Pagine web indesiderate.Chiuso

Question

Ciao,  

ho un problema da diverso tempo con il pc dell'ufficio, mi si aprono continuamente pagine web indesiderate, ho fatto varie scansioni con alcuni software ma no sono riuscito a risolvere il problema. Di seguito vi riporto alcuni dei link che si aprono:  

cellulare.blinkogold.it/iphone5b/?77tadunit=05b0ebec&programid=3644C57749347&product=game&77tentry=zanhbiphone5b&zan=1&zz=44&capid=1740&zanpid=1691000730015953924

ad.payclick.it/scripts/click.php?a_aid=e0c907c4&a_bid=f50f6a1f&chan=6290

www.incontriadult.com/

it.volkswagen.com/it/models/up.html?tc=oa-up-up_gamma2013-leonardo-intro

www.adozione-actionaid.it/?l=MS03&QUI05

cellulare.blinkogold.it/ricaricacrisi/?77tadunit=3acb730e&programid=3644C57749347&product=game&77tentry=zanricaricacrisi&zan=1&zz=442&capid=296&zanpid=1691023267437380609


Vi sarei molto grato se riusciste ad aiutarmi a risolvere questo problema, visto il disagio che mi crea questo tipo di problema. 

P.S: i popup sono bloccati. 


Grazie anticipatamente per la disponibilità.

n00r · Answer

Ciao,

  Vista e 7: disabilita il controllo account utente (lo riattiverai dopo la disinfezione)
=> https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US

 se Spybot è installato disattiva il Teatimer


* scarica AD-Remover (di C_XX) e salvalo sul desktop http://security-domain.be/download/telech.php?id=3

* Doppio clic sul programma, si installerà automaticamente.
(Vista e 7 clic destro Esegui come amministratore)

* Clic su Scan

* durante la scansione non toccare al PC

* Un report si visualizza alla fine della scansione

* copialo qui

* caso non si apre il report automaticamente, lo trovi in C:\Ad-report.log      
       
 (CTRL+A Per selezionare tutto, CTRL+C per copiare e CTRL+V per incollare)      
       
 Nota : Process.exe viene rilevato da alcuni antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) come RiskTool. non è un virus, questo è solo perché l'utility arresterà alcuni processi come quelli dell'antivirus e firewall durante la scansione.

Rossonero84 · Answer

Grazie per la risposta nOOr, di seguito il report:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 13:34:51 on 17/10/2012, Normal boot

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) 
vecchiom@OLIMPIA-PC (Acer Extensa E470) 
 
============== SEARCH ==============


Folder found: C:\Users\vecchiom\AppData\Roaming\pdfforge

Key found: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key found: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [15.0.1 (it)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\amazon-it.xml (hxxp://www.amazon.it/exec/obidos/external-search/)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\vecchiom\AppData\Roaming\Mozilla\FireFox\Profiles\ae6l142f.default --
Prefs.js - browser.download.dir, C:\Users\vecchiom\Desktop
Prefs.js - browser.download.lastDir, C:\Users\vecchiom\Desktop
Prefs.js - browser.search.selectedEngine, Messenger Plus Smartbar Search
Prefs.js - browser.startup.homepage, www.google.com
Prefs.js - browser.startup.homepage_override.buildID, 20120905151427
Prefs.js - browser.startup.homepage_override.mstone, 15.0.1
Prefs.js - keyword.URL, hxxp://www.searchplusnetwork.com/?sp=faddr&t=a0803&q=

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Start Page - hxxp://www.google.it/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} - "Messenger Plus Smartbar Search" (hxxp://www.searchplusnetwork.com/?q={searchTerms}&sp=faddr&t=a0803)
HKLM_Toolbar|{ae07101b-46d4-4a98-af68-0333ea26e113} (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{89FEE223-3650-4850-9938-72F586D6C7C0} - C:\ProgramData\WebEx\WebEx\500\atinst.exe (Cisco WebEx LLC)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 17/10/2012 13:35:49 (3787 Byte(s)) 

End at: 13:36:25, 17/10/2012 
 
============== E.O.F ==============

n00r · Answer

* apri pannello di controllo / Programmi e disinstalla Messenger Plus Smartbar  (o Community Smartbar)



* Scarica Malwarebytes    

Durante l'installazione controlla che le caselle "Aggiorna", "Avvia" siano spuntate    

una volta aggiornato, il programma si avvia, clic su "impostazioni" e controlla che la casella "chiudi internet explorer durante la rimozione" sia spuntata.    

clic su "Scansione" e spunta "Effettua scansione completa"    

dopo la fine della scansione clic su visualizza risultato    

controlla che tutto sia selezionato quindi "rimuovi gli elementi selezionati"    

se viene chiesto il riavvio del PC accetta    

copia il report.

