Avast WEBforum

Non-English Zone => Italiano => Topic started by: soio on July 27, 2014, 06:20:39 PM

Title: Virus ricompare
Post by: soio on July 27, 2014, 06:20:39 PM
Salve a tutti !

Ho da un po' di tempo a che fare con un trojan che mi reindirizza ogni volta su una pagina.
Fortunatamente avast riesce a bloccarne il caricamento, come si può vedere visualizzato nell'allegato.

Purtroppo però malgrado ho fatto una scansione completa del sistema, il trojan ricompare ogni volta.

Come posso fare per eliminarlo definitivamente ?

p.s. Inoltre questo stesso virus compare su 2 laptop diversi in casa. Senza che i 2 laptop siano stati mai messi in comunicazione in alcun modo!

Sono completamente bloccato perchè la maggior parte delle pagine non le apre più.

Grazie!
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 08:19:28 AM
Ciao e benvenuto,
succede con tutti i browser o solo con Chrome?
Prova a controllare se in chrome hai delle estensioni che non ti servono e rimuovile.
Prova anche ad andare in avast ed eseguire il browser cleanup.
Se succede ancora prova a ripristinare chrome
https://support.google.com/chrome/answer/3296214?hl=it
Prova anche ad eseguire scansione completa con mbam free
http://it.malwarebytes.org/mwb-download/?language=it
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 09:52:47 AM
Succede con tutti i browser.
Non solo, vengo reindirizzato anche usando diversi laptop.
Inoltre con dispositivi apple le pagine non si aprono, è come se non le caricasse ma senza essere reindirizzato
Inizio a pensare che sia un problema al router.. È possibile ?

Ho già effettuato scansione con avast, spybot, mbam.
Ho disinstallato chrome, levato le estensioni
Ma nulla.

Help!
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 10:56:07 AM
Se anche con dispositivi apple hai problemi di navigazione proverei a fare il reset del router.
Una volta resettato se hai ancora problemi, prova a scaricare combofix, e lo salvi sul deskto
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------------------------------
IMPORTANTE - Disabilita avast e qualsiasi altro antivirus attivo, potrebbe creare problemi!
--------------------------------------------------------------------
Doppio click sul file ComboFix.exe e segui le inidicazioni
Poi posta il log che ha creato sotto C:\ComboFix.txt.
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 11:42:15 AM
Ciao Giorgio,

allora ho effettuato il reset del router diverse volte, ma non è cambiato nulla.

All'inizio pensavo fosse un problema della linea telecom, ma il tecnico dopo un'accurtata analisi non ha riscontrato nessun problema.

A quel punto ho iniziato a pensare che il problema fosse legato al mio laptop, ma il non caricamento delle pagine e il reindirizzamento avveniva anche con l'altro laptop di cosa.

Inoltre anche con i dispositivi apple molte applicazioni e pagine non si aprono mentre altre si.

ti riporto il log creato con combofix:

ComboFix 14-07-25.01 - giuseppe 28/07/2014  11:17:44.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.3062.1111 [GMT 2:00]
Eseguito da: C:\Users\giuseppe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\WinRAR\Leggimi.Txt
C:\Program Files (x86)\WinRAR\Leggimi_1a.Txt
C:\Program Files (x86)\WinRAR\Licenza.Txt
C:\Program Files (x86)\WinRAR\NoteTecniche.Txt
C:\Program Files (x86)\WinRAR\Ordin.htm
C:\Program Files (x86)\WinRAR\Ordina.htm
C:\Program Files (x86)\WinRAR\SorgUnRAR.Txt
C:\Windows\wininit.ini


(((((((((((((((((((((((((   Files Creati Da 2014-06-28 al 2014-07-28  )))))))))))))))))))))))))))))))))))


