Virus o similari

Ping · Messaggio da **Ping** » dom ago 09, 2015 8:21 pm

Salve,
ieri sera ho provato ad installare un plugin per provarlo, l'installazione non è riuscita ma in compenso me ne ha combinate di tutti i colori!

Mi ha disattivato l'antivirus Hitman pro, mi ha disinstallato il browser predefinito sostituendolo con Opera, mi ha reso tutti gli browser prtaticamente inutilizzabili.

In seguito ho:
- riattivato l'antivirus Hitmanpro;
- reinstallato Firefox;
- disinstallato tutti i programmi sconosciuti ed installati con la data di ieri;
- scansionato il sistema incluso HD, più volte sia con Hitman pro ed anche con KVRT, trovando sempre nuovi virus e malware.

Risultato: la navigazione su internet è divenuta praticamente impossibile, nella maggior parte dei siti, non tutti, compaiono messaggi pubblicitari dappertutto, anche su quelli nei quali non c'era nessun banner, a volte si aprono popup che coprono quasi tutta la pagina e non si riesce a chiuderli, ad ogni tentativo aprono una nuova finestra del browser con altri banner e pubblicità di vario genere.
La navigazione è diventata terribilmente più lenta.

Come posso rimuovere tutta questa schifezza?

Messaggio da **System** » dom ago 09, 2015 8:21 pm

Ping · Messaggio da **Ping** » dom ago 09, 2015 9:01 pm

Usato anche AdwCleaner, allego il file registro:

# AdwCleaner v4.208 - Creato file registro eventi 09/08/2015 in 20:40:39
# Aggiornato 09/07/2015 da Xplode
# Database : 2015-08-01.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Utente - UTENTE-PC
# In esecuzione da : C:\Users\Utente\Downloads\AdwCleaner.exe
# Opzione : Pulizia

***** [ Servizi ] *****

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\FlashBeat
Cartella Eliminato : C:\ProgramData\1900305160058179339
Cartella Eliminato : C:\ProgramData\{90a1f1e8-c6c0-33f5-90a1-1f1e8c6cc7a3}
Cartella Eliminato : C:\Program Files (x86)\Elex-tech
Cartella Eliminato : C:\Program Files (x86)\PriiceLEss
Cartella Eliminato : C:\Users\Utente\AppData\Local\672EF2A0-1439081931-11DA-9C7A-0017319680CE
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Elex-tech
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\Extensions\aOt@gA.net
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\Extensions\K7x5b5zp@w.com
Cartella Eliminato : C:\ProgramData\iamiaigimkmnnfkomhbcehaneegmehkn
File Eliminato : C:\END
File Eliminato : C:\Windows\System32\log\iSafeKrnlCall.log
File Eliminato : C:\Users\Utente\AppData\Roaming\1zlAItRZd77YZCBi
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\user.js

***** [ Attività pianificate ] *****

Attività Eliminato : WordSurfer Auto Updater 1.10.0.19 Pending Update
Attività Eliminato : WordSurfer Auto Updater 1.10.0.19 Core
Attività Eliminato : 1zlAItRZd77YZCBi
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-1-6
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-1-7
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-10_user
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-3
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-4
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-5
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-5_user
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-6
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-7

***** [ Collegamenti ] *****

***** [ Registry ] *****

Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Chiave Eliminato : HKCU\Software\Mozilla\Extends
Valore Eliminato : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Valore Eliminato : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
Chiave Eliminato : HKLM\SOFTWARE\a684a689-27c5-496f-bf6d-8d4ef886dcc7
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Dati Ripristinato : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chiave Eliminato : HKCU\Software\InstalledBrowserExtensions
Chiave Eliminato : HKCU\Software\Appscion
Chiave Eliminato : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Chiave Eliminato : HKCU\Software\Kromtech
Chiave Eliminato : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Chiave Eliminato : HKLM\SOFTWARE\InstalledBrowserExtensions
Chiave Eliminato : HKLM\SOFTWARE\Tutorials
Chiave Eliminato : HKLM\SOFTWARE\Elex-tech
Chiave Eliminato : HKLM\SOFTWARE\FlashBeat
Chiave Eliminato : HKLM\SOFTWARE\AIM Toolbar
Chiave Eliminato : HKLM\SOFTWARE\FFPluginHp
Chiave Eliminato : HKLM\SOFTWARE\searchult
Chiave Eliminato : HKU\.DEFAULT\Software\Elex-tech
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Chiave Eliminato : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Chiave Eliminato : [x64] HKLM\SOFTWARE\FlashBeat
Dati Eliminato : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\FlashBeat32.dll
Dati Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17909

Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v39.0.3 (x86 it)

[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.alias", "istartsurf");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.name", "istartsurf");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.selectedEngine", "mystartsearch");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.HG0ynhRbxFqMnT9w.scode", "(function(){try{if(window.location.href.indexOf(\"rHa8qHw7qHs5qdg9qTs8rHwFpa\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.M7hWnodJmnuOJVln.scode", "(function(){try{if(window.location.href.indexOf(\"rHa8qHw7qHs5qdg9qTs8rHwFpa\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.enable_search1", false);
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v44.0.2403.130

[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1439 ... earchTerms}
[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Homepage] : hxxp://www.mystartsearch.com/?type=hp&ts=14390 ... XXZ4Y1D0D9
[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Startup_URLs] : 53DE3CE5A9C4B0F8190B8E8A2DCF3D1EB49640D79522119B3CBDF8CDC24FB9DD"},"software_reporter":{"prompt_reason":"12B951525BBB163BC9AB0E18F2DA335D9B57D5E41AF561397C595649B8DF9E6F","prompt_seed":"7BF4EFD2CEEF64421FC49E55A648EAAAF19058987C17F28833FBF5D70561739D","prompt_version":"EDF7F02D3C636533E3B3D68C3ED5DAD022F35FC837690D8C91AC6F91818FFC4A"},"sync":{"remaining_rollback_tries":"59C68B6F197EC966DE5D0535CF3CB97C15D7F493F1AAB072302EA787603D36A6"}},"super_mac":"07F65B38C15AD475E05C331FEDEEFF619BD08F4F97AD9779AE6706AC8D65B58D"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.mystartsearch.com/?type=hp&ts=14390 ... XXZ4Y1D0D9

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [9120 byte] - [09/08/2015 20:32:40]
AdwCleaner[S0].txt - [8397 byte] - [09/08/2015 20:40:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8455 byte] ##########

Questo contenuto è nascosto, ma senza JavaScript non puoi gestirlo correttamente. Passa con il mouse sopra a questo testo per visualizzarlo!

# AdwCleaner v4.208 - Creato file registro eventi 09/08/2015 in 20:40:39
# Aggiornato 09/07/2015 da Xplode
# Database : 2015-08-01.1 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x64)
# Nome utente : Utente - UTENTE-PC
# In esecuzione da : C:\Users\Utente\Downloads\AdwCleaner.exe
# Opzione : Pulizia

***** [ Servizi ] *****

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\FlashBeat
Cartella Eliminato : C:\ProgramData\1900305160058179339
Cartella Eliminato : C:\ProgramData\{90a1f1e8-c6c0-33f5-90a1-1f1e8c6cc7a3}
Cartella Eliminato : C:\Program Files (x86)\Elex-tech
Cartella Eliminato : C:\Program Files (x86)\PriiceLEss
Cartella Eliminato : C:\Users\Utente\AppData\Local\672EF2A0-1439081931-11DA-9C7A-0017319680CE
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Elex-tech
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\Extensions\aOt@gA.net
Cartella Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\Extensions\K7x5b5zp@w.com
Cartella Eliminato : C:\ProgramData\iamiaigimkmnnfkomhbcehaneegmehkn
File Eliminato : C:\END
File Eliminato : C:\Windows\System32\log\iSafeKrnlCall.log
File Eliminato : C:\Users\Utente\AppData\Roaming\1zlAItRZd77YZCBi
File Eliminato : C:\Users\Utente\AppData\Roaming\Mozilla\Firefox\Profiles\xzg3fwz6.default-1436449997563\user.js

***** [ Attività pianificate ] *****

Attività Eliminato : WordSurfer Auto Updater 1.10.0.19 Pending Update
Attività Eliminato : WordSurfer Auto Updater 1.10.0.19 Core
Attività Eliminato : 1zlAItRZd77YZCBi
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-1-6
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-1-7
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-10_user
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-3
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-4
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-5
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-5_user
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-6
Attività Eliminato : 22f04bab-3f98-44a1-8a15-39d56039c6e3-7