Rossonero84 · Answer

Ciao nOOr;
ho fatto tutti i passaggi che mi hai detto, ma continuano ad aprirsi le pagine Web, ti riporto il report di Malwarebyte:
Aiutami ti prego.... :(

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.10.17.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
vecchiom :: OLIMPIA-PC [amministratore]

17/10/2012 16:44:34
mbam-log-2012-10-17 (16-44-34).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 353014
Tempo impiegato: 1 ore, 18 minuti, 45 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

n00r · Answer

Scarica AdwCleaner ( d'Xplode ) e salvalo sul desktop.
? Chiudi tutti i programmi
? Clic destro sul programma, quindi esegui come amministratore
? Clic su Search
? Aspetta che finisca la scansione, un report si apre automaticamente, copia il contenuto e postalo qui

Il report è anche salvato sul disco C:\AdwCleaner[R1].txt

Rossonero84 · Answer

Ciao nOOr

ecco il report di AdwCleaner

# AdwCleaner v2.005 - Logfile creato il 18/10/2012 alle 18:14:09
# Aggiornamento 14/10/2012 by Xplode
# Sistema Operativo : Windows 7 Enterprise Service Pack 1 (32 bits)
# Utente : vecchiom - OLIMPIA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\vecchiom\Desktop\adwcleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\extensions\staged
Cartella Trovato : C:\Users\vecchiom\AppData\Roaming\pdfforge

***** [Registro] *****

Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Trovata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Chiave Trovata : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Trovata : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Trovata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Valore Trovata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\ Internet Explorer v9.0.8112.16421

[OK] Registro Pulito.

-\ Mozilla Firefox v15.0.1 (it)

Nome Profilo : default 
File : C:\Users\LiberatoreO\AppData\Roaming\Mozilla\Firefox\Profiles\j1rcm4ed.default\prefs.js

[OK] File Pulito.

Nome Profilo : default 
File : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\prefs.js

Trovata : user_pref("browser.search.selectedEngine", "Messenger Plus Smartbar Search");
Trovata : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=faddr&t=a0803&q=");

*************************

AdwCleaner[R1].txt - [2175 octets] - [18/10/2012 18:14:09]

########## EOF - C:\AdwCleaner[R1].txt - [2235 octets] ##########

n00r · Answer

*Chiudi tutti i programmi 
*Clic destro sul programma, quindi esegui come amministratore 
*Questa volta clic su Delete

aspetta e non toccare al PC

mandaci il report

Rossonero84 · Answer

Ciao nOOr; ho fatto secondo le tue indicazioni, ma persiste il problema. Ecco il report di AdwCleaner:

# AdwCleaner v2.005 - Logfile creato il 18/10/2012 alle 19:21:05
# Aggiornamento 14/10/2012 by Xplode
# Sistema Operativo : Windows 7 Enterprise Service Pack 1 (32 bits)
# Utente : vecchiom - OLIMPIA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\vecchiom\Desktop\adwcleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\extensions\staged
Cartella Eliminato : C:\Users\vecchiom\AppData\Roaming\pdfforge

***** [Registro] *****

Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Chiave Eliminata : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Browser Internet] *****

-\ Internet Explorer v9.0.8112.16421

[OK] Registro Pulito.

-\ Mozilla Firefox v15.0.1 (it)

Nome Profilo : default 
File : C:\Users\LiberatoreO\AppData\Roaming\Mozilla\Firefox\Profiles\j1rcm4ed.default\prefs.js

[OK] File Pulito.