2014-07-28 09:31:51 . 2014-07-28 09:31:51   --------   d-----w-   C:\Users\LogMeInRemoteUser\AppData\Local\temp
2014-07-28 09:31:51 . 2014-07-28 09:31:51   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2014-07-27 16:02:34 . 2014-07-28 09:00:25   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7E86BD-2849-4D90-82F9-73DF6BBB6F93}\offreg.dll
2014-07-22 20:11:09 . 2014-07-02 03:09:06   10924376   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7E86BD-2849-4D90-82F9-73DF6BBB6F93}\mpengine.dll
2014-07-20 16:21:47 . 2014-07-20 16:21:47   43152   ----a-w-   C:\Windows\avastSS.scr
2014-07-09 21:15:14 . 2014-06-03 10:02:21   1719296   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1389568   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1380864   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1354240   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 21:15:13 . 2014-06-03 09:29:47   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 21:15:11 . 2014-06-30 02:09:33   519168   ----a-w-   C:\Windows\system32\aepdu.dll
2014-07-09 21:15:11 . 2014-06-30 02:04:49   424448   ----a-w-   C:\Windows\system32\aeinv.dll
2014-07-09 21:13:59 . 2014-06-19 00:24:12   111616   ----a-w-   C:\Windows\system32\ieetwcollector.exe
2014-07-09 21:12:58 . 2014-06-05 14:26:58   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-07-09 21:12:56 . 2014-06-05 14:25:49   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-06-28 11:46:44 . 2014-06-28 11:46:44   --------   d-----w-   C:\Program Files (x86)\Common Files\Java
2014-06-28 11:45:40 . 2014-06-28 11:45:16   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

2014-07-20 16:52:24 . 2014-05-13 16:41:45   122584   ----a-w-   C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 16:22:22 . 2011-03-02 16:03:59   427360   ----a-w-   C:\Windows\system32\drivers\aswsp.sys
2014-07-20 16:21:53 . 2014-04-28 16:35:11   92008   ----a-w-   C:\Windows\system32\drivers\aswstm.sys
2014-07-20 16:21:52 . 2014-04-28 16:35:05   29208   ----a-w-   C:\Windows\system32\drivers\aswHwid.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:31   93568   ----a-w-   C:\Windows\system32\drivers\aswRdr2.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:28   224896   ----a-w-   C:\Windows\system32\drivers\aswVmm.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:26   65776   ----a-w-   C:\Windows\system32\drivers\aswRvrt.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:54   1041168   ----a-w-   C:\Windows\system32\drivers\aswsnx.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:53   79184   ----a-w-   C:\Windows\system32\drivers\aswMonFlt.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:53   307344   ----a-w-   C:\Windows\system32\aswBoot.exe
2014-07-14 11:10:23 . 2011-03-04 04:20:38   96441528   ----a-w-   C:\Windows\system32\MRT.exe
2014-05-12 05:26:10 . 2014-05-13 16:41:26   63704   ----a-w-   C:\Windows\system32\drivers\mwac.sys
2014-05-12 05:26:00 . 2014-05-13 16:41:26   91352   ----a-w-   C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:56 . 2014-05-13 16:41:25   25816   ----a-w-   C:\Windows\system32\drivers\mbam.sys


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
2010-11-05 01:58:19   297808   ----a-w-   C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="C:\Program Files (x86)\MobileWiFi\MobileWiFi" [X]
"Spotify"="C:\Users\giuseppe\AppData\Roaming\Spotify\Spotify.exe" [2014-07-19 14:04:49 6162488]
"Spotify Web Helper"="C:\Users\giuseppe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-19 14:04:48 1178168]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-11-14 15:42:42 20584608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 19:43:52 59720]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]
"Alcatel Limo ModemListener"="C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-23 07:25:10 125504]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 01:59:04 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 07:07:58 152392]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 07:36:56 2117632]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2014-07-20 16:21:42 4086432]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 12:44:30 256896]