***** [ Collegamenti ] *****

***** [ Registry ] *****

Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [deskCutv2@gmail.com]
Valore Eliminato : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [defsearchp@gmail.com]
Chiave Eliminato : HKCU\Software\Mozilla\Extends
Valore Eliminato : HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.html\OpenWithProgids [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Valore Eliminato : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Valore Eliminato : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
Chiave Eliminato : HKLM\SOFTWARE\a684a689-27c5-496f-bf6d-8d4ef886dcc7
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminato : HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{A6918429-4197-42E6-A4AC-742073A9BCBB}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{237FDFDB-3722-470E-8BA8-90196DABE967}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminato : [x64] HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Dati Ripristinato : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chiave Eliminato : HKCU\Software\InstalledBrowserExtensions
Chiave Eliminato : HKCU\Software\Appscion
Chiave Eliminato : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Chiave Eliminato : HKCU\Software\Kromtech
Chiave Eliminato : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Chiave Eliminato : HKLM\SOFTWARE\InstalledBrowserExtensions
Chiave Eliminato : HKLM\SOFTWARE\Tutorials
Chiave Eliminato : HKLM\SOFTWARE\Elex-tech
Chiave Eliminato : HKLM\SOFTWARE\FlashBeat
Chiave Eliminato : HKLM\SOFTWARE\AIM Toolbar
Chiave Eliminato : HKLM\SOFTWARE\FFPluginHp
Chiave Eliminato : HKLM\SOFTWARE\searchult
Chiave Eliminato : HKU\.DEFAULT\Software\Elex-tech
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
Chiave Eliminato : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Chiave Eliminato : [x64] HKLM\SOFTWARE\FlashBeat
Dati Eliminato : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\FlashBeat\FlashBeat32.dll
Dati Eliminato : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17909

Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Impostazioni Ripristinato : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v39.0.3 (x86 it)

[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.alias", "istartsurf");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.searchengine.name", "istartsurf");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("browser.search.selectedEngine", "mystartsearch");
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.HG0ynhRbxFqMnT9w.scode", "(function(){try{if(window.location.href.indexOf(\"rHa8qHw7qHs5qdg9qTs8rHwFpa\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.M7hWnodJmnuOJVln.scode", "(function(){try{if(window.location.href.indexOf(\"rHa8qHw7qHs5qdg9qTs8rHwFpa\")>-1){return;}}catch(e){}try{var d=[[\"www.ewoss.com\",\"livewebcams.xyz\"[...]
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.enable_search1", false);
[xzg3fwz6.default-1436449997563\prefs.js] - Linea Eliminato : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v44.0.2403.130

[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Eliminato [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1439 ... earchTerms}
[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Homepage] : hxxp://www.mystartsearch.com/?type=hp&ts=14390 ... XXZ4Y1D0D9
[C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Eliminato [Startup_URLs] : 53DE3CE5A9C4B0F8190B8E8A2DCF3D1EB49640D79522119B3CBDF8CDC24FB9DD"},"software_reporter":{"prompt_reason":"12B951525BBB163BC9AB0E18F2DA335D9B57D5E41AF561397C595649B8DF9E6F","prompt_seed":"7BF4EFD2CEEF64421FC49E55A648EAAAF19058987C17F28833FBF5D70561739D","prompt_version":"EDF7F02D3C636533E3B3D68C3ED5DAD022F35FC837690D8C91AC6F91818FFC4A"},"sync":{"remaining_rollback_tries":"59C68B6F197EC966DE5D0535CF3CB97C15D7F493F1AAB072302EA787603D36A6"}},"super_mac":"07F65B38C15AD475E05C331FEDEEFF619BD08F4F97AD9779AE6706AC8D65B58D"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://www.mystartsearch.com/?type=hp&ts=14390 ... XXZ4Y1D0D9

-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [9120 byte] - [09/08/2015 20:32:40]
AdwCleaner[S0].txt - [8397 byte] - [09/08/2015 20:40:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8455 byte] ##########

Ora la situazione sembra migliorata...

Messaggio da **crazy.cat** » dom ago 09, 2015 9:04 pm

Per completare il controllo fai anche una scansione completa con malwarebytes.