Nome Profilo : default 
File : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\prefs.js

Eliminata : user_pref("browser.search.selectedEngine", "Messenger Plus Smartbar Search");
Eliminata : user_pref("keyword.URL", "hxxp://www.searchplusnetwork.com/?sp=faddr&t=a0803&q=");

*************************

AdwCleaner[R1].txt - [2304 octets] - [18/10/2012 18:14:09]
AdwCleaner[S1].txt - [2263 octets] - [18/10/2012 19:21:05]

########## EOF - C:\AdwCleaner[S1].txt - [2323 octets] ##########

n00r · Answer

buongiorno,

ripeti la scansione con l'opzione "Search" come hai fatto prima e posta il nuovo report

Rossonero84 · Answer

Grazie nOOr; ecco il nuovo report:

# AdwCleaner v2.005 - Logfile creato il 19/10/2012 alle 10:59:13
# Aggiornamento 14/10/2012 by Xplode
# Sistema Operativo : Windows 7 Enterprise Service Pack 1 (32 bits)
# Utente : vecchiom - OLIMPIA-PC
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Users\vecchiom\Desktop\adwcleaner.exe
# Opzioni [Cerca]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Trovato : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\extensions\staged

***** [Registro] *****


***** [Browser Internet] *****

-\ Internet Explorer v9.0.8112.16421

[OK] Registro Pulito.

-\ Mozilla Firefox v15.0.1 (it)

Nome Profilo : default 
File : C:\Users\LiberatoreO\AppData\Roaming\Mozilla\Firefox\Profiles\j1rcm4ed.default\prefs.js

[OK] File Pulito.

Nome Profilo : default 
File : C:\Users\vecchiom\AppData\Roaming\Mozilla\Firefox\Profiles\ae6l142f.default\prefs.js

[OK] File Pulito.

*************************

AdwCleaner[R1].txt - [2304 octets] - [18/10/2012 18:14:09]
AdwCleaner[S1].txt - [2392 octets] - [18/10/2012 19:21:05]
AdwCleaner[R2].txt - [1099 octets] - [19/10/2012 10:59:13]

########## EOF - C:\AdwCleaner[R2].txt - [1159 octets] ##########

n00r · Answer

neanche un piccolo miglioramento !!!

fa una nuova scansione con AD-Remover (primo post)

Rossonero84 · Answer

Grazie per la pazienza nOOr; ecco il report AD-Remover:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 11:50:29 on 19/10/2012, Normal boot

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) 
vecchiom@OLIMPIA-PC (Acer Extensa E470) 
 
============== SEARCH ==============





============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [15.0.1 (it)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\amazon-it.xml (hxxp://www.amazon.it/exec/obidos/external-search/)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\vecchiom\AppData\Roaming\Mozilla\FireFox\Profiles\ae6l142f.default --
Extensions\staged (?)
Prefs.js - browser.download.dir, C:\Users\vecchiom\Desktop
Prefs.js - browser.download.lastDir, C:\Users\vecchiom\Desktop
Prefs.js - browser.startup.homepage, www.google.com
Prefs.js - browser.startup.homepage_override.buildID, 20120905151427
Prefs.js - browser.startup.homepage_override.mstone, 15.0.1

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Start Page - hxxp://www.google.it/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{89FEE223-3650-4850-9938-72F586D6C7C0} - C:\ProgramData\WebEx\WebEx\500\atinst.exe (Cisco WebEx LLC)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 19/10/2012 11:51:01 (3191 Byte(s)) 

End at: 11:51:38, 19/10/2012 
 
============== E.O.F ==============

n00r · Answer

non mi hai risposto c'è un miglioramento ?

riavvia ad-remover e clic su "Clean"
manda il report

Rossonero84 · Answer

nOOr purtroppo continuano ad aprirsi le pagine web... ti invio il report come mi hai richiesto:

============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [15.0.1 (it)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\amazon-it.xml (hxxp://www.amazon.it/exec/obidos/external-search/)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\vecchiom\AppData\Roaming\Mozilla\FireFox\Profiles\ae6l142f.default --
Extensions\staged (?)
Prefs.js - browser.download.dir, C:\Users\vecchiom\Desktop
Prefs.js - browser.download.lastDir, C:\Users\vecchiom\Desktop
Prefs.js - browser.startup.homepage, www.google.com
Prefs.js - browser.startup.homepage_override.buildID, 20120905151427
Prefs.js - browser.startup.homepage_override.mstone, 15.0.1