C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R2 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys;C:\Windows\SYSNATIVE\drivers\aswStm.sys
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys
R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys
R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys
R3 huawei_cdcecm;huawei_cdcecm;C:\Windows\system32\DRIVERS\ew_jucdcecm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys
R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys
R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys;C:\Windows\SYSNATIVE\DRIVERS\o2sdx64.sys
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys
R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe
R3 WinPhlash;WinPhlash;C:\Windows\Temp\BU2S_TE1S_BIOS_Update_3A63(V4.70)\x64\PHLASHNT.SYS;C:\Windows\Temp\BU2S_TE1S_BIOS_Update_3A63(V4.70)\x64\PHLASHNT.SYS
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;C:\Windows\system32\drivers\WSDScan.sys;C:\Windows\SYSNATIVE\drivers\WSDScan.sys
R4 PirritUpdater;PirritUpdater;C:\Program Files (x86)\Pirrit\AutoUpdater.exe;C:\Program Files (x86)\Pirrit\AutoUpdater.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
S0 aswRvrt;avast! Revert;
S0 aswVmm;avast! VM Monitor;
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys;C:\Windows\SYSNATIVE\drivers\aswSnx.sys
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys;C:\Windows\SYSNATIVE\drivers\aswSP.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys
S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe;C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
S2 aswHwid;avast! HardwareID;C:\Windows\system32\drivers\aswHwid.sys;C:\Windows\SYSNATIVE\drivers\aswHwid.sys
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys
S3 netw5v64;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 64 bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys
S3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys;C:\Windows\SYSNATIVE\DRIVERS\o2mdx64.sys
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 14:12:03   1104200   ----a-w-   C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

Contenuto della cartella 'Scheduled Tasks'

2014-07-28 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 12:08:08 . 2011-03-13 12:07:59]

2014-07-28 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 12:08:08 . 2011-03-13 12:07:59]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-20 16:21:52   634872   ----a-w-   C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 18:30:44 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 18:30:44 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 18:30:44 363544]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 13:30:38 503864]
"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 12:59:18 1050072]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 17:30:00 2710856]
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 16:43:00 767312]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-02 16:56:41 1216808]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 94.249.192.105 8.8.8.8
FF - ProfilePath - C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00081/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 2a0efc8f000000000000f2cba113257a
FF - user.js: extensions.Softonic.instlDay - 15534
FF - user.js: extensions.Softonic.vrsn - 1.6.4.3
FF - user.js: extensions.Softonic.vrsni - 1.6.4.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.323:30:19
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00081
FF - user.js: extensions.Softonic.dfltLng - it
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false

- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{9d1a02c3-7d31-4c4f-ba7e-ccf1cafa1bf5} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 11:59:29 AM
Ok, hai riavviato il pc?
Hai ancora problemi su questo computer?

ciao
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 12:05:06 PM
Si , riavviato.

Niente, stessi problemi.

Ad esempio ora facebook non si apre: This webpage is not available.
Ho aperto Repubblica.it e mi ha reindirizzato come puoi vedere sul file allegato

Altre pagine le apre normalmente.
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 12:17:09 PM
Ok,
scarica AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ sul desktop.

    chiudi tutti i browser e progammi aperti
    apri   AdwCleaner e fai scan
    Dopo la scansione clicca su clean
    Conferma ogni volta con OK
    Il pc verrà riavviato da solo e aprira un file di testo in automatico, posta il file lo puoi trovare anche sotto C:\AdwCleaner[S1].txt
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 12:38:32 PM
Fatto, ma niente !

All'avvio di chrome reindirizzamento e questa volta gmail che non si apre.

ecco il log:

# AdwCleaner v3.300 - Rapporto creato 28/07/2014 in 12:30:07
# Aggiornato 27/07/2014 di Xplode
# Sistema operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Nome utente : giuseppe - GIUSEPPE-PC
# In esecuzione da : C:\Users\giuseppe\Desktop\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****



***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\apn
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\Program Files (x86)\DAEMON Tools Toolbar
Cartella Eliminato : C:\Program Files (x86)\Pirrit
Cartella Eliminato : C:\Program Files (x86)\Softonic
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\apn
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\Pirrit Suggestor
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\WinRST
Cartella Eliminato : C:\Users\giuseppe\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\giuseppe\AppData\LocalLow\Softonic
Cartella Eliminato : C:\Users\giuseppe\AppData\Roaming\Pirrit
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\daemon-search.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\Search_Results.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\user.js

***** [ Tâches planifiées ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminati : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminati : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chiave Eliminati : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup (1)_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup (1)_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2863002
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher (1)_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher (1)_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-pdf-to-word-doc-converter_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-pdf-to-word-doc-converter_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_koyote-free-video-converter_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_koyote-free-video-converter_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_sharepod_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_sharepod_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Valore Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chiave Eliminati : HKCU\Software\APN PIP
Chiave Eliminati : HKCU\Software\dt soft\daemon tools toolbar
Chiave Eliminati : HKCU\Software\PIP
Chiave Eliminati : HKCU\Software\Softonic
Chiave Eliminati : HKCU\Software\YahooPartnerToolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Eliminati : HKLM\Software\Conduit
Chiave Eliminati : HKLM\Software\dt soft\daemon tools toolbar
Chiave Eliminati : HKLM\Software\PIP
Chiave Eliminati : HKLM\Software\Pirrit
Chiave Eliminati : HKLM\Software\Softonic
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Chiave Eliminati : [x64] HKLM\SOFTWARE\Pirrit

