Menu
Precedente Successivo

Pubblicità rompiscatole

Chiuso
strifizzo Posti 4 Data di registrazione domenica 16 febbraio 2014 Stato Membri Ultimo intervento 2 marzo 2014 - 21 feb 2014 alle 20:08
Casamarce Posti 1298 Data di registrazione giovedì 21 novembre 2013 Stato Contribuente Ultimo intervento 7 febbraio 2021 - 3 mar 2014 alle 11:35
Ciao a tutti ho un problema che non riesco a risolvere in nessun modo ...
ogni volta che navigo spesso e volentieri quando clicco per la navigazione internet mi si aprono pagine pubblicitarie che non riesco a eliminare in nessun modo

ho google chrome con l' estensione adblock plus
ho avast come antivirus principale
ho fatto scansioni con Malwarebytes e ho eliminato tutto quello che riteneva nocivo
ho fatto scansioni con kaspersky
scansione con adwcleaner
scansione con otl
e pulizia con ccleaner

non so proprio cosa fare più di così....qualche consiglio
grazie anticipatamente

7 risposte

Risposta 1 / 7
Noureddine Bouzidi Posti 22674 Data di registrazione giovedì 19 marzo 2009 Stato Moderatore Ultimo intervento giovedì 7 gennaio 2021 15.407
24 feb 2014 alle 10:12
Ciao,

=RogueKiller=


* Scarica e salva sul desktop RogueKiller 32bit o Roguekiller 64bit
* Chiudi tutti i programmi aperti
* Scollega le unità USB dal computer prima di eseguire la scansione
* Per Vista o Windows 7 , fa clic destro e seleziona "Esegui come amministratore"
* Per Windows XP , fa doppio clic
* Attendi la fine della scansione preliminare
* Quindi fa clic sul pulsante "Scansiona"
* Attendi finchè la casella "Stato" non mostra "Scansione finita"
* Fa clic su "Elimina"
* Attendi finchè la casella "Stato" non mostra "Eliminazione finita"
* Clicca su "Report" e copia/incolla il contenuto del Notepad nella tua prossima risposta.
* Il Report verrà salvato come "RKreport[1].txt" sul desktop
* Chiudi RogueKiller
0
Risposta 2 / 7
strifizzo Posti 4 Data di registrazione domenica 16 febbraio 2014 Stato Membri Ultimo intervento 2 marzo 2014
26 feb 2014 alle 21:22
non sono riuscito a risolvere il problema ....questo è il report





RogueKiller V8.8.9 [Feb 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://forum.adlice.com/
Website : https://www.adlice.com/roguekiller/
Blog : https://www.adlice.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Utente [Admin rights]
Mode : Remove -- Date : 02/25/2014 20:55:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Le attività pianificate : 0 ¤¤¤

¤¤¤ voci di avvio : 0 ¤¤¤

¤¤¤ I browser Web : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[60] : NtCreateFile @ 0x828514F1 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41178)
[Address] SSDT[64] : NtCreateKey @ 0x827FE168 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB419F8)
[Address] SSDT[122] : NtDeleteFile @ 0x8277FC82 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB4110C)
[Address] SSDT[126] : NtDeleteValueKey @ 0x827BCCEA -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41C7E)
[Address] SSDT[186] : NtOpenFile @ 0x828154E7 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB4124E)
[Address] SSDT[189] : NtOpenKey @ 0x82817790 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41AEA)
[Address] SSDT[194] : NtOpenProcess @ 0x8283012F -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41DF8)
[Address] SSDT[218] : NtQueryDirectoryFile @ 0x828181FF -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB414B4)
[Address] SSDT[301] : NtSetInformationFile @ 0x82808EC5 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB40F46)
[Address] SSDT[324] : NtSetValueKey @ 0x827ED405 -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41B72)
[Address] SSDT[334] : NtTerminateProcess @ 0x8280016B -> HOOKED (C:\Windows\System32\drivers\pcwatch.sys @ 0x8DB41E94)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST320LM001 HN-M320MBB +++++
--- User ---
0
Risposta 3 / 7
l'embrouille 75 Posti 5307 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 749
27 feb 2014 alle 16:29
Ciao,
Proviamo a utilisare COMBOFIX .
Questo programa e molto potente,e deve seguire esattamente le modalita di uso .
La prima cosa da fare e di stampare le modalita qui=> https://www.bleepingcomputer.com/combofix/it/come-usare-combofix
Posta il report qui
0
Risposta 4 / 7
strifizzo
27 feb 2014 alle 22:31
ecco il report ..grazie per l'aiuto ma ancora non mi sembra risolto del tutto


