Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Segnalazione di Malware Opzioni
patton
Inviato: Monday, October 03, 2016 10:38:29 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Quando effettuo una scansione con Malwarebyte-Anti-amalware mi segnala di eliminare questo file del registro che ritiene dannoso.

PUP.Optional.Findeer, HKU\S-1-5-21-1325128400-1604153959-3325778852-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030, Buono: (www.google.com), Nocivo (http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030),,[d497fa9a1288ea4cdc2105ee3ec6a35d]

Io lo rimuovo ma ad ogni altra scansione si presenta come elemento malware.Ho provato con Adcleaner ma non si elimina.
Un ipotesi sulla provenienza di questo malware potrebbe essere l'applicazione Fremake video convert ma non ne sono sicuro.
Qualche suggerimento.
Grazie
Sponsor
Inviato: Monday, October 03, 2016 10:38:29 AM

 
cbbusto
Inviato: Monday, October 03, 2016 11:07:55 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
search.findeer non è proprio un virus ma è uno dei tanti dirottatori che ti indirizzano verso siti sconosciuti e ti modificano anche le impostazioni dei browser, es. la pagina iniziale.
Se non lo trovi fra i programmi installati devi controllare nel browser che usi, a quanto pare riguarda Internet Explorer, controlla in Strumenti>Opzioni Internet se la pagina iniziale è stata modificata e la elimini mettendo la tua preferita e cliccando sul pulsante pagina predefinita, poi vai in gestione componenti aggiuntivi scegli>Barre degli strumenti e estensioni vai in Provider di ricerca ed elimina i motori che non conosci, ti consiglio di lasciare solo Google, più o meno è la stessa cosa se usi altri Browser.
Questi Adware solitamente si installano con programmi gratuiti perchè non si controlla bene se ci sono caselle spuntate che installano altri sw indesiderati.
Se appare ancora posta un log di HijackThis che vediamo cosa c'è nel pc. Ciao
patton
Inviato: Monday, October 03, 2016 9:41:30 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Continua ad essere presente.T invio il log di HijackThis:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:25:55, on 03/10/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)

FIREFOX: 49.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Softland\FBackup 6\bTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Users\utente\Desktop\Utility\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files\Softland\FBackup 6\bTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.redshift.maris.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Windows (R) Win 7 DDK provider - C:\Windows\system32\DbxSvc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: FBackup 6 Service (FBackup6Srv) - Softland - C:\Program Files\Softland\FBackup 6\bService.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UltraZip Service (uzsvc) - Unknown owner - C:\Program Files\UltraZip\uzsvc.exe
O23 - Service: UltraZip Updater (uzupd) - Unknown owner - C:\Program Files\UltraZip\uzupd.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

--
End of file - 9205 bytes
cbbusto
Inviato: Monday, October 03, 2016 10:29:07 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
SearchFinder è presente in Internet Explorer come pagina iniziale, non mi hai detto se hai fatto quello che ti ho consigliato per I.E, togli la pagina iniziale che c'è e lascia in bianco ed elimina tutti i motori di ricerca lascia solo Google, magari lo hai fatto ma non hai detto niente.
Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta seleziona clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......basterebbe solo l'antivirus.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519 CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g= 55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIM PeerManager] "C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe"
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files\Softland\FBackup 6\bTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
Occorre pulire il registro, per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro, io lo uso da anni e non mi è mai capitato di ripristinare.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Dimmi quante voci ha trovato.
Fammi sapere se il rompiscatole è sparito. Ciao


patton
Inviato: Tuesday, October 04, 2016 9:40:20 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ho eliminato la pagina iniziale di IE.Ho lanciato di nuovo HijackThis.Non ho trovato la famigerata riga R0 incriminata .Ho eliminato le righe 04 da Te segnalate .Ho scaricato il pulitore del registro da Te consigliato Questo ha trovato 49 voci da pulire.
Penso che il problema sia risolto.Ti ringrazio.
Nel caso il rompiscatole dovrebbe presentarsi chiederò nuovamente la tua collaborazione.
Ciao
patton
Inviato: Wednesday, October 05, 2016 3:45:34 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Per cbbusto.
Lo hijacker si è presentato di nuovo. Ho verificato IE e non è presente lo Hijacker in questione.Per esaminare meglio il problema ti invio il log Hth dove non è segnalato la presenza del rompiscatole.Diciamo HTH Pulito Inoltre un altro log con la presenza
HTH PULITO
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 22:03:10, on 04/10/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)

