Author Topic: Virus ricompare  (Read 8790 times)

0 Members and 1 Guest are viewing this topic.

Offline soio

  • Newbie
  • *
  • Posts: 16
Virus ricompare
« on: July 27, 2014, 06:20:39 PM »
Salve a tutti !

Ho da un po' di tempo a che fare con un trojan che mi reindirizza ogni volta su una pagina.
Fortunatamente avast riesce a bloccarne il caricamento, come si può vedere visualizzato nell'allegato.

Purtroppo però malgrado ho fatto una scansione completa del sistema, il trojan ricompare ogni volta.

Come posso fare per eliminarlo definitivamente ?

p.s. Inoltre questo stesso virus compare su 2 laptop diversi in casa. Senza che i 2 laptop siano stati mai messi in comunicazione in alcun modo!

Sono completamente bloccato perchè la maggior parte delle pagine non le apre più.

Grazie!
« Last Edit: July 27, 2014, 06:57:55 PM by soio »

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: Virus ricompare
« Reply #1 on: July 28, 2014, 08:19:28 AM »
Ciao e benvenuto,
succede con tutti i browser o solo con Chrome?
Prova a controllare se in chrome hai delle estensioni che non ti servono e rimuovile.
Prova anche ad andare in avast ed eseguire il browser cleanup.
Se succede ancora prova a ripristinare chrome
https://support.google.com/chrome/answer/3296214?hl=it
Prova anche ad eseguire scansione completa con mbam free
http://it.malwarebytes.org/mwb-download/?language=it
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #2 on: July 28, 2014, 09:52:47 AM »
Succede con tutti i browser.
Non solo, vengo reindirizzato anche usando diversi laptop.
Inoltre con dispositivi apple le pagine non si aprono, è come se non le caricasse ma senza essere reindirizzato
Inizio a pensare che sia un problema al router.. È possibile ?

Ho già effettuato scansione con avast, spybot, mbam.
Ho disinstallato chrome, levato le estensioni
Ma nulla.

Help!

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: Virus ricompare
« Reply #3 on: July 28, 2014, 10:56:07 AM »
Se anche con dispositivi apple hai problemi di navigazione proverei a fare il reset del router.
Una volta resettato se hai ancora problemi, prova a scaricare combofix, e lo salvi sul deskto
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------------------------------
IMPORTANTE - Disabilita avast e qualsiasi altro antivirus attivo, potrebbe creare problemi!
--------------------------------------------------------------------
Doppio click sul file ComboFix.exe e segui le inidicazioni
Poi posta il log che ha creato sotto C:\ComboFix.txt.
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #4 on: July 28, 2014, 11:42:15 AM »
Ciao Giorgio,

allora ho effettuato il reset del router diverse volte, ma non è cambiato nulla.

All'inizio pensavo fosse un problema della linea telecom, ma il tecnico dopo un'accurtata analisi non ha riscontrato nessun problema.

A quel punto ho iniziato a pensare che il problema fosse legato al mio laptop, ma il non caricamento delle pagine e il reindirizzamento avveniva anche con l'altro laptop di cosa.

Inoltre anche con i dispositivi apple molte applicazioni e pagine non si aprono mentre altre si.

ti riporto il log creato con combofix:

ComboFix 14-07-25.01 - giuseppe 28/07/2014  11:17:44.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.3062.1111 [GMT 2:00]
Eseguito da: C:\Users\giuseppe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\WinRAR\Leggimi.Txt
C:\Program Files (x86)\WinRAR\Leggimi_1a.Txt
C:\Program Files (x86)\WinRAR\Licenza.Txt
C:\Program Files (x86)\WinRAR\NoteTecniche.Txt
C:\Program Files (x86)\WinRAR\Ordin.htm
C:\Program Files (x86)\WinRAR\Ordina.htm
C:\Program Files (x86)\WinRAR\SorgUnRAR.Txt
C:\Windows\wininit.ini


(((((((((((((((((((((((((   Files Creati Da 2014-06-28 al 2014-07-28  )))))))))))))))))))))))))))))))))))


