Scansione con combofix

[dc_gem]

Ciao a tutti...avrei bisogno di una consulenza...ho fatto la scansione con combofix...qualcuno può dirmi se è tutto a posto e posso disinstallarlo?

Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede...

Grazie e vi posto qui il file di log.

Quote:

ComboFix 12-10-12.01 - dc_gem 12/10/2012 17:34:06.2.1 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.39.1040.18.1790.972 [GMT 2:00]
Eseguito da: c:\users\dc_gem\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-09-12 al 2012-10-12 )))))))))))))))))))))))))))))))))))
.
.
2012-10-12 15:48 . 2012-10-12 15:48 -------- d-----w- c:\users\Il Fabius\AppData\Local\temp
2012-10-12 15:48 . 2012-10-12 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-12 09:52 . 2012-10-12 09:52 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D37C7C-8BFD-4841-BCC8-E4A5B6E88276}\offreg.dll
2012-10-12 08:17 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7D37C7C-8BFD-4841-BCC8-E4A5B6E88276}\mpengine.dll
2012-10-10 13:50 . 2012-10-10 14:10 -------- d-----w- c:\users\dc_gem\AppData\Local\Smartbar
2012-10-10 07:54 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 07:54 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 07:54 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 07:54 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 07:54 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 07:54 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 07:54 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-26 08:36 . 2012-09-26 08:36 -------- d-----w- c:\users\dc_gem\AppData\Local\PowerOffer
2012-09-26 08:28 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 18:34 . 2012-04-03 07:24 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:34 . 2011-06-18 15:29 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2011-09-24 10:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 16:00 . 2012-09-04 16:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 16:00 . 2012-06-17 17:04 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-04 16:00 . 2012-02-03 14:53 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 17:16 . 2012-09-12 08:08 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 08:08 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 08:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 08:08 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-13 11:28 . 2011-12-16 14:31 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-13 11:28 . 2011-12-16 14:31 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-02 16:57 . 2012-09-12 08:08 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 08:53 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browser Infrastructure Helper"="c:\users\dc_gem\AppData\Local\Smartbar\Application\Smartbar.exe" [2012-09-02 18800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-04 496184]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-03-03 1300560]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"PLFSetI"="c:\windows\PLFSetI.exe" [2011-05-23 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-04-23 715296]
"AtherosBtStack"="c:\program files\Bluetooth Suite\BtvStack.exe" [2011-01-20 490656]
"AthBtTray"="c:\program files\Bluetooth Suite\AthBtTray.exe" [2011-01-20 302240]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2010-02-05 233472]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-09-24 802304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"MessengerPlusForSkypeService"="c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [2012-01-22 124832]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\users\Il Fabius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-5-11 704032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 15:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OlStatusMon]
2007-06-08 14:59 253952 ----a-w- c:\program files\Olivetti\ANY_WAY\olDvcStatus.exe
.
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 PowerOffer Service;Pos Service;c:\users\dc_gem\AppData\Local\PosService\Pos.exe [x]
R2 ServUpdater;Serv Updater;c:\users\dc_gem\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 bthathfax;Bluetooth Fax Modem;c:\windows\system32\DRIVERS\bthathfax.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 KHCAP;KHCap Packet Driver (KHCAP);c:\windows\system32\drivers\KHCAP.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\McSACore.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files\NetRatingsNetSight\NetSight\meter3\nnfwdk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
S2 NielsenUpdate;Nielsen Update;c:\program files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [x]
S2 olMntrService;Olivetti Monitor Service;c:\program files\Olivetti\ANY_WAY\olMntrService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:34]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-24 15:23]
.
2012-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1000Core.job
- c:\users\dc_gem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1000UA.job
- c:\users\dc_gem\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-25 15:23]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1003Core.job
- c:\users\Il Fabius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 23:39]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3333024740-1975969404-2652747742-1003UA.job
- c:\users\Il Fabius\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 23:39]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=hp&searchtype=hp&t=a0902
mStart Page = hxxp://search.findeer.com
uSearchAssistant = hxxp://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}\14C6963656D27353132313534373: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{82067131-F832-453F-AC68-BDEC6C847672}\D414C4340275946494: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3333024740-1975969404-2652747742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3333024740-1975969404-2652747742-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3333024740-1975969404-2652747742-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5504)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
Ora fine scansione: 2012-10-12 17:51:21
ComboFix-quarantined-files.txt 2012-10-12 15:51
ComboFix2.txt 2012-10-12 14:18
.
Pre-Run: 51.827.994.624 byte disponibili
Post-Run: 51.771.600.896 byte disponibili
.
- - End Of File - - F61ED10F9D1D562748A5345D559507C8