FIREFOX: 49.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\Plumbytes.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Glarysoft\Update Detector 5\UpdateDetector.exe
C:\Users\utente\Desktop\Utility\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files\Softland\FBackup 6\bTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.redshift.maris.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Windows (R) Win 7 DDK provider - C:\Windows\system32\DbxSvc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: FBackup 6 Service (FBackup6Srv) - Softland - C:\Program Files\Softland\FBackup 6\bService.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: AMW Service (pbamw_service) - PLUMBYTES - C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UltraZip Service (uzsvc) - Unknown owner - C:\Program Files\UltraZip\uzsvc.exe
O23 - Service: UltraZip Updater (uzupd) - Unknown owner - C:\Program Files\UltraZip\uzupd.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

--
End of file - 7603 bytes
HTH CON LA PRESENZA

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:02:25, on 05/10/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18450)

FIREFOX: 49.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\McAfee\Real Protect\RealProtect.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Softland\FBackup 6\bTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\utente\Desktop\Utility\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [RealProtect] "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files\Softland\FBackup 6\bTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.redshift.maris.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Servizio Aggiornamento Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Windows (R) Win 7 DDK provider - C:\Windows\system32\DbxSvc.exe
O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: FBackup 6 Service (FBackup6Srv) - Softland - C:\Program Files\Softland\FBackup 6\bService.exe
O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\Program Files\HiSuite\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: AMW Service (pbamw_service) - PLUMBYTES - C:\Program Files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
O23 - Service: RIM MDNS - Apple Inc. - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe
O23 - Service: BlackBerry Link Communication Manager (RIM Tunnel Service) - BlackBerry Limited - C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UltraZip Service (uzsvc) - Unknown owner - C:\Program Files\UltraZip\uzsvc.exe
O23 - Service: UltraZip Updater (uzupd) - Unknown owner - C:\Program Files\UltraZip\uzupd.exe
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files\Wise\Wise Care 365\BootTime.exe

--
End of file - 7944 bytes

PS Ho notato che il fix checked di HTH a volte funziona e qulche volta no.
cbbusto
Inviato: Wednesday, October 05, 2016 10:11:47 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il fixchecked dovrebbe funzionare sempre.
Era tutto a posto poi si è ripresentato search.findeer c'è qualcosa in più che hai aggiunto.
Dall'ultimo log vedo un programma che prima non c'era: C:\Program Files\McAfee\Real Protect\RealProtect.exe non capisco perchè lo hai installato, poi le voci 04 che ti avevo indicato non le hai tolte tutte ne sono rimaste 2 più una nuova di Real Peotect.
O4 - HKCU\..\Run: [FBackup 6 Tray Agent] "C:\Program Files\Softland\FBackup 6\bTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\RunOnce: [RealProtect] "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run. Toglile tutte.
Poi fixa ancora questa:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030, poi fai una pulizia del Registro con Ccleaner, poi clic su Rimuovi. Finito chiudi tutto e riavvia il pc.,
Una volta riacceso: fai questo:
Pulire la cartella Prefetch:
Vai in C:\windows\prefetch Cancella tutti i file compresa la cartella ReadyBoot che verrà ricreata, non va cancellato il file layout.ini.
Rifai una scansione con Malwarebytes-ADWcleaner e JRT, JRT se non lo conosci fai così:
Scarica Junkware Removal Tool sul desktop.
http://junkware-removal-tool.it.uptodown.com/download
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Se oltre a I.E. usi altri browser devi controllare in tutti la pagina iniziale, i motori di ricerca e i componenti aggiuntivi estensioni e plugin e rimuovi tutte le voci che non conosci.
Per Internet Explorer io farei un ripristino:
Per ripristinare I.E. fai così:
Chiudi tutte le finestre di Internet Explorer aperte.
Vai in Strumenti>Opzioni Internet>clic sulla scheda Avanzate e quindi clic su Reimposta.
Nella finestra di dialogo Ripristina impostazioni di Internet Explorer fare clic su Ripristina.
Chiudi OK e riavvia il pc.
Ti raccomando di prestare molta attenzione a qualunque programma che scarichi controlla sempre se ci sono delle caselle spuntate che installano sw indesidarti, tigli tutte le spunte.
Fai sapere come va. Ciao
P.S. se l'impiccione dovesse riapparire, spero proprio di no, d'oh! d'oh! se ti ricordi la prima volta che è apparso, prova a fare un ripristino del sistema ad una data antecedente al problema, sempre che ci sia.