ComboFix 14-02-24.02 - Utente 27/02/2014 21.53.14.1.1 - x86
Microsoft® Windows Vista(TM) Home Basic 6.0.6002.2.1252.39.1040.18.2039.1088 [GMT 1:00]
Eseguito da: c:\users\Utente\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4VQZT6O3\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome.manifest
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\asyncDB.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\background.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\browserAction.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\contextMenu.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\dbManager.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\dom_bg.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\fileManager.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\firefox.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\firefoxNotifications.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\firefoxOmnibox.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\message.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\pageAction.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\request.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\tabs.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\webRequest.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\api\windowsMessagingHandler.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\background.html
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\baseObject.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\browser.xul
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\addressBarChangeObserver.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\console.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\consts.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\delegate.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\extensionDataStore.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\folderIOWrapper.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\httpObserver.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\IDBWrapper.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\installer.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\logFile.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\prefs.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\progressListenerObserver.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\registry.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\reloadObserver.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\reports.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\requestObject.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\searchSettings.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\uninstallObserver.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\updateManager.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\utils.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\core\xhr.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\dialog.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\ffCoreFilesIndex.txt
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\main.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\options.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\options.xul
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\platformVersion.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\chrome\content\search_dialog.xul
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\defaults\preferences\prefs.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\manifest.xml
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins.json
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\1_base.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\1000020_analytics.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\1000025_analyticsFront.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\1000030_mz.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\14_CrossriderUtils.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\17_jQuery.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\177_crossriderDashboard.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\180_bpo_serp_m.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\182_openUrl.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\183_tabsWrapper.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\207_dbWrapper.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\21_debug.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\22_resources.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\28_initializer.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\47_resources_background.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\64_appApiMessage.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\72_appApiValidation.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\78_CrossriderInfo.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\plugins\98_omniCommands.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\userCode\background.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\extensionData\userCode\extension.js
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\install.rdf
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\locale\en-US\translations.dtd
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\button1.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\button2.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\button3.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\button4.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\button5.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\crossrider_statusbar.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\icon128.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\icon16.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\icon24.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\icon48.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\panelarrow-up.png
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\popup.html
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\skin.css
c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\***@***\skin\update.css
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-27 al 2014-02-27 )))))))))))))))))))))))))))))))))))
.
.
2014-02-27 21:08 . 2014-02-27 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-27 20:57 . 2014-02-27 20:57 -------- d-----w- c:\users\Utente\AppData\Local\CrashDumps
2014-02-27 20:28 . 2014-02-27 20:28 -------- d-----w- c:\users\Utente\AppData\Local\HDvid-Codec V9.0
2014-02-27 18:57 . 2014-02-27 18:57 -------- d-----w- c:\users\Utente\AppData\Local\SwvUpdater
2014-02-27 18:54 . 2014-02-27 19:58 -------- d-----w- c:\program files\GrabRez
2014-02-27 18:51 . 2014-02-27 18:52 -------- d-----w- c:\program files\HDvid-Codec V9.0
2014-02-27 18:49 . 2014-02-27 18:58 -------- d-----w- c:\program files\hdvidcodec.com
2014-02-26 18:08 . 2014-02-26 18:08 -------- d-----w- c:\windows\Migration
2014-02-25 18:21 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F29D7E4-0338-486D-A28C-1BAEBCE72EED}\mpengine.dll