Ping · Messaggio da **Ping** » dom ago 09, 2015 9:12 pm

Ciao crazy.cat, Malwarebytes mi dice: Periodo di prova scaduto

Ping · Messaggio da **Ping** » lun ago 10, 2015 12:31 am

Ecco il report di Malwarebytes:

Risultati: Completata
Elementi analizzati: 358301
Tempo impiegato: 35 min, 21 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 1
Trojan.QQpass, C:\Users\Utente\AppData\Roaming\Cautious Misery\Cautious Misery.exe, 1172, Elimina al riavvio, [1faa5bab5338c571a3c0ad10f30e827e]

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 16
Trojan.QQpass, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Cautious Misery, In quarantena, [1faa5bab5338c571a3c0ad10f30e827e],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OMYQNNDMU1, Elimina al riavvio, [0ebb8086731868ce5ee6c0532bd8659b],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In quarantena, [29a00006f695f0468a08762e5fa53bc5],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07, In quarantena, [6a5f23e32b608aac0c71919f04ff867a],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07-nv, In quarantena, [4188ec1ab1daba7c2b5276baf60da65a],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07-nv-ie, In quarantena, [86439d69b2d97cbac9b40e22f11207f9],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In quarantena, [5f6a33d3dab15ed84d45efb5669efd03],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07, In quarantena, [15b40ff71d6ed561bdc134fccc37ee12],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07-nv, In quarantena, [7752c83e632893a3047ae44c946fe31d],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07-nv-ie, In quarantena, [8f3a0600d6b52d0991ed27097d86738d],

Valori di registro: 4
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In quarantena, [29a00006f695f0468a08762e5fa53bc5]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_it_005010055, In quarantena, [25a43bcbb6d57db9642235f939ca8a76],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_it_021010055, In quarantena, [ddec689e860543f32d59bf6f857e38c8],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In quarantena, [5f6a33d3dab15ed84d45efb5669efd03]

Dati di registro: 3
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2A936476-E3C5-4EFF-B579-386E4DAF021B}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[5475a85e9bf0fa3c1992361960a5b54b]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{73C7D0FA-B284-41C4-A66E-D5D67AC677AE}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[bd0c699dc4c74bebf9b27ad530d5b947]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[07c2f70fc0cb25116d3e81ce50b5dd23]

Cartelle: 5
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV30.07, In quarantena, [ccfd29dd632850e631529683d92a40c0],
PUP.Optional.GlobalUpdate.A, C:\Users\Utente\AppData\Local\Temp\comh.338765, In quarantena, [a425aa5cbad15dd91584d71cd32f9d63],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2\update, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\eWinManProe, In quarantena, [ebdee026c7c482b40acc0111f40f52ae],