patton
Inviato: Friday, October 07, 2016 9:42:15 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Ho eseguito le varie operazioni da te consigliate.L'impiccione riappare sempre anche se Malwarebyte lo rileva ed io lo rimuovo spostandolo in quarantena.Ti confermo che il fixchecked di HTH non lo rimuove facendo riferimento alla famigerata riga R0.Ti segnalo che le altre scansioni con i programmi JRT ADWcleaner non evidenziano l'impiccione.Ho ripristinato IE e ti segnalo che dopo il ripristino IE mi segnala che un programma ma non mi dice quale sta cercando di prendere la prima pagina Questa segnalazione riguardo il nostro impiccione.Ovviamente io clicco su "non consentire ".Visto che sicuramente c'è un programma che mette continuamente in scena il nostro impiccione ho eseguito vari ripristini del sistema di varie date.Inoltre ho disinstallato alcuni programmi die recente installazione.Niente da fare .Mi sto rassegnando ad eseguire con frequenza giornaliera Malwarebyte che è l'unico programma che lo evidenzia e lo mette in quarantena ma non lo elimina del tutto.
Ma non esiste un programma free che sicuramente lo stana e lo elimina?
fax71ita
Inviato: Friday, October 07, 2016 10:52:45 AM

Rank: AiutAmico

Iscritto dal : 4/23/2010
Posts: 3,837
Ciao
Prova a rifare tutto ma dalla modalità provvisoria

giza
Inviato: Friday, October 07, 2016 11:13:58 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
controlla in esecuzione automatica che non ci sia niente.
rifai tutto seguendo qui
http://forum.aiutamici.com/yaf_postst96025_eliminare-pagine-pubblicitarie-e-porcherie-varie.aspx
come ultima risorsa vai su esegui/regedit/modifica/trova e metti findeer. (se a sinistra c'è la cartella findeer elimina la cartella altrimenti elimina la riga a destra dove c'è scritto findeer) quando lo trova eliminalo, poi vai su trova successivo e elimina se lo trova e avanti così finchè non trova niente.
poi riprova con: search.findeer
cbbusto
Inviato: Friday, October 07, 2016 3:14:05 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Oltre a quello che hanno suggerito gli amici sopra, mi sembra che tu usi solo Imternet Explorer, non hai mai provato ad usare un altro browser, prova Firefox, lo trovi su aiutamici con la scheda
ma è semplice da usare, se con FF non appare il dirottatore lascia perdere I.E. io non lo uso mai perchè è un browser che non mi piace. Speak to the hand
patton
Inviato: Friday, October 07, 2016 7:21:38 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Io adopero sempre firefox ed è il mio browser predefinito.
cbbusto
Inviato: Friday, October 07, 2016 10:18:23 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
patton ha scritto:
Io adopero sempre firefox ed è il mio browser predefinito.

