Ciao a tutti. Ieri mi sono trovato, senza averlo richiesto, questo Great Find che non riesco a rimuovere in nessun modo e con nessun programma. Infesta ogni pagina web con 3 banner differenti (destra, in basso e sinistra).
Ieri ho solo aggiornato la versione di Youtube download ma preso dal sito ufficiale e durante l'installazione ho fatto molta attenzione, come sempre, a vedre se c'erano delle spunte da eliminare.
Da windows, è presente nella lista dei programmi installati ma se cerco di disintallarlo dice che probabilmente è già stato disinstallato e si può solo togliere la voce dall'elenco.
Con IObit unistaller sembra che lo disinstalla ma poi è sempre i lista e non va via.

Cmq, riporto quello che ho fatto:
-Prima scansione con Malwarebytes, che ha eliminato:

Chiavi di registro: 1
PUP.Optional.GreatFind.A, HKLM\SOFTWARE\WOW6432NODE\GreatFind, , [d8a516f54b400531098a139b7a8af709],

File: 10
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Roaming\RPEng\638C0A602B464C17BB4D2CB9F30F4368\setup.exe, , [4e2f1fec3b50c76f888c7a124cb91ae6],
PUP.Optional.InstallCore.A, C:\Program Files (x86)\flvplayer_setup\flvplayer_setup.exe, , [413ca16a90fb56e07a7cdfe44ab76f91],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Temp\{10A3075D-183B-4776-B377-F710EDA3FB0F}.dll, , [8df034d79cefc670da3a2e5e62a38d73],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Temp\{7FADA512-1741-4368-9FCD-A11C9BEB973E}.dll, , [c6b728e3296256e046ceb9d3a1648878],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Temp\{D56D84CB-7996-4A72-B92B-43864F6BDE7F}.dll, , [334abe4d4447171f59bb24681ce9d12f],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Temp\{EC7CE83B-D758-4978-8BDF-78ED3FDCB553}.dll, , [ccb139d24e3d47ef868ee6a6d1347a86],
PUP.Optional.InstallCore.A, C:\Windows\Installer\8a4201.msi, , [f18c66a51378a49215e111b206fbeb15],
PUP.Optional.InstallCore.A, C:\Windows\Installer\8a4204.msi, , [a0dd818a4f3cba7ca254685b49b86799],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage, , [a3da5fac711a77bf6829129c7d877789],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage-journal, , [4637b05b6b20d2643a5786285da7c739],

Seconda scansione elimina queste altre 2 voci:

File: 2
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage, , [5c7db8539deef5410d50bfefbe4610f0],
PUP.Optional.GreatFind.A, C:\Users\Fabio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_greatfind-a.akamaihd.net_0.localstorage-journal, , [459421ea8902a88e3c21238b46bef808],


Successiva scansione con JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.7 (08.18.2015:1)
OS: Windows 7 Home Premium x64
Ran by Fabio on 21/08/2015 at 23:47:12,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully deleted: [Service] Service Mgr GreatFind [Reboot required]
Successfully deleted: [Service] Update Mgr GreatFind [Reboot required]



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\SmartDefrag4_Startup
Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Fabio



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1cc2bb80-20ab-43e5-b958-432d72b546ca}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1cc2bb80-20ab-43e5-b958-432d72b546ca}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1cc2bb80-20ab-43e5-b958-432d72b546ca}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\Common Files\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc
Successfully deleted: [Folder] C:\Program Files (x86)\eusing free registry cleaner
Successfully deleted: [Folder] C:\Program Files (x86)\great find
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Fabio\AppData\Roaming\dvdvideosoftiehelpers
Successfully deleted: [Folder] C:\Users\Fabio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\free registry cleaner
Successfully deleted: [Folder] C:\Users\Fabio\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc



~~~ Chrome


[C:\Users\Fabio\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Fabio\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Fabio\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Fabio\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2015 at 23:52:19,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Tra la prima e la seconda scansione con HJT c'erano questi 3 Running processes che poi sono scomparsi:

C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\7\plugin.exe
C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\plugin.exe
C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\12\plugin.exe


IObit Malware Fighter non ha trovato nulla ma le pubblicità continuano a comparire su ogni sito.

Vi prego aiutatemi !!!

Ho scansionato anche con AdwCleaner con questi risultati:

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Fabio\AppData\Roaming\RPEng

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Great Find

***** [ Web browsers ] *****


*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

Speravo fosse tutto risolto invece niente da fare, su ogni pagina web compaiono almeno 3 banner diversi che rendono impossibile la semplice navigazione.
Anche mentre vi sto scrivendo c'è un banner in altro a destra che mi propone degli smartphone

Ciao, cioè devo disinstallare e reinstallare Chrome?

"Senza saper ne leggere ne scrivere" ho disinstallato Chorme, poi in successione... Pulizia registro con CCleaner e scansioni complete con IObit Malware Fighter, Malwarebytes, AdwCleaner e JRT. Infine reinstallazione di Chrome.

Per la cronaca, solo JRT ha trovato ed eliminato delle voci:
~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Uninstaller_SkipUac_Fabio

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Fabio\AppData\Roaming\productdata


Per ora sembra essere sparito. Aggiornerò nei prossmi giorni.
Se ne frattempo hai qualche suggerimento per constatare se è veramente sparito del tutto sono tutto orecchi ;)