File: 27
Trojan.QQpass, C:\Users\Utente\AppData\Roaming\Cautious Misery\Cautious Misery.exe, Elimina al riavvio, [1faa5bab5338c571a3c0ad10f30e827e],
PUP.Optional.WProtectManager.A, C:\ProgramData\2WinManPro2\ProtectWindowsManager.exe, In quarantena, [2b9ec046e9a244f258555e236e97ed13],
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nsr6945.tmp, In quarantena, [6069d531e7a4d75f34a3344ac73e32ce],
PUP.Optional.IStartSurf.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nss61FC.tmp, In quarantena, [8247ad59771486b094ba4f2f59acc937],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\Temp\nsuC10D.tmp, In quarantena, [6564fb0bb4d7d75fd6d94240768ca45c],
PUP.Optional.Amonentize.A, C:\Users\Utente\AppData\Local\Temp\nsv7EFA.tmp, In quarantena, [a227aa5c78135fd7626dfba813ee1fe1],
PUP.Optional.Amonentize.A, C:\Users\Utente\AppData\Local\Temp\nsd1CC4.tmp, In quarantena, [e0e9ff074f3c5fd7725daef5639e32ce],
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nsd59EF.tmp, In quarantena, [d3f62fd7791265d1d9fe146aa362f30d],
PUP.Optional.EORezo, C:\Users\Utente\AppData\Local\Temp\45859125\bgpKQ6kdeGrl7n0.exe, In quarantena, [f6d3a85ef09bac8a9117463ac73e3cc4],
PUP.Optional.Getnow, C:\Users\Utente\AppData\Local\Temp\nsy90D0.tmp\SevenZip-apset.exe, In quarantena, [79507f87c6c5fe38125d122c7095a957],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateBroker.exe, In quarantena, [f7d25fa7cdbe5fd7fa82860908f9629e],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateOnDemand.exe, In quarantena, [3b8e72940b80ef472458a9e6728fd22e],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\goopdate.dll, In quarantena, [20a9de281279c5715527c2cdbc45db25],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\goopdateres_en.dll, In quarantena, [13b6788ebbd05adcdba14946d52c3ac6],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\npglobalupdateUpdate4.dll, In quarantena, [745541c5a8e3fa3c2359bbd436cb0cf4],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\psmachine.dll, In quarantena, [eadf49bd206bc670a4d82966d32e659b],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\psuser.dll, In quarantena, [795035d1b5d636003d3f8d02dd24ce32],
PUP.Optional.CheckOffer, C:\Users\Utente\AppData\Local\Temp\nsg8195.tmp\nsCBHTML5.dll, In quarantena, [1dacd92d7615bf77826c9d08a35e11ef],
PUP.Optional.CheckOffer, C:\Users\Utente\AppData\Local\Temp\nsk2945.tmp\nsCBHTML5.dll, In quarantena, [3f8ae91d6526a39305e9069f966b8080],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\nsi6C58.tmp, In quarantena, [1aaf63a38407c274d3dc7a08b250ed13],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\nsuC10D.tmp, In quarantena, [19b0ee18f79451e5f5ba087a62a0c43c],
PUP.Optional.FlashBeat.A, C:\Windows\System32\Tasks\OMYQNNDMU1, In quarantena, [5a6f21e50a8191a5ec56af64f90ad42c],
PUP.Optional.FlashBeat.A, C:\Windows\Tasks\OMYQNNDMU1.job, In quarantena, [983154b23f4cb97d9aa99d764ab9d12f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV30.07\bgNova.html, In quarantena, [ccfd29dd632850e631529683d92a40c0],
PUP.Optional.Abengine.A, C:\Users\Utente\AppData\Local\Temp\lengine.ini.log, In quarantena, [4d7cbd496b20a88e9d07663c857f31cf],
PUP.Optional.GlobalUpdate.A, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateHelper.msi, In quarantena, [a425aa5cbad15dd91584d71cd32f9d63],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2\updateconf, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],

Settori fisici: 0
(Nessun elemento nocivo rilevato)

(end)

Questo contenuto è nascosto, ma senza JavaScript non puoi gestirlo correttamente. Passa con il mouse sopra a questo testo per visualizzarlo!

Risultati: Completata
Elementi analizzati: 358301
Tempo impiegato: 35 min, 21 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristiche: Attivata
PUP: Attivata
PUM: Attivata

Processi: 1
Trojan.QQpass, C:\Users\Utente\AppData\Roaming\Cautious Misery\Cautious Misery.exe, 1172, Elimina al riavvio, [1faa5bab5338c571a3c0ad10f30e827e]

Moduli: 0
(Nessun elemento nocivo rilevato)

Chiavi di registro: 16
Trojan.QQpass, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Cautious Misery, In quarantena, [1faa5bab5338c571a3c0ad10f30e827e],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, In quarantena, [7752e521f6958da96d01e0f06a985da3],
PUP.Optional.FlashBeat.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OMYQNNDMU1, Elimina al riavvio, [0ebb8086731868ce5ee6c0532bd8659b],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In quarantena, [29a00006f695f0468a08762e5fa53bc5],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07, In quarantena, [6a5f23e32b608aac0c71919f04ff867a],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07-nv, In quarantena, [4188ec1ab1daba7c2b5276baf60da65a],
PUP.Optional.CinemaPlus.A, HKLM\SOFTWARE\WOW6432NODE\CinemaPlus-3.2cV30.07-nv-ie, In quarantena, [86439d69b2d97cbac9b40e22f11207f9],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In quarantena, [5f6a33d3dab15ed84d45efb5669efd03],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07, In quarantena, [15b40ff71d6ed561bdc134fccc37ee12],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07-nv, In quarantena, [7752c83e632893a3047ae44c946fe31d],
PUP.Optional.CinemaPlus.A, HKU\S-1-5-21-2985877507-1090410834-1786142074-1000\SOFTWARE\CinemaPlus-3.2cV30.07-nv-ie, In quarantena, [8f3a0600d6b52d0991ed27097d86738d],