2014-02-16 16:35 . 2014-02-16 16:35 -------- d-----w- c:\programdata\Oracle
2014-02-16 16:35 . 2014-02-16 16:35 -------- d-----w- c:\program files\Common Files\Java
2014-02-16 16:34 . 2014-02-16 16:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-02-16 16:33 . 2014-02-16 16:33 -------- d-----w- c:\program files\Java
2014-02-16 14:10 . 2014-02-16 14:10 -------- d-----w- c:\users\Utente\AppData\Roaming\AVAST Software
2014-02-16 14:06 . 2014-02-16 14:06 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-16 14:06 . 2014-02-16 14:06 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-16 14:06 . 2014-02-16 14:06 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-16 14:06 . 2014-02-16 14:06 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-16 14:06 . 2014-02-16 14:06 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-16 14:06 . 2014-02-16 14:06 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-16 14:06 . 2014-02-16 14:06 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-16 14:06 . 2014-02-16 14:06 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-16 14:06 . 2014-02-16 14:06 43152 ----a-w- c:\windows\avastSS.scr
2014-02-16 13:59 . 2014-02-16 13:59 -------- d-----w- c:\program files\AVAST Software
2014-02-14 20:14 . 2014-02-14 20:14 -------- d-----w- c:\program files\iPod
2014-02-14 20:08 . 2014-02-14 20:22 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-14 20:08 . 2014-02-14 20:22 -------- d-----w- c:\program files\iTunes
2014-02-13 17:09 . 2014-02-20 19:45 -------- d-----w- C:\AdwCleaner
2014-02-13 14:44 . 2012-04-08 23:40 79360 ----a-w- c:\windows\system32\ff_vfw.dll
2014-02-13 14:44 . 2014-02-27 18:58 -------- d-----w- c:\program files\ffdshow
2014-02-13 08:50 . 2014-02-13 08:50 -------- d-----w- c:\programdata\Kaspersky Lab
2014-02-12 21:37 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 11:30 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-12 11:30 . 2014-02-12 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-02-11 17:54 . 2014-02-11 17:54 -------- d-----w- c:\program files\CCleaner
2014-02-10 19:38 . 2014-01-08 06:09 19840 ----a-w- c:\windows\system32\drivers\pcwatch.sys
2014-02-10 19:38 . 2014-01-08 06:08 293984 ----a-w- c:\windows\system32\PCProtect.dll
2014-02-10 19:35 . 2014-02-10 19:55 -------- d-----w- c:\program files\HiDefMedia
2014-02-10 19:35 . 2014-02-10 19:40 -------- d-----w- c:\program files\Web Protect
2014-02-08 12:29 . 2014-02-08 12:29 -------- d-----w- c:\programdata\BitDefender
2014-02-08 10:23 . 2014-02-08 10:23 -------- d-----w- c:\program files\Lavasoft
2014-02-08 10:06 . 2014-02-08 10:06 -------- d-----w- c:\users\Utente\AppData\Roaming\Lavasoft
2014-02-04 08:46 . 2014-02-11 07:58 -------- d-----w- c:\program files\a-squared Free
2014-02-03 02:00 . 2014-02-03 02:00 487508 ----a-w- C:\monitor.exe
2014-02-03 02:00 . 2014-02-03 02:00 34244 ----a-w- C:\monitorsvc.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 15:36 . 2013-06-10 07:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-21 15:36 . 2013-06-10 07:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\system32\GPhotos.scr
2013-12-30 07:42 . 2013-12-30 07:42 35272 ----a-w- c:\windows\system32\drivers\aswTap.sys
2013-12-19 13:11 . 2013-12-30 07:33 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-12-18 05:13 . 2013-06-08 15:48 231584 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{11111111-1111-1111-1111-110511131156}]
2014-02-27 18:52 687616 ----a-w- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-bho.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-16 14:04 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Utente\AppData\Roaming\uTorrent\uTorrent.exe" [2014-02-22 1852496]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-11-06 1564528]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-07-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-22 133656]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-11-06 311152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-05 43848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-16 3767096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-13 22:16 1211720 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 15:37]
.
2014-02-27 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Utente\AppData\Local\SwvUpdater\Updater.exe [2014-02-27 18:56]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-13 22:14]
.
2014-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-13 22:14]
.
2014-02-27 c:\windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-chromeinstaller.exe [2014-02-27 18:51]
.
2014-02-27 c:\windows\Tasks\HDvid-Codec V9.0-codedownloader.job
- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-codedownloader.exe [2014-02-27 18:52]
.
2014-02-27 c:\windows\Tasks\HDvid-Codec V9.0-enabler.job
- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-enabler.exe [2014-02-27 18:52]
.
2014-02-27 c:\windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-firefoxinstaller.exe [2014-02-27 18:51]
.
2014-02-27 c:\windows\Tasks\HDvid-Codec V9.0-updater.job
- c:\program files\HDvid-Codec V9.0\HDvid-Codec V9.0-updater.exe [2014-02-27 18:52]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=6E490021004E01BD&affID=128403&tsp=5171
mStart Page = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\PCProtect.dll
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\
FF - prefs.js: keyword.URL -
FF - prefs.js: browser.startup.homepage - hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=6E490021004E01BD&affID=128403&tsp=5171
FF - ExtSQL: 2014-02-08 13:02; {0602868e-3e6e-4d93-81e8-5b2290f620ba}; c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\{0602868e-3e6e-4d93-81e8-5b2290f620ba}
FF - ExtSQL: 2014-02-13 19:43; {42e50651-9669-456e-9081-d5a836274274}; c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\{42e50651-9669-456e-9081-d5a836274274}
FF - ExtSQL: !HIDDEN! 2013-06-10 10:24; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: !HIDDEN! 2013-06-10 19:19; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\eyuhwucx.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\{C9B68337-E93A-44EA-94DC-CB300EC06444}
user_pref(extensions.autoDisableScopes,14);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-pcwatch.sys
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-GrabRez - c:\program files\GrabRez\GrabRezuninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-27 22:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2014-02-27 22:12:00
ComboFix-quarantined-files.txt 2014-02-27 21:11
.
Pre-Run: 45.425.082.368 byte disponibili
Post-Run: 45.638.008.832 byte disponibili
.
- - End Of File - - FC3418BB45ECD408132BC41660A59F40
5C616939100B85E558DA92B899A0FC36
0
Risposta 5 / 7
l'embrouille 75 Posti 5307 Data di registrazione lunedì 4 luglio 2011 Stato Membri Ultimo intervento giovedì 5 luglio 2018 749
28 feb 2014 alle 10:07
Ciao,
Ho letto che sta usando Chrome,nella tua richiesta,anzi che su il report vedo Firefox.
Adesso,prova a pulire i browsers come spiegato qui ;