[Chill-Out]

Comincia con l'istallare il SP1 e relativi aggiornamenti, poi allega un log di HiJackThis su uno dei Server Remoti qui indicati http://www.hwupgrade.it/forum/showthread.php?t=1751598

[dc_gem]

Ma ho già il service pack uno...e il pc è sempre aggiornato...vorrei sapere solo se qualcuno mi può dire se è tutto a posto leggendo il log di combofix...

hijack non so cosa sia

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

Ma ho già il service pack uno...e il pc è sempre aggiornato...vorrei sapere solo se qualcuno mi può dire se è tutto a posto leggendo il log di combofix...

Evidentemente no

Quote:

Originariamente inviato da dc_gem

hijack non so cosa sia

http://www.hwupgrade.it/forum/showthread.php?t=937676

[dc_gem]

Nel senso che sono infetto? Cos'ho???

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

Nel senso che sono infetto? Cos'ho???

Quote:

Originariamente inviato da dc_gem

Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede...

Questo

TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25

[dc_gem]

Quote:

Originariamente inviato da Chill-Out

Questo

TCP: Interfaces\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25

E che sarebbe? Ce ne sono parecchie di quelle diciture...

comunque ho letto cos'è hijack..devo fare l'analisi?

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

E che sarebbe? Ce ne sono parecchie di quelle diciture...

comunque ho letto cos'è hijack..devo fare l'analisi?

Si e allega il log

[dc_gem]

Quote:

Originariamente inviato da Chill-Out

Si e allega il log

Mi è uscito questo:

Quote:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:40:23, on 18/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dc_gem\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://feed.plusnetwork.com/?publish...ype=hp&t=a0902
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.plusnetwork.com/?publisher=MessengerPlus&dpid=MessengerPlus&co=IT&userid=409662f8-4d98-4c8a-8464-67788e40dfe0&sp=addr&q={searchTerms}&t=a0902
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MessengerPlusForSkypeService] "C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\dc_gem\AppData\Local\Smartbar\Application\Smartbar.exe startup
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files\Bluetooth Suite\adminservice.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\dc_gem\AppData\Local\PosService\Pos.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\dc_gem\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

--
End of file - 14899 bytes

anche se durante l'esecuzione ho visualizzato questo messaggio a cui ho cliccato ok:

for some reason your system denied write access to the Hosts file. If any hijacked ecc........

[Chill-Out]

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Esegui questo Fix http://support.microsoft.com/kb/972034

successivamente esegui nuovamente HJT, clicca su Do a system scan only, metti il segno di spunta nella casella bianca in corrispondenza delle seguenti voci

Quote:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h00p://feed.plusnetwork.com/?publish...ype=hp&t=a0902
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h00p://search.findeer.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECF9821-945B-4326-9556-835154C6D0CE}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B22381C-CE61-4D1D-9F60-E281BC290988}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E73F0BC-48D3-4A29-9399-8393DF517907}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{570E5F12-C8A4-4713-80EF-6860F4B59BDF}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2B3249-6517-4190-9CFE-509A6BACFD30}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{82067131-F832-453F-AC68-BDEC6C847672}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{BFBDD3A5-CAC9-4C6A-A3DB-31B2BCB67AA9}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB914664-DC75-4F7E-A357-A133BB63B948}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC94C1E8-FBC8-433F-83C7-1CA9E1910CF6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{1588DA34-1E67-401B-8C03-F5C9BB96E42C}: NameServer = 176.31.229.24,176.31.229.25

e clicca su Fix checked

[dc_gem]