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Start Page - hxxp://www.google.it/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{89FEE223-3650-4850-9938-72F586D6C7C0} - C:\ProgramData\WebEx\WebEx\500\atinst.exe (Cisco WebEx LLC)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 19/10/2012 11:51:01 (3191 Byte(s)) 

End at: 11:51:38, 19/10/2012 
 
============== E.O.F ==============

n00r · Answer

questo è un report di  "Scan" e non "Clean"

riavvia ad-remover e clic su "Clean"
manda il report

Rossonero84 · Answer

Scusa nOOr, ho fatto confusione:

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 14:01:41 on 19/10/2012, Normal boot

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) 
vecchiom@OLIMPIA-PC (Acer Extensa E470) 
 
============== ACTION(S) ==============



(!) -- Temporary files deleted.




============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [15.0.1 (it)] ****

HKLM_MozillaPlugins\Adobe Reader (x)
HKCU_MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0 (x)
Searchplugins\amazon-it.xml (hxxp://www.amazon.it/exec/obidos/external-search/)
Searchplugins\bing.xml (    hxxp://www.bing.com/search)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\vecchiom\AppData\Roaming\Mozilla\FireFox\Profiles\ae6l142f.default --
Extensions\staged (?)
Prefs.js - browser.download.dir, C:\Users\vecchiom\Desktop
Prefs.js - browser.download.lastDir, C:\Users\vecchiom\Desktop
Prefs.js - browser.startup.homepage, www.google.com
Prefs.js - browser.startup.homepage_override.buildID, 20120905151427
Prefs.js - browser.startup.homepage_override.mstone, 15.0.1

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7} - C:\Program Files\Java\jre7\bin\jp2launcher.exe (Oracle Corporation)
HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Program Files\Java\jre7\bin\javaws.exe (Oracle Corporation)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{89FEE223-3650-4850-9938-72F586D6C7C0} - C:\ProgramData\WebEx\WebEx\500\atinst.exe (Cisco WebEx LLC)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Program Files\Java\jre7\bin\ssvagent.exe (Oracle Corporation)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 19/10/2012 12:50:53 (3752 Byte(s)) 
C:\Ad-Report-CLEAN[2].txt - 19/10/2012 14:01:55 (3614 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 19/10/2012 11:51:01 (3329 Byte(s)) 

End at: 14:02:50, 19/10/2012 
 
============== E.O.F ==============

n00r · Answer

il problema persiste ?

scarica HijackThis  https://sourceforge.net/projects/hjt/

esegui la scansione "Do a system scan a save a logfile"

Rossonero84 · Answer

Ciao nOOr, purtroppo nessun miglioramento, di seguito il report di HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:05:47, on 22/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\lsm\lsm.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32	askhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Users\vecchiom\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=89F3D4EE2FC4485B9349E9B7DD90579D
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.bing.com/?toHttps=1&redig=89F3D4EE2FC4485B9349E9B7DD90579D
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: 172.31.88.11 www.gki.it
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} (RSClientPrint 2005 Class) - http://it1s100.gkitaly.local:5555/Reserved.ReportViewerWebControl.axd?ReportSession=352ha055vwmlccytkht41v55&ControlID=6467898287f842b38d318d9b81c82e64&Culture=1040&UICulture=1040&ReportStack=1&OpType=PrintCab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gkitaly.local
O17 - HKLM\Software\..\Telephony: DomainName = gkitaly.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gkitaly.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gkitaly.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files\lsm\aus.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: lmab_device -   - C:\Windows\system32\LMabcoms.exe
O23 - Service: Login Session Manager (LSM) - MS - C:\Program Files\lsm\lsm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client
trtscan.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\..\BM\TMBMSRV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client	mlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

n00r · Answer

ciao,

le pagine si aprono qualsiasi il browser (internet explorer che firefox) ?

Rossonero84 · Answer

Si nOOr, se ad esempio sto lavorando su Firefox, le pagine si aprono sempre nel browser predefinito, nel mio caso Internet explorer.
Grazie.