Se si ha Firefox e/o Chrome installati si deve eliminare anche le estensioni parassiti;
Firefox : Menu Strumenti > Componenti aggiuntivi > Scheda Estensioni
Elimina tutte le estenzione che non serve,o che non ha scaricato .

Per Chrome;
Menu in alto a destra > Strumenti > Estensioni:
Fammi sapere
0
Risposta 6 / 7
strifizzo Posti 4 Data di registrazione domenica 16 febbraio 2014 Stato Membri Ultimo intervento 2 marzo 2014
2 mar 2014 alle 12:53
ciao io di solito uso chrome e firefox mai(lo installato ma lo ho usato raramente)ho fatto la pulizia delle estensioni (ne avevo una che si chiamava cake caffè o qualcosa del genere ...ho tenuto solo adblock ma
il problema non è ancora risolto ...però adesso a volte mi apre un quadratino in basso a destra della pagina o oppure mi si apre una pagina bianca quando clicco un link (penso che siano bianche perchè adblock blocca la pubblicità ma non riesce a ad eliminare queste cose...)
cosa potrei fare???
0
Casamarce Posti 1298 Data di registrazione giovedì 21 novembre 2013 Stato Contribuente Ultimo intervento 7 febbraio 2021 1.040
3 mar 2014 alle 11:35
ciao strifizzo,
queste pagine e pop up si aprono da soli senza sollecitazioni? o quando sei su siti particolari?
ok le pagine ti escono bianche, probabilmente perchè adblock non ti fa vedere le pubblicità che è già una gran cosa...
i quadratini in basso a destra potrebbero essere le informative per l'accettazione dei cookie (sono obbligatorie per legge a tutti quelli che hanno i server in europa).
Per ora adblocker blocca soltanto le pubblicità che sono affisse su nuova pagina, e non su nuova scheda. In pratica se il sito che stai visitando da input di aprire la pagina pubblicitaria su nuova finestra verrà bloccata dal blocker. Se invece viene aperta su nuova scheda la pagina si apre ed è già tanto che la vedi bianca...

Purtroppo molti siti vivono solo di quello quindi è chiaro che cercano sempre nuovi metodi perchè la gente veda la pubblicità.

Occhio che ci sono anche tanti programmi gratuiti che ti rifilano diversa pubblicità (come game booster che è un programma 100% gratuito, ottimo programma ma che ti fa spuntare qualche pubblicità appena inizi a usarlo)
0
Risposta 7 / 7
strifizzo Posti 4 Data di registrazione domenica 16 febbraio 2014 Stato Membri Ultimo intervento 2 marzo 2014
2 mar 2014 alle 12:59
se ti può essere d'aiuto questa è una pagina bianca che mi si apre spesso...

https://mediatraffic.com/
0
Unisciti ALLA COMMUNITY