Quote:

Originariamente inviato da Chill-Out

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Esegui questo Fix http://support.microsoft.com/kb/972034

successivamente esegui nuovamente HJT, clicca su Do a system scan only, metti il segno di spunta nella casella bianca in corrispondenza delle seguenti voci


e clicca su Fix checked

Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?

[dc_gem]

Quote:

Originariamente inviato da dc_gem

Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?

Se lo eseguo come amministratore non mi esce quel messaggio...posso evitare quel fix?

comunque ok...ho fatto quello che mi hai detto e cliccato su fix checked! Ora?

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

Cosa devo fare quindi? Devo postare il log lì? E perchè?

Un'altra cosa...ma si può sapere qual è il problema del pc allora? A cosa è dovuto?

Se non alleghi il log come faccio a verificare che la procedura è andata a buon fine? Tiro ad indovinare?

Tu stesso ha scritto: "Ad ogni modo su chrome mi si continuano ad aprire pagine pubblicitarie. Non popup...proprio nuove schede..."

Evidentemente hai installato un programma che monitora la navigazione.

Quote:

Originariamente inviato da dc_gem

Se lo eseguo come amministratore non mi esce quel messaggio...posso evitare quel fix?

comunque ok...ho fatto quello che mi hai detto e cliccato su fix checked! Ora?

Il Fix rilasciato dalla stessa Mcrosoft serve a ripristinare il file Hosts predefinito, male non fa. Se hai fatto quello che ho detto, non dovresti più vedere finestre pubblicitarie, allega il log di HJT.

[dc_gem]

Ecco il log:

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

[dc_gem]

Quote:

Originariamente inviato da dc_gem

Ecco il log:

I log vanno allegati in formato testo .txt su uno dei Server remoti qui indicati

http://www.hwupgrade.it/forum/showthread.php?t=1751598

Ah già dimenticavo...comunque le pagine mi si aprono ancora...e poi non ho capito...ma devo registrarmi per caricare su quei server?

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

Ah già dimenticavo...comunque le pagine mi si aprono ancora...e poi non ho capito...ma devo registrarmi per caricare su quei server?

Ovviamente NO!

[dc_gem]

Quote:

Originariamente inviato da Chill-Out

Ovviamente NO!

Sono andato su mediafire (che è l'unico che conoscevo di nome) e mi chiede di registrarmi...sbaglio qualcosa io?

[dc_gem]

Quote:

Originariamente inviato da [Claudio]

Per allegare i report utilizza questo: wikisend (cosi è più semplice).

Grazie mille ecco il log...
hijackthis.log

[Chill-Out]

Quote:

Originariamente inviato da dc_gem

Grazie mille ecco il log...
hijackthis.log

1 Pannello di controllo - Programmi e disinstalla PowerOffer

2 Start - nel box "inizio ricerca" digita services.msc e batti invio

individua i seguenti servizi:

ServUpdater
PowerOffer Service

doppio click e modifica il Tipo di avvio in disabilitato per entrambi.

[dc_gem]

Quote:

Originariamente inviato da Chill-Out

1 Pannello di controllo - Programmi e disinstalla PowerOffer

2 Start - nel box "inizio ricerca" digita services.msc e batti invio

individua i seguenti servizi:

ServUpdater
PowerOffer Service

doppio click e modifica il Tipo di avvio in disabilitato per entrambi.

ServUpdater cos'è? Comunque maledetto power offer...non mi ero accorto si fosse installato...
comunque il servizio power offer non c'è...(ho disinstallato power offer però)