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v6.0.2 (it)

[ File : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\prefs.js ]

Riga eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Riga eliminata : user_pref("browser.search.defaultenginename", "Ask.com");
Riga eliminata : user_pref("browser.search.order.1", "Ask.com");
Riga eliminata : user_pref("extensions.Softonic.dfltlng", "it");
Riga eliminata : user_pref("extensions.Softonic.instlday", "15534");
Riga eliminata : user_pref("extensions.Softonic.instlref", "MON00081");
Riga eliminata : user_pref("extensions.Softonic.prtnrid", "softonic");
Riga eliminata : user_pref("extensions.Softonic.tlbrid", "base");
Riga eliminata : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00081/tb_v1?SearchSource=1&cc=&q=");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12972 octets] - [28/07/2014 12:27:52]
AdwCleaner[S0].txt - [12727 octets] - [28/07/2014 12:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12788 octets] ##########
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 12:59:53 PM
p.s. la cosa che veramente non capisco è come mai anche alcune app iphone/ipad a volte non caricano a volte sì.
La stessa mail da iphone a volte non carica altre volte sì.

Non potrebbe essere un virus all'interno del router stesso?
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 02:10:00 PM
Non so comuque come vedi il tuo pc è pieno di schifezze... non scaricare mai programmi da softonic!
Prova a scaricare  Farbar Recovery Tool Scan e salvarlo sul desktop.
 http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Nota: È necessario eseguire la versione compatibile con il sistema. Se non siete sicuri di quale versione si applica al sistema scaricare entrambi e cercare di farli funzionare. Solo uno di loro verrà eseguito sul vostro sistema, che sarà la versione giusta.
 

     Tasto destro del mouse per eseguire come amministratore (gli utenti XP fare clic su Esegui dopo il ricevimento del Windows Security Warning - Apri file). Quando si apre lo strumento fare clic su Sì.
     Selezionare addition.txt in fondo
     Premere il pulsante Scan.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
     Si prega di allegare entrambi i log generati.
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 05:06:16 PM
Sono riuscito ad eseguire solamente farbar64.

devo procedere anche con il FIX ?

ecco i log generati in allegato

Title: Re: Virus ricompare
Post by: essexboy on July 28, 2014, 06:38:19 PM
Si potrebbe resettare il router, come esso colpisce due diversi computer nello stesso modo. Sai come fare questo?

Could you reset the router, as it is affecting two different computers in the same way.  Do you know how to do this ?
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 06:47:12 PM
Il router è stato resettato già diverse volte, ma non è cambiato nulla.

Ho sempre questo maledetto trojan che mi reindirizza su qualche pagina, in particolare avviene su i 2 pc di casa.

Inoltre ho pagine che non si caricano o si caricano parzialmente. Questo vale anche per i dispositivi apple che ho a casa, dove molte app non si connettono ad internet altre invece si.

Non capisco se questi 2 problemi sono collegati tra loro, o sono 2 problemi indipendenti
Title: Re: Virus ricompare
Post by: essexboy on July 28, 2014, 07:05:00 PM
Questo si verifica solo in Chrome?

Potrebbe eseguire Chrome in modalità in incognito e vedere se succede lo stesso avviso https://support.google.com/chrome/answer/95464?hl=en-GB

Does this only occur in Chrome ?
Could you run Chrome in incognito mode and see if the same alert happens

Download aswMBR.exe (http://files.avast.com/files/rootkit-scanner/aswmbr.exe) ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

(https://dl.dropboxusercontent.com/u/73555776/AswMBR%20scan.JPG)


On completion of the scan click save log, save it to your desktop and post in your next reply

Scarica  aswMBR.exe (http://files.avast.com/files/rootkit-scanner/aswmbr.exe) (4,5 mb) sul desktop.

Fare doppio clic il aswMBR.exe per farlo funzionare.

