@Bagio09:
Vai nella chiavetta d
ove hai scaricato FRST, ed elimina il file di testo (log) chiamato
Fixlog.txt.
Poi elimina anche il file di testo (log)
della prima scansione chiamato
FRST.txt1
In pratica mantieni nella chiavetta
SOLO il file
dell'ultima scansione che hai eseguito con
FRST.
Sono stato chiaro?
Poi:
scarica questo file sulla chiavetta: (
dove si trova FRST)
Wikisend: free file sharing service
Avvia FRST e clicca su
FIX.
Attendi la fine della scansione.
Posta il file fixlog.txt.
- - - Updated - - -
@Milrim
Avvia OTL.
Sotto "
Custom Scans\Fixes" copia-incolla questo codice:
Codice:
:OTL
SRV - [2014/05/17 03:59:15 | 000,265,728 | ---- | M] () [Auto] -- C:\DOCUME~1\ALLUSE~1\DATIAP~1\2992199F9A\t7y3clrfcl.cpp -- (winmgmt)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ocr@babylon.com: C:\Programmi\Babylon\Babylon-Pro\Utils\ocr@babylon.com
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\lcfrlc3y7t.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O33 - MountPoints2\{0c29a1b4-5b2b-11e2-82b9-000c6efd4dc6}\Shell\AutoRun\command - "" = F:\lICYGe.Exe
O33 - MountPoints2\{0c29a1b4-5b2b-11e2-82b9-000c6efd4dc6}\Shell\OpEn\COmMAND - "" = F:\licYge.ExE
O33 - MountPoints2\{630a677e-2e6c-11e3-85e3-000c6efd4dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{630a677e-2e6c-11e3-85e3-000c6efd4dc6}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O33 - MountPoints2\{8f28ecc5-0886-11e2-8163-000c6efd4dc6}\Shell\AutoRun\command - "" = F:\lICYGe.Exe
O33 - MountPoints2\{8f28ecc5-0886-11e2-8163-000c6efd4dc6}\Shell\OpEn\COmMAND - "" = F:\licYge.ExE
O33 - MountPoints2\{a57db396-4bba-11e0-bb46-000c6efd4dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{a57db396-4bba-11e0-bb46-000c6efd4dc6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a57db397-4bba-11e0-bb46-000c6efd4dc6}\Shell - "" = AutoRun
O33 - MountPoints2\{a57db397-4bba-11e0-bb46-000c6efd4dc6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{cee1f9df-6000-11e2-82cc-000c6efd4dc6}\Shell\AutoRun\command - "" = G:\lICYGe.Exe
O33 - MountPoints2\{cee1f9df-6000-11e2-82cc-000c6efd4dc6}\Shell\OpEn\COmMAND - "" = G:\licYge.ExE
O33 - MountPoints2\{eed1e3c3-fe4c-11d5-b9f9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{eed1e3c3-fe4c-11d5-b9f9-806d6172696f}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
[2014/05/17 03:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
[2014/05/17 04:00:04 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\lcfrlc3y7t.lnk
:Files
C:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
ipconfig /flushdns /c
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]
Clicca sul pulsante
RUN FIX.
Lascia fare la scansione senza interferire.
Poi consiglio una scansione con Malwarebytes.
- - - Updated - - -
@ocrim10
Avvia OTL.
Sotto "
Custom Scans\Fixes" copia-incolla questo codice:
Codice:
:OTL
SRV - (MsMpSvc) -- C:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
IE - HKU\S-1-5-21-3836835847-821659138-712518676-1000\..\SearchScopes\E8AD5464E3304EF7B3F96D5BDA2740E2: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=518&src=ie2&r=2013/03/12&hid=490861736&lg=EN&cc=IT
:Files
ipconfig /flushdns /c
:commands
[purity]
[emptytemp]
[Emptyjava]
[RESETHOSTS]
[EMPTYFLASH]
[start explorer]
[Reboot]
Clicca sul pulsante
RUN FIX.
Lascia fare la scansione senza interferire.
Posta il log
ogni volta che pulisco con ccleaner, quando lo riapro mi dice "il file delle preferenze è danneggiato o non valido.
Anche OTL mi segnala quella anomalia.
A mio avviso, non hai disinstallato Chrome correttamente. (hai fatto un ripristino, invece di una disinstallazione? )