2014-07-28 09:31:51 . 2014-07-28 09:31:51   --------   d-----w-   C:\Users\LogMeInRemoteUser\AppData\Local\temp
2014-07-28 09:31:51 . 2014-07-28 09:31:51   --------   d-----w-   C:\Users\Default\AppData\Local\temp
2014-07-27 16:02:34 . 2014-07-28 09:00:25   75888   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7E86BD-2849-4D90-82F9-73DF6BBB6F93}\offreg.dll
2014-07-22 20:11:09 . 2014-07-02 03:09:06   10924376   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3E7E86BD-2849-4D90-82F9-73DF6BBB6F93}\mpengine.dll
2014-07-20 16:21:47 . 2014-07-20 16:21:47   43152   ----a-w-   C:\Windows\avastSS.scr
2014-07-09 21:15:14 . 2014-06-03 10:02:21   1719296   ----a-w-   C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1389568   ----a-w-   C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1380864   ----a-w-   C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 21:15:14 . 2014-06-03 10:02:18   1354240   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 21:15:13 . 2014-06-03 09:29:47   936960   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 21:15:11 . 2014-06-30 02:09:33   519168   ----a-w-   C:\Windows\system32\aepdu.dll
2014-07-09 21:15:11 . 2014-06-30 02:04:49   424448   ----a-w-   C:\Windows\system32\aeinv.dll
2014-07-09 21:13:59 . 2014-06-19 00:24:12   111616   ----a-w-   C:\Windows\system32\ieetwcollector.exe
2014-07-09 21:12:58 . 2014-06-05 14:26:58   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-07-09 21:12:56 . 2014-06-05 14:25:49   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-06-28 11:46:44 . 2014-06-28 11:46:44   --------   d-----w-   C:\Program Files (x86)\Common Files\Java
2014-06-28 11:45:40 . 2014-06-28 11:45:16   98216   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))

2014-07-20 16:52:24 . 2014-05-13 16:41:45   122584   ----a-w-   C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 16:22:22 . 2011-03-02 16:03:59   427360   ----a-w-   C:\Windows\system32\drivers\aswsp.sys
2014-07-20 16:21:53 . 2014-04-28 16:35:11   92008   ----a-w-   C:\Windows\system32\drivers\aswstm.sys
2014-07-20 16:21:52 . 2014-04-28 16:35:05   29208   ----a-w-   C:\Windows\system32\drivers\aswHwid.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:31   93568   ----a-w-   C:\Windows\system32\drivers\aswRdr2.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:28   224896   ----a-w-   C:\Windows\system32\drivers\aswVmm.sys
2014-07-20 16:21:52 . 2014-04-28 16:25:26   65776   ----a-w-   C:\Windows\system32\drivers\aswRvrt.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:54   1041168   ----a-w-   C:\Windows\system32\drivers\aswsnx.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:53   79184   ----a-w-   C:\Windows\system32\drivers\aswMonFlt.sys
2014-07-20 16:21:52 . 2011-03-02 16:03:53   307344   ----a-w-   C:\Windows\system32\aswBoot.exe
2014-07-14 11:10:23 . 2011-03-04 04:20:38   96441528   ----a-w-   C:\Windows\system32\MRT.exe
2014-05-12 05:26:10 . 2014-05-13 16:41:26   63704   ----a-w-   C:\Windows\system32\drivers\mwac.sys
2014-05-12 05:26:00 . 2014-05-13 16:41:26   91352   ----a-w-   C:\Windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25:56 . 2014-05-13 16:41:25   25816   ----a-w-   C:\Windows\system32\drivers\mbam.sys


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d40c654d-7c51-4eb3-95b2-1e23905c2a2d}]
2010-11-05 01:58:19   297808   ----a-w-   C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   131480   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="C:\Program Files (x86)\MobileWiFi\MobileWiFi" [X]
"Spotify"="C:\Users\giuseppe\AppData\Roaming\Spotify\Spotify.exe" [2014-07-19 14:04:49 6162488]
"Spotify Web Helper"="C:\Users\giuseppe\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-07-19 14:04:48 1178168]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2013-11-14 15:42:42 20584608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 12:40:00 83336]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 19:43:52 59720]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47:42 31016]
"Alcatel Limo ModemListener"="C:\Program Files (x86)\INet\BackgroundService\ModemListener.exe" [2012-03-23 07:25:10 125504]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2013-05-01 01:59:04 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 07:07:58 152392]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 16:57:26 959904]
"KeePass 2 PreLoad"="C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-07-06 07:36:56 2117632]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" [2014-07-20 16:21:42 4086432]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 12:44:30 256896]