Si può essere offerta la possibilità di utilizzare la virtualizzazione, accettare che

Quando propone di scaricare il database di virus che permettono pure

Clicca il pulsante "Scan" per avviare la scansione


(https://dl.dropboxusercontent.com/u/73555776/AswMBR%20scan.JP)



Al termine della scansione clicca Salva log, salvarlo sul desktop e inviare nella risposta successiva
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 08:24:13 PM
Si verifica anche con altri browser.

Inoltre ho notato che ad ogni avvio di windows viene rilevato il trojan da avast.

Non sono riuscito a completare lo scan con aswMBR in quanto a un certo momento mi dice:" Avast! Antirookit ha smesso di funzionare"
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 08:31:41 PM
ciao,
prova ad eseguire ashmbr da modalità provvisoria (premendo F8 durante il boot del pc)

Riesci a postare la schermata di avast del trojan che trova? Non riesci a fare una scansione all'avvio con avast per cercare di eliminarlo?
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 08:36:06 PM
ok , ora provo ad avviare ashmbr in modalità provvisoria.

In allegato trovi il trojan rilevato da avast.

Come faccio a far eseguire la scansione ad avast all'avvio se lo rileva prima ancora che io riesca ad accedere ad avast ?
Title: Re: Virus ricompare
Post by: giogio on July 28, 2014, 08:41:00 PM
La scansione all'avvio devi programmarla da avast e quindi riavviare il pc. (avast->scansione->scansione all'avvio->avvia)
Scusa se il trojan cmq è quello è sempre il solito.
Prova prima a fare la scansione con ashmbr da provvisoria ed allega il log.
Dopo puoi fare la scansione all'avvio con avast, intanto che aspettiamo una risposta da Essexboy

ciao
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 09:10:08 PM
Anche in modalità provvisoria ashmbr non è riuscito a completare la scansione dando lo stesso avviso
Title: Re: Virus ricompare
Post by: essexboy on July 28, 2014, 09:42:15 PM
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
 
 
(https://dl.dropbox.com/u/73555776/tdss%20report.JPG)
 
Please copy and paste its contents on your next reply.
Title: Re: Virus ricompare
Post by: soio on July 28, 2014, 11:00:22 PM
Ok effettuato... NO threats found.
Title: Re: Virus ricompare
Post by: soio on July 29, 2014, 09:36:37 AM
Effettuato anche la scansione avast all'avvio... ma niente, ancora vengo reindirizzato !

Sono disperato
Title: Re: Virus ricompare
Post by: soio on July 29, 2014, 03:19:06 PM
A quanto sembra dopo aver effettuato l'ennesimo reset del router il problema sembra essere risolto per tutti i pc di casa.

Inoltre anche con i dispositivi Apple le varie app si connettono ad internet senza problemi e tutte le pagine caricano regolarmente .

Questo significa che probabilmente il reindirizzamento era dovuto al router ??
Title: Re: Virus ricompare
Post by: essexboy on July 29, 2014, 03:43:34 PM
Che è un'alta probabilità, avete a reimpostare la password del router?
Come se è venuta da un particolare sito Web che potrebbe accadere di nuovo

That is a high probability, have you reset the password on the router ? 
As if it is coming from a particular website it could happen again
Title: Re: Virus ricompare
Post by: soio on July 29, 2014, 03:51:58 PM
yes i have !

Lets see if it lasts..
Title: Re: Virus ricompare
Post by: essexboy on July 29, 2014, 04:26:46 PM
Subject to no further problems   :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems 

Now the best part of the day ----- Your log now appears clean  :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset  System Restore points:

Click  Start  then Run.
On Windows7 or Vista  you may use  Start Search  field if  Run  is not available.
In the box copy/paste the following command:

ComboFix  /Uninstall

Note that there is a space between "  ComboFix  " and "  /Uninstall  " .

Then click  OK  (or press  Enter ).
Wait for the uninstall process to complete.

Download and run Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)

(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent (http://www.foolishit.com/vb6-projects/cryptoprevent/) install this programme to lock down and prevent crypto ransome ware

(https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG)

Malwarebytes (http://www.malwarebytes.org/mbam-download.php).

Update and run weekly to keep your system clean


It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practices  (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe  :wave: