9bdca3_0001.0003_1c5a66fc0a66075e\GoogleUpdateSetup.exe
c:\users\Giuseppe\AppData\Local\Babylon
c:\users\Giuseppe\AppData\Local\Babylon\Setup\latest_6.21.zpb
c:\users\Giuseppe\AppData\Local\PosService
c:\users\Giuseppe\AppData\Local\PosService\7z.dll
c:\users\Giuseppe\AppData\Local\PosService\AppLib.Zip.dll
c:\users\Giuseppe\AppData\Local\PosService\Pos.exe
c:\users\Giuseppe\AppData\Local\PosService\Pos.InstallLog
c:\users\Giuseppe\AppData\Local\PosService\Pos.InstallState
c:\users\Giuseppe\AppData\Local\PosService\settings.ini
c:\users\Giuseppe\AppData\Local\PosService\settings\settings.ini
c:\users\Giuseppe\AppData\Local\PowerOffer
c:\users\Giuseppe\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\Giuseppe\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\Giuseppe\AppData\Local\PowerOffer\Wait.exe
c:\users\Giuseppe\AppData\Local\ServUpdater
c:\users\Giuseppe\AppData\Local\ServUpdater\7z.dll
c:\users\Giuseppe\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\Giuseppe\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Giuseppe\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\Giuseppe\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\users\Giuseppe\AppData\Local\ServUpdater\settings.ini
c:\users\Giuseppe\AppData\Local\ServUpdater\settings\settings.ini
c:\users\Giuseppe\AppData\Local\SoftwareUpdater
c:\users\Giuseppe\AppData\Local\SoftwareUpdater\settings.ini
c:\users\Giuseppe\AppData\Local\SoftwareUpdater\settings\settings.ini
c:\users\Giuseppe\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
c:\users\Giuseppe\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallLog
c:\users\Giuseppe\AppData\Local\SoftwareUpdater\SoftwareUpdService.InstallState
c:\users\Giuseppe\AppData\Roaming\Babylon
c:\users\Giuseppe\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PC Performer Manager
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-18 al 2012-12-18 )))))))))))))))))))))))))))))))))))
.
.
2012-12-18 11:13 . 2012-12-18 11:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-12 10:13 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 10:13 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-07 17:16 . 2012-12-07 17:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-07 17:16 . 2012-12-07 17:16 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-12-01 11:04 . 2012-12-15 19:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-01 11:04 . 2012-12-15 19:58 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-11-27 15:00 . 2012-11-27 15:00 -------- d-----w- c:\users\Giuseppe\AppData\Local\Deployment
2012-11-27 13:41 . 2012-11-27 13:41 -------- d-----w- c:\users\Giuseppe\AppData\Local\CRE
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\users\Giuseppe\AppData\Roaming\PerformerSoft
2012-11-27 13:28 . 2012-03-14 14:47 19000 ----a-w- c:\windows\system32\roboot64.exe
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-11-27 13:28 . 2012-11-27 13:28 -------- d-----w- c:\windows\SysWow64\Extensions
2012-11-27 12:55 . 2012-11-27 14:34 -------- d-----w- c:\users\Giuseppe\AppData\Roaming\uTorrent
2012-11-20 20:06 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-20 20:04 . 2012-11-20 20:04 -------- d-----w- c:\program files\iPod
2012-11-20 18:11 . 2012-11-20 18:11 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 21:20 . 2012-11-28 08:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 08:48 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 08:48 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:45 . 2012-12-12 10:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-25 22:39 . 2012-11-14 23:29 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-25 21:55 . 2012-11-14 23:29 78336 ----a-w- c:\windows\SysWow64\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 114560]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-12 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-08-13 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-08-13 465360]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-29 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-07-27 58880]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 15:00]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-27 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360910f115l04e4z105t4552d761
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5732z&r=27360910f115l04e4z105t4552d761
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{173DC93C-7476-469B-91B4-B8737CCA3430}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7D52064F-B8CE-4189-A24E-F8F0E1A262E7}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Giuseppe\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2396759448-1796771247-4007374227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2396759448-1796771247-4007374227-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @DenieD: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @DenieD: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Ora fine scansione: 2012-12-18 12:33:59 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-12-18 11:33
ComboFix2.txt 2012-12-18 10:16
.
Pre-Run: 254.311.276.544 byte disponibili
Post-Run: 254.016.344.064 byte disponibili
.
- - End Of File - - 1C64AA5C5FB326771D22134B93A701B2
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Bene.