C:\Users\giuseppe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-21 35464216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)

R2 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys;C:\Windows\SYSNATIVE\drivers\aswStm.sys

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys

R3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys

R3 huawei_cdcacm;huawei_cdcacm;C:\Windows\system32\DRIVERS\ew_jucdcacm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys

R3 huawei_cdcecm;huawei_cdcecm;C:\Windows\system32\DRIVERS\ew_jucdcecm.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys

R3 huawei_ext_ctrl;huawei_ext_ctrl;C:\Windows\system32\DRIVERS\ew_juextctrl.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe

R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys;C:\Windows\SYSNATIVE\DRIVERS\o2sdx64.sys

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys

R3 WatAdminSvc;Servizio Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe

R3 WinPhlash;WinPhlash;C:\Windows\Temp\BU2S_TE1S_BIOS_Update_3A63(V4.70)\x64\PHLASHNT.SYS;C:\Windows\Temp\BU2S_TE1S_BIOS_Update_3A63(V4.70)\x64\PHLASHNT.SYS

R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;C:\Windows\system32\drivers\WSDScan.sys;C:\Windows\SYSNATIVE\drivers\WSDScan.sys

R4 PirritUpdater;PirritUpdater;C:\Program Files (x86)\Pirrit\AutoUpdater.exe;C:\Program Files (x86)\Pirrit\AutoUpdater.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

S0 aswRvrt;avast! Revert;

S0 aswVmm;avast! VM Monitor;

S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys;C:\Windows\SYSNATIVE\drivers\aswSnx.sys

S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys;C:\Windows\SYSNATIVE\drivers\aswSP.sys

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys

S2 Alcatel Limo Modem Device Helper;Alcatel Limo Modem Device Helper;C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe;C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe

S2 aswHwid;avast! HardwareID;C:\Windows\system32\drivers\aswHwid.sys;C:\Windows\SYSNATIVE\drivers\aswHwid.sys

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys

S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe

S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys;C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

S2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

S2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

S3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys;C:\Windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys

S3 netw5v64;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 64 bit;C:\Windows\system32\DRIVERS\netw5v64.sys;C:\Windows\SYSNATIVE\DRIVERS\netw5v64.sys

S3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys;C:\Windows\SYSNATIVE\DRIVERS\o2mdx64.sys

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS;C:\Windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys;C:\Windows\SYSNATIVE\DRIVERS\yk62x64.sys
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-19 14:12:03   1104200   ----a-w-   C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe

Contenuto della cartella 'Scheduled Tasks'

2014-07-28 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 12:08:08 . 2011-03-13 12:07:59]

2014-07-28 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-13 12:08:08 . 2011-03-13 12:07:59]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-20 16:21:52   634872   ----a-w-   C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04:54   164760   ----a-w-   C:\Users\giuseppe\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 18:30:44 165912]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 18:30:44 385560]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 18:30:44 363544]
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 13:30:38 503864]
"Toshiba TEMPRO"="C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 12:59:18 1050072]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 17:30:00 2710856]
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 16:43:00 767312]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-02 16:56:41 1216808]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files (x86)\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 94.249.192.105 8.8.8.8
FF - ProfilePath - C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00081/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 2a0efc8f000000000000f2cba113257a
FF - user.js: extensions.Softonic.instlDay - 15534
FF - user.js: extensions.Softonic.vrsn - 1.6.4.3
FF - user.js: extensions.Softonic.vrsni - 1.6.4.3
FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.4.323:30:19
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - base
FF - user.js: extensions.Softonic.instlRef - MON00081
FF - user.js: extensions.Softonic.dfltLng - it
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false

- - - - CHIAVI ORFANE RIMOSSE - - - -

URLSearchHooks-{9d1a02c3-7d31-4c4f-ba7e-ccf1cafa1bf5} - (no file)
URLSearchHooks-{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: Virus ricompare
« Reply #5 on: July 28, 2014, 11:59:29 AM »
Ok, hai riavviato il pc?
Hai ancora problemi su questo computer?

ciao
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #6 on: July 28, 2014, 12:05:06 PM »
Si , riavviato.

