schermata bianca Chiuso

Question

Salve a tutti,

ho commesso lo stupido errore di aprire un file zippato che non conoscevo all'interno del quale c'era un video...o almeno cosi credevo. Ho provato a lanciarlo e da qel momento in poi .... prima mi e' apparsa una finestra che mi chiedeva di selezionare da un menu a tendina una web cam ma qualsiasi opzione, mi portava allo stesso risultato..schermata bianca.
Il sistema operativo e' win 7, per evitare di compromettere l'account amministratore opero su un account utente quello ora compromesso. Ho provato ad aprire il task manager ma niente, sebbene con control alt canc mi appare la schemata con le varie opzioni. quindi ho provato in modalita' provv ma se provo ad entrare nell'account compromesso mi si riavvia il sistema da solo impedendomi di fatto qualsiasi cosa. L'account amministratore e altri due account di riserva che avevo creato funzionano regolarmente. come posso risolvere il problema? grazie

l'embrouille 75 · Answer

Ciao,
Ti chiedero di essere patiente,perche hai un po di lavoro da fare !!
La prima cosa tu devi fare una scanzione con ZHP diag per vedere si il PC e infettato.
Segui le instruzione come spiegato qui =>https://it.ccm.net/forum/affich-65906-si-aprono-pagine-web-su-chrome#5
/!\ POSTA IL LINK DEL REPORT QUI /!\
A+
 
Ubuntu 13.04 Firefox 21/ Magela 3 Opera 12.15 
Toujours bien reflechir avant d'agir

vinci72 · Answer

Ciao e grazie per la risposta.
ho seguito tutte le istruzioni e questo e' il link
https://pjjoint.malekal.com/files.php?id=20131104_l5u10h6e12l11

l'embrouille 75 · Answer

Ciao,
Allora,non ho finito di leggere il report,pero tu puoi iniziare a fare la disinfezione
perche il tuo PC a un sacco di adware,PUP ect !!
Ho visto che tu hai Malware bytes gia installato.
Dunque apri Mbam;si e la vecchia versione,segui li instruzioni per installare la nuova,si aggiornera automaticamente,dopo di che,disconnetti internet,disattiva il firewall,l'antivirus,e fa una scansione completa,a la fine una finestra si apri,
clicca su resultati,verifica che tutte le caselle sono spuntate,e clicca su elimina.
Ti chiedi di riavviare il PC accetta .
Un report e generato,riattiva il firewall,l'antivius,riconneti internet,e posta il report qui.
/!\ NON TOCCARE AL PC DURANTE LA SCANZIONE /!\
Fare questo prima,dopo ti rilascio un altro post per continuare
Importante :desinstallare SPY BOT che non serve a niente ( obsoleto)
A+. 
 
Ubuntu 13.04 Firefox 21/ Magela 3 Opera 12.15 
Toujours bien reflechir avant d'agir

l'embrouille 75 · Answer

Ho visto che hai Uniblue a desinstallare ,si Bandoo non ti serve desinstallare le 2 con
https://it.ccm.net/download/scaricare-139-revo-uninstaller leggi le modalita di uso di revo  
Dopo scarica ADW Cleaner=>https://ccm.net/download/download-24088-adwcleaner le applicazione,disattiva il firewall,l'antivirus,apri il programa
clicca su scan,quando lo scan e finito clicca su delete,ti chiede di riavviare il PC
accetta.
Riattiva le tue protezione,e posta il report qui
A+
Ubuntu 13.04 Firefox 21/ Magela 3 Opera 12.15 
Toujours bien reflechir avant d'agir

l'embrouille 75 · Answer

Re,
Quando avrai finito scarica Rogue Killer qui=>https://www.luanagames.com/index.fr.html /!\ SCARICA LA VERSIONE 64 bits/!\
Chiudi tutti programmi,disattiva le protezione,
Apri il programma 
Si una infezione blocca il programma riavvia lo piu volte
Si il problema persiste rinomma lo :winlogon.exe
Lascia il prescan finire quindi clicca su scan
Clicca su rapport per aprirlo e copia/incolla e lo posta qui
A+
 
Ubuntu 13.04 Firefox 21/ Magela 3 Opera 12.15 
Toujours bien reflechir avant d'agir

vinci72 · Answer

ciao e grazie per i tuoi messaggi.
In realta' io sono rimasto allo scan con malware bytes che dopo piu' di 24 ore e' ancora li che fa lo scanning del sistema...... strano. Ci vuole tutto questo tempo? ad ogni modo oggi appena torno a casa se ha finito malware bytes ti mando il report se non ha finito interrompo e seguo gli altri consigli.
Grazie ancora per la tua disponibilita' e per il tuo aiuto.

l'embrouille 75 · Answer

Ciao,
Si e verament strano.
Si non e finito,lascia perdere,riproviamo dopo .
Passa a ADW .
A+

vinci72 · Answer

eccomi. Dunque ho disinstallato Uniblue come da te suggerito ma non ho trovato Bandoo. Di seguito il report di Rogue Killer RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : https://www.adlice.com/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : vincenzo [Admin rights] Mode : Scan -- Date : 11/06/2013 18:21:36 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3261GSYN +++++ --- User --- [MBR] 9313425d98a8ca94e6d8f3224a104367 [BSP] b79f1169df36c417997b7187b5ff5007 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 283848 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581730304 | Size: 21093 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11062013_182136.txt >> Grazie.

l'embrouille 75 · Answer

Ciao,
Ok,
Riavvia Rogue killer,clicca su supprimer e Host Raz 
Posta i 2 report qui
E il report di ADW Cleaner ?????
A+

vinci72 · Answer

ciao ,

qui di seguito il rapporto ADW-
# AdwCleaner v3.011 - Report created 07/11/2013 at 18:51:19
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : vincenzo - VINCENZO-HP
# Running from : C:\Users\vincenzo\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\SearchCore for Browsers
Folder Deleted : C:\Program Files (x86)\SpecialSavings
Folder Deleted : C:\Program Files (x86)\Windows Searchqu Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\vincenzo\AppData\Local\PackageAware
Folder Deleted : C:\Users\vincenzo\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\vincenzo\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\vincenzo\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\vincenzo\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\vincenzo\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\vincenzo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\vincenzo\AppData\Roamingegistry mechanic
Folder Deleted : C:\Users\vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings
Folder Deleted : C:\Users\Antonia\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Antonia\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\vincenzo 2\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\vincenzo 2\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\vincenzo 2\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\vincenzo 2\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\vincenzo 2\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\vincenzo safety\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\vincenzo safety\AppData\LocalLow\Searchqutoolbar
Folder Deleted : C:\Users\vincenzo safety\AppData\LocalLow\Softonic
Folder Deleted : C:\Users\vincenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\vincenzo 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\vincenzo safety\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions
iapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO
Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetimsetup_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_axcrypt_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_axcrypt_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-mp3-cutter-joiner_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-mp3-cutter-joiner_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-mp3-wma-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-mp3-wma-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-youtube-to-mp3-converter_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_free-youtube-to-mp3-converter_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_malwarebytes-anti-malware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_malwarebytes-anti-malware_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_mp3tag_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_mp3tag_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_msn-messenger_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_msn-messenger_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_videospin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_per_videospin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SearchCore for Browsers
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SpecialSavings
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchCore for Browsers
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchCore for Browsers
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 410 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Deleted : [x64] HKLM\SOFTWARE\SearchCore for Browsers
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\datamngr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll

***** [ Browsers ] *****

-\ Internet Explorer v8.0.7600.17267


-\ Google Chrome v30.0.1599.101

[ File : C:\Users\vincenzo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\vincenzo 2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\vincenzo safety\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17874 octets] - [07/11/2013 11:39:48]
AdwCleaner[R1].txt - [17935 octets] - [07/11/2013 18:39:17]
AdwCleaner[S0].txt - [17663 octets] - [07/11/2013 18:51:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17724 octets] ##########

vinci72 · Answer

per quanto riguarda invece Rogue Killer, l'ho riavviato come mi hai indicato tu. Ha fatto il pre scan, Non ho trovo le voci supprimer e Host Raz. dove sono? Tieni conto che la mia versione e' in inglese. Ad ogni modo ho rifatto lo scan e di seguito trovi il report. Nota che mi dice di eliminare tre file che ha selezionato. Immagino che li devo eliminare. Giusto? ecco il report RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : https://www.adlice.com/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : vincenzo [Admin rights] Mode : Scan -- Date : 11/07/2013 19:21:48 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3261GSYN +++++ --- User --- [MBR] 9313425d98a8ca94e6d8f3224a104367 [BSP] b79f1169df36c417997b7187b5ff5007 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 283848 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581730304 | Size: 21093 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11072013_192148.txt >> RKreport[0]_S_11062013_182136.txt

l'embrouille 75 · Answer

Ciao,
Per ADW per me e OK 
rifare un ZHP diag e posta il link qui
A+
 
 
Ubuntu 13.04 Firefox 21/ Magela 3 Opera 12.15 
Toujours bien reflechir avant d'agir

vinci72 · Answer

Ciao,
grazie ancora. Scusami ma non ho capito. Non so cosa e' un ZHP diag.
Per Rogue killer ti dicevo che mi ha segnalato tre file nella cartella "registry" di RK
mi dice di eliminare questi tre file spuntati. Ho dato un'occhiata a questi tre file e sotto la voce  "Value" di RK mi dice "Disable TaskMgr". Potrebbe essere questo il file che mi blocca il task Manager? Li cancello?

Per favore spiegami meglio come ottenere i due rapporti che mi hai chiesto.
Grazie

l'embrouille 75 · Answer

Re,
riavvia rogue killer,fare il scan,quando e finito,sotto il pulsante scan tu trvi il pulsante supprimer clicca e posta i report,
Fare la stessa cosa per Host Raz
A+

vinci72 · Answer

RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : https://www.adlice.com/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : vincenzo [Admin rights] Mode : Remove -- Date : 11/07/2013 19:48:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3261GSYN +++++ --- User --- [MBR] 9313425d98a8ca94e6d8f3224a104367 [BSP] b79f1169df36c417997b7187b5ff5007 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 283848 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581730304 | Size: 21093 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_11072013_194817.txt >> RKreport[0]_S_11062013_182136.txt;RKreport[0]_S_11072013_192148.txt;RKreport[0]_S_11072013_194802.txt

vinci72 · Answer

host raz RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : https://www.adlice.com/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : vincenzo [Admin rights] Mode : HOSTSFix -- Date : 11/07/2013 19:56:26 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ Reset HOSTS: ¤¤¤ 127.0.0.1 localhost Finished : << RKreport[0]_H_11072013_195626.txt >> RKreport[0]_D_11072013_194817.txt;RKreport[0]_S_11062013_182136.txt;RKreport[0]_S_11072013_192148.txt RKreport[0]_S_11072013_194802.txt

l'embrouille 75 · Answer

OK,i report,sono qui.
Riavvia il PC come lo fa sempre, passando per l'account administratore,
e dimmi si funziona normalmente 
Dopo ,si tutto e OK finalisiamo la disinfezione.
A+

Schermata bianca

17 risposte

Discussioni simili