Valori di registro: 4
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In quarantena, [29a00006f695f0468a08762e5fa53bc5]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_it_005010055, In quarantena, [25a43bcbb6d57db9642235f939ca8a76],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_it_021010055, In quarantena, [ddec689e860543f32d59bf6f857e38c8],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In quarantena, [5f6a33d3dab15ed84d45efb5669efd03]

Dati di registro: 3
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2A936476-E3C5-4EFF-B579-386E4DAF021B}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[5475a85e9bf0fa3c1992361960a5b54b]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{73C7D0FA-B284-41C4-A66E-D5D67AC677AE}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[bd0c699dc4c74bebf9b27ad530d5b947]
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}|NameServer, 52.18.92.32,8.8.8.8, Buono: (), Nocivo (52.18.92.32,8.8.8.8),Sostituito,[07c2f70fc0cb25116d3e81ce50b5dd23]

Cartelle: 5
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV30.07, In quarantena, [ccfd29dd632850e631529683d92a40c0],
PUP.Optional.GlobalUpdate.A, C:\Users\Utente\AppData\Local\Temp\comh.338765, In quarantena, [a425aa5cbad15dd91584d71cd32f9d63],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2\update, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\eWinManProe, In quarantena, [ebdee026c7c482b40acc0111f40f52ae],

File: 27
Trojan.QQpass, C:\Users\Utente\AppData\Roaming\Cautious Misery\Cautious Misery.exe, Elimina al riavvio, [1faa5bab5338c571a3c0ad10f30e827e],
PUP.Optional.WProtectManager.A, C:\ProgramData\2WinManPro2\ProtectWindowsManager.exe, In quarantena, [2b9ec046e9a244f258555e236e97ed13],
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nsr6945.tmp, In quarantena, [6069d531e7a4d75f34a3344ac73e32ce],
PUP.Optional.IStartSurf.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nss61FC.tmp, In quarantena, [8247ad59771486b094ba4f2f59acc937],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\Temp\nsuC10D.tmp, In quarantena, [6564fb0bb4d7d75fd6d94240768ca45c],
PUP.Optional.Amonentize.A, C:\Users\Utente\AppData\Local\Temp\nsv7EFA.tmp, In quarantena, [a227aa5c78135fd7626dfba813ee1fe1],
PUP.Optional.Amonentize.A, C:\Users\Utente\AppData\Local\Temp\nsd1CC4.tmp, In quarantena, [e0e9ff074f3c5fd7725daef5639e32ce],
PUP.Optional.MyStartSearch.ShrtCln, C:\Users\Utente\AppData\Local\Temp\nsd59EF.tmp, In quarantena, [d3f62fd7791265d1d9fe146aa362f30d],
PUP.Optional.EORezo, C:\Users\Utente\AppData\Local\Temp\45859125\bgpKQ6kdeGrl7n0.exe, In quarantena, [f6d3a85ef09bac8a9117463ac73e3cc4],
PUP.Optional.Getnow, C:\Users\Utente\AppData\Local\Temp\nsy90D0.tmp\SevenZip-apset.exe, In quarantena, [79507f87c6c5fe38125d122c7095a957],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateBroker.exe, In quarantena, [f7d25fa7cdbe5fd7fa82860908f9629e],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateOnDemand.exe, In quarantena, [3b8e72940b80ef472458a9e6728fd22e],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\goopdate.dll, In quarantena, [20a9de281279c5715527c2cdbc45db25],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\goopdateres_en.dll, In quarantena, [13b6788ebbd05adcdba14946d52c3ac6],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\npglobalupdateUpdate4.dll, In quarantena, [745541c5a8e3fa3c2359bbd436cb0cf4],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\psmachine.dll, In quarantena, [eadf49bd206bc670a4d82966d32e659b],
PUP.Optional.ModGoog, C:\Users\Utente\AppData\Local\Temp\comh.338765\psuser.dll, In quarantena, [795035d1b5d636003d3f8d02dd24ce32],
PUP.Optional.CheckOffer, C:\Users\Utente\AppData\Local\Temp\nsg8195.tmp\nsCBHTML5.dll, In quarantena, [1dacd92d7615bf77826c9d08a35e11ef],
PUP.Optional.CheckOffer, C:\Users\Utente\AppData\Local\Temp\nsk2945.tmp\nsCBHTML5.dll, In quarantena, [3f8ae91d6526a39305e9069f966b8080],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\nsi6C58.tmp, In quarantena, [1aaf63a38407c274d3dc7a08b250ed13],
PUP.Optional.AnyProtect, C:\Users\Utente\AppData\Local\nsuC10D.tmp, In quarantena, [19b0ee18f79451e5f5ba087a62a0c43c],
PUP.Optional.FlashBeat.A, C:\Windows\System32\Tasks\OMYQNNDMU1, In quarantena, [5a6f21e50a8191a5ec56af64f90ad42c],
PUP.Optional.FlashBeat.A, C:\Windows\Tasks\OMYQNNDMU1.job, In quarantena, [983154b23f4cb97d9aa99d764ab9d12f],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CinemaPlus-3.2cV30.07\bgNova.html, In quarantena, [ccfd29dd632850e631529683d92a40c0],
PUP.Optional.Abengine.A, C:\Users\Utente\AppData\Local\Temp\lengine.ini.log, In quarantena, [4d7cbd496b20a88e9d07663c857f31cf],
PUP.Optional.GlobalUpdate.A, C:\Users\Utente\AppData\Local\Temp\comh.338765\globalupdateHelper.msi, In quarantena, [a425aa5cbad15dd91584d71cd32f9d63],
PUP.Optional.ProtectWindowsManager.F, C:\ProgramData\2WinManPro2\updateconf, In quarantena, [6a5f709693f82d098c4a33df2fd4d22e],