Scarica Hijackthis
sul desktop
Tasto destro-> Esegui come amministratore
Clicca su Do a system scan only
Aspetta la scansione
portati in basso e spunta a sinistra le 017 contenenti questi DNS:
176.31.229.24,176.31.229.25
Clicca in basso su Fix checked

Esegui AdwCleaner come descritto qui ->
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
usa direttamente l'opzione elimina , il pc si riavvierà , posta il report che ti appare
 
Solvente

Solvente

Nuovo Utente
13
0
# AdwCleaner v2.101 - Logfile creato il 18/12/2012 alle 13:01:30
# Aggiornamento 16/12/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium (64 bits)
# Utente : Giuseppe - GIUSEPPE-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\Giuseppe\Desktop\adwcleaner.exe
# Opzioni [Elimina]




***** [Servizi] *****




***** [File / Cartelle] *****


Cartella Eliminato : C:\Program Files (x86)\ConduitEngine
Cartella Eliminato : C:\ProgramData\Partner
Cartella Eliminato : C:\Users\Giuseppe\AppData\Local\AskToolbar
Cartella Eliminato : C:\Users\Giuseppe\AppData\Local\Conduit
Cartella Eliminato : C:\Users\Giuseppe\AppData\LocalLow\AskToolbar
Cartella Eliminato : C:\Users\Giuseppe\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Giuseppe\AppData\LocalLow\ConduitEngine
Cartella Eliminato : C:\Users\Giuseppe\AppData\Roaming\Complitly
Cartella Eliminato : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}


***** [Registro] *****


Chiave Eliminata : HKCU\Software\APN
Chiave Eliminata : HKCU\Software\AppDataLow\Software\AskToolbar
Chiave Eliminata : HKCU\Software\AppDataLow\Software\Conduit
Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminata : HKCU\Software\Ask.com
Chiave Eliminata : HKCU\Software\Ask.com.tmp
Chiave Eliminata : HKCU\Software\AskToolbar
Chiave Eliminata : HKCU\Software\Conduit
Chiave Eliminata : HKCU\Software\DataMngr_Toolbar
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\APN
Chiave Eliminata : HKLM\Software\AskToolbar
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Chiave Eliminata : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2530241
Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Valore Eliminata : HKCU\Software\Mozilla\Firefox\Extensions [{dfefbe51-ca52-484b-adf0-6b158b05262d}]
Valore Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]


***** [Browser Internet] *****


-\\ Internet Explorer v9.0.8112.16457


[OK] Registro Pulito.


-\\ Google Chrome v23.0.1271.97


File : C:\Users\Giuseppe\AppData\Local\Google\Chrome\User Data\Default\Preferences


Eliminata [l.8] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2851640",
Eliminata [l.1683] : homepage = "hxxp://search.conduit.com/?SearchSource=10&ctid=CT2851640",


*************************


AdwCleaner[R1].txt - [4873 octets] - [18/12/2012 13:00:38]
AdwCleaner[S1].txt - [4918 octets] - [18/12/2012 13:01:30]


########## EOF - C:\AdwCleaner[S1].txt - [4978 octets] ##########
 
Solvente

Solvente

Nuovo Utente
13
0
Grazie mille!! sarebbe stato impossibile senza consulenza!! come faccio in futuro a evitare gli stessi problemi?? ps gli altri programmi li posso disinstallare su "disinstalla programma"?
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Solvente ha detto:
Grazie mille!! sarebbe stato impossibile senza consulenza!! come faccio in futuro a evitare gli stessi problemi?? ps gli altri programmi li posso disinstallare su "disinstalla programma"?
Clicca per espandere...
Più attenzione a cosa installi , scarichi , se installi un programma per esempio , guarda bene se ti vengono proposti altri tre.
AdwCleaner puoi rimuoverlo trascinandolo nel cestino , poichè è un tool standal-one.
Hijackthis dal pannello di controllo.
 
Devi accedere o registrarti per rispondere qui.

Ci sono discussioni simili a riguardo, dai un'occhiata!

L
PROBLEMA Problemi di avvio software su windows 10
Risposte
6
Visualizzazioni
594
Windows
loregt92
L
Cheeseburger.003
DOMANDA Acquisto di uno smartphone top di gamma (900/1000€)
Risposte
77
Visualizzazioni
8K
Smartphone e Tablet
GraveKeeper
GraveKeeper
Maynard keenan
PROBLEMA Bsod e pc in loop in continuo riavvio
Risposte
12
Visualizzazioni
817
Assemblaggio e Problemi HW
BWD87
BWD87
Luke92s
PROBLEMA Asus N751JK..problema software o hardware?
Risposte
30
Visualizzazioni
2K
Computer Portatili
rtype
rtype

Entra

Hai dimenticato la password?
oppure Accedi utilizzando
Discord Ufficiale Entra ora!

Discussioni Simili