Niente, stessi problemi.

Ad esempio ora facebook non si apre: This webpage is not available.
Ho aperto Repubblica.it e mi ha reindirizzato come puoi vedere sul file allegato

Altre pagine le apre normalmente.

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: Virus ricompare
« Reply #7 on: July 28, 2014, 12:17:09 PM »
Ok,
scarica AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ sul desktop.

    chiudi tutti i browser e progammi aperti
    apri   AdwCleaner e fai scan
    Dopo la scansione clicca su clean
    Conferma ogni volta con OK
    Il pc verrà riavviato da solo e aprira un file di testo in automatico, posta il file lo puoi trovare anche sotto C:\AdwCleaner[S1].txt
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #8 on: July 28, 2014, 12:38:32 PM »
Fatto, ma niente !

All'avvio di chrome reindirizzamento e questa volta gmail che non si apre.

ecco il log:

# AdwCleaner v3.300 - Rapporto creato 28/07/2014 in 12:30:07
# Aggiornato 27/07/2014 di Xplode
# Sistema operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Nome utente : giuseppe - GIUSEPPE-PC
# In esecuzione da : C:\Users\giuseppe\Desktop\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

  • Servizio Eliminato : PirritUpdater


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\apn
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\Program Files (x86)\DAEMON Tools Toolbar
Cartella Eliminato : C:\Program Files (x86)\Pirrit
Cartella Eliminato : C:\Program Files (x86)\Softonic
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\apn
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\Pirrit Suggestor
Cartella Eliminato : C:\Users\giuseppe\AppData\Local\WinRST
Cartella Eliminato : C:\Users\giuseppe\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\giuseppe\AppData\LocalLow\Softonic
Cartella Eliminato : C:\Users\giuseppe\AppData\Roaming\Pirrit
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\Askcom.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\daemon-search.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\searchplugins\Search_Results.xml
File Eliminato : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\user.js

***** [ Tâches planifiées ] *****


***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chiave Eliminati : HKLM\SOFTWARE\Classes\Conduit.Engine
Chiave Eliminati : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Chiave Eliminati : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\APN_ATU3__RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup (1)_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SweetImSetup (1)_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2851640
Chiave Eliminati : HKLM\SOFTWARE\Classes\Toolbar.CT2863002
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher (1)_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher (1)_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_atube-catcher_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-pdf-to-word-doc-converter_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-pdf-to-word-doc-converter_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_koyote-free-video-converter_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_koyote-free-video-converter_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_sharepod_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_sharepod_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASAPI32
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_utorrent_RASMANCS
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Chiave Eliminati : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valore Eliminati : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Valore Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Chiave Eliminati : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Chiave Eliminati : HKCU\Software\APN PIP
Chiave Eliminati : HKCU\Software\dt soft\daemon tools toolbar
Chiave Eliminati : HKCU\Software\PIP
Chiave Eliminati : HKCU\Software\Softonic
Chiave Eliminati : HKCU\Software\YahooPartnerToolbar
Chiave Eliminati : HKCU\Software\AppDataLow\Software\searchqutoolbar
Chiave Eliminati : HKLM\Software\Conduit
Chiave Eliminati : HKLM\Software\dt soft\daemon tools toolbar
Chiave Eliminati : HKLM\Software\PIP
Chiave Eliminati : HKLM\Software\Pirrit
Chiave Eliminati : HKLM\Software\Softonic
Chiave Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Chiave Eliminati : [x64] HKLM\SOFTWARE\Pirrit

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17207


-\\ Mozilla Firefox v6.0.2 (it)

[ File : C:\Users\giuseppe\AppData\Roaming\Mozilla\Firefox\Profiles\wgzge8al.default\prefs.js ]