Settori fisici: 0
(Nessun elemento nocivo rilevato)

(end)

Ora sembra che tutto sia tornato alla normalità.

Messaggio da **crazy.cat** » lun ago 10, 2015 4:41 am

ricordati di unchecky https://turbolab.it/sicurezza-13/unchec ... derati-303
Meglio prevenire che poi dover curare

Ping · Messaggio da **Ping** » lun ago 10, 2015 1:38 pm

crazy.cat per la segnalazione, ho letto il tuo interessante articolo, quando lo hai scritto parlavi di versione beta, a che punto è ora lo sviluppo?

Nel mio caso dubito che mi sarebbe servito, perchè il programma (supposto plugin) una volta lanciato non ha chiesto nulla, ma ha iniziato le sue installazioni senza nessuna possibilità di fermarlo.

Ora sembra tornato tutto alla normalità.

Cosa ne pensi di una ulteriore controllo con tdsskiller?

Ciao
Ping

Messaggio da **crazy.cat** » lun ago 10, 2015 3:35 pm

Ping ha scritto: crazy.cat per la segnalazione, ho letto il tuo interessante articolo, quando lo hai scritto parlavi di versione beta, a che punto è ora lo sviluppo?

E' pronto e finito, lo ha anche venduto (non mi ricordo più a chi)

Cosa ne pensi di una ulteriore controllo con tdsskiller?

Procedi pure.

Ping · Messaggio da **Ping** » lun ago 10, 2015 10:20 pm

Tdsskiller non ha rilevato nessun problema.

ancora per i suggerimenti.

Ciao
Ping

Christian · Messaggio da **Christian** » mer dic 09, 2015 7:38 pm

Prova anche ad usare in alternativa Xoftspy ( per ultimo ) sempre usato oltre ad adwcleaner e Malwarebytes, anche lui ottimo, mai dato nessun problema

tecniconapoletano · sab dic 12, 2015 12:50 pm

Xoftspy

uhmmmm mai sentito , da provare...

Christian · Messaggio da **Christian** » sab dic 12, 2015 1:35 pm

Provalo...è in commercio da un pò di anni. L'unica pecca che è shareware, non è free. In ogni caso ti segnala le minacce, e puoi entrare nel registro di configurazione ed eliminarle manualmente. Non è il massimo come metodo, però può essere sempre utile.
Facci sapere. Ciao

Messaggio da **System** » sab dic 12, 2015 1:35 pm

TurboLab.it

Virus o similari

Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Virus o similari

Re: Re: Virus o similari