Riga eliminata : user_pref("browser.search.defaultengine", "Ask.com");
Riga eliminata : user_pref("browser.search.defaultenginename", "Ask.com");
Riga eliminata : user_pref("browser.search.order.1", "Ask.com");
Riga eliminata : user_pref("extensions.Softonic.dfltlng", "it");
Riga eliminata : user_pref("extensions.Softonic.instlday", "15534");
Riga eliminata : user_pref("extensions.Softonic.instlref", "MON00081");
Riga eliminata : user_pref("extensions.Softonic.prtnrid", "softonic");
Riga eliminata : user_pref("extensions.Softonic.tlbrid", "base");
Riga eliminata : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00081/tb_v1?SearchSource=1&cc=&q=");

-\\ Google Chrome v36.0.1985.125

[ File : C:\Users\giuseppe\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12972 octets] - [28/07/2014 12:27:52]
AdwCleaner[S0].txt - [12727 octets] - [28/07/2014 12:30:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12788 octets] ##########

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #9 on: July 28, 2014, 12:59:53 PM »
p.s. la cosa che veramente non capisco è come mai anche alcune app iphone/ipad a volte non caricano a volte sì.
La stessa mail da iphone a volte non carica altre volte sì.

Non potrebbe essere un virus all'interno del router stesso?

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4115
Re: Virus ricompare
« Reply #10 on: July 28, 2014, 02:10:00 PM »
Non so comuque come vedi il tuo pc è pieno di schifezze... non scaricare mai programmi da softonic!
Prova a scaricare  Farbar Recovery Tool Scan e salvarlo sul desktop.
 http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Nota: È necessario eseguire la versione compatibile con il sistema. Se non siete sicuri di quale versione si applica al sistema scaricare entrambi e cercare di farli funzionare. Solo uno di loro verrà eseguito sul vostro sistema, che sarà la versione giusta.
 

     Tasto destro del mouse per eseguire come amministratore (gli utenti XP fare clic su Esegui dopo il ricevimento del Windows Security Warning - Apri file). Quando si apre lo strumento fare clic su Sì.
     Selezionare addition.txt in fondo
     Premere il pulsante Scan.

     Si prega di allegare entrambi i log generati.
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #11 on: July 28, 2014, 05:06:16 PM »
Sono riuscito ad eseguire solamente farbar64.

devo procedere anche con il FIX ?

ecco i log generati in allegato


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Virus ricompare
« Reply #12 on: July 28, 2014, 06:38:19 PM »
Si potrebbe resettare il router, come esso colpisce due diversi computer nello stesso modo. Sai come fare questo?

Could you reset the router, as it is affecting two different computers in the same way.  Do you know how to do this ?

Offline soio

  • Newbie
  • *
  • Posts: 16
Re: Virus ricompare
« Reply #13 on: July 28, 2014, 06:47:12 PM »
Il router è stato resettato già diverse volte, ma non è cambiato nulla.

Ho sempre questo maledetto trojan che mi reindirizza su qualche pagina, in particolare avviene su i 2 pc di casa.

Inoltre ho pagine che non si caricano o si caricano parzialmente. Questo vale anche per i dispositivi apple che ho a casa, dove molte app non si connettono ad internet altre invece si.

Non capisco se questi 2 problemi sono collegati tra loro, o sono 2 problemi indipendenti

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40631
  • Dragons by Sasha
    • Malware fixes
Re: Virus ricompare
« Reply #14 on: July 28, 2014, 07:05:00 PM »
Questo si verifica solo in Chrome?

Potrebbe eseguire Chrome in modalità in incognito e vedere se succede lo stesso avviso https://support.google.com/chrome/answer/95464?hl=en-GB

Does this only occur in Chrome ?
Could you run Chrome in incognito mode and see if the same alert happens

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

Scarica aswMBR.exe (4,5 mb) sul desktop.

Fare doppio clic il aswMBR.exe per farlo funzionare.

Si può essere offerta la possibilità di utilizzare la virtualizzazione, accettare che

Quando propone di scaricare il database di virus che permettono pure

Clicca il pulsante "Scan" per avviare la scansione






Al termine della scansione clicca Salva log, salvarlo sul desktop e inviare nella risposta successiva