I.E. non aprirlo nemmeno, con Firefox ti appare il dirottatore ? la pagina iniziale non è modificata ? se tutto è negativo e il pc funziona e non ha rallentamenti, allora lascia perdere e non continuare a fare scansioni con Malwarebytes, questo programma va usato solo se il pc funziona male, continuare a fare scansioni non serve a niente.
Hai eseguito regedit ed eliminato quanto suggerito da giza?
Ci sono delle cose strane che non ho mai sentito, qui nel forum search finder se lo sono trovato diverse persone ed è sempre stato risolto, ci sono delle cose che non mi sono chiare. d'oh! d'oh!
Fai sapere.
patton
Inviato: Friday, October 07, 2016 11:30:49 PM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Per Cbbusto
Ho eseguito regedit e non ho trovato alcuna riga che facesse riferimento a findeer.
FF non mi da problemi.Il Pc risponde bene ai comandi.La questione di findeer è venuta fuori facendo una scansione con malwarebytes.Il fatto che non rriusciamo a risolvere lo trovo strano pure io come per esempio il fxchecked tova la voce RO e non la elimina.Malwarebyetes rileva pup.optiozional.finder e non lo elimina nonostante lo mette in quarantena.Ho eseguito tutto quello che era possibile fare anche in modalità provvisoria ma il risultato non cambia.Se riscontri cose strane che non hai mai sentito ti prego di comunicarmele in modo da vedere se entro nelle persone che con il vostro aiuto hanno risolto search findeer.Una cosa molto strana è che io IE non lo adopero e l'impiccione si presenta proprio nel suo anbito.Forse alla fine potrebbe anche risultare un falso problema.Fammi sapere
giza
Inviato: Friday, October 07, 2016 11:49:28 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
hai controllato anche nei componenti aggiuntivi di IE?
cbbusto
Inviato: Saturday, October 08, 2016 12:25:15 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora a questo punto proviamo ad usare le maniere forti usando Combofix questo programma ha eliminato quasi sempre search findeer.
Non so se lo conosci comunque segui bene le indicazioni:
Scarica Combofix con Firefox,(se ci fossero dei problemi usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop. (è obligatorio)
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.
Doppio click su combofix.exe (se usi Vista o win 7: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )
E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.
Se ti chiede di aggiornare il programma clicca su SI e prosegui.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Tu non devi fare niente le eliminazioni le fa lui in automatico.
Devi postare il log che va controllato.

PS- Se il file eseguibile di Combofix non apparisse scaricabile o non volesse avviarsi, è possibile che sul sistema sia presente un malware in grado di rilevare la presenza di questo strumento per la rimozione delle minacce. Al momento del download dell'applicazione, quindi, salvala su disco modificando il nome predefinito – ovvero ComboFix.exe – (ad esempio abc123.exe)

Per rimuovere Combofix:
Scarica OTC by OldTimer http://oldtimer.geekstogo.com/OTC.exe scaricalo sul desktop, eseguilo, Clicca su CleanUp.
Alla richiesta di riavvio clicca SI
Poi vai in C ed elimina la cartella qoobox.
Non usare questo sw di tua iniziativa ma solo quando ti viene indicato.
Ci sentiamo domani. Ciao

patton
Inviato: Saturday, October 08, 2016 8:52:19 AM
Rank: AiutAmico

Iscritto dal : 5/15/2004
Posts: 245
Io la mano pesante l'ho già adoperata.Ho eseguito la scansione con ComboFix il giorno 05 cm e questa mattina.Leggere l'analisi di ComboFix per me è arabo per cui ti invio i due log per sottoporli alla tua attenzione.

ComboFix 16-09-28.01 - utente 05/10/2016 22:25:31.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2038.896 [GMT 2:00]
Eseguito da: e:\new download\combofix_16-09-28.01.exe
AV: IObit Malware Fighter *Disabled/Outdated* {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\McAfee\Real Protect\RealProtect.exe
c:\users\utente\AppData\Local\Temp\Softland\FBackup 6\LangTemp\BTray\bResourceStrings.ITA
c:\users\utente\AppData\Local\Temp\Softland\FBackup 6\LangTemp\BTray\bTray.ITA
c:\windows\security\Database\tmp.edb
H:\Autorun.inf
H:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WiseBootAssistant
.
.
((((((((((((((((((((((((( Files Creati Da 2016-09-05 al 2016-10-05 )))))))))))))))))))))))))))))))))))
.
.
2016-10-05 20:36 . 2016-10-05 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-05 20:09 . 2016-10-05 20:09 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{176BE95C-98A1-4E25-AF71-89BA572CDCC1}\offreg.956.dll
2016-10-05 19:38 . 2016-10-05 19:38 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{176BE95C-98A1-4E25-AF71-89BA572CDCC1}\MpKsl076bbe74.sys
2016-10-05 19:30 . 2013-09-20 08:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2016-10-05 19:30 . 2016-10-05 20:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2016-10-05 19:30 . 2016-10-05 19:47 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2016-10-05 05:54 . 2016-10-05 07:27 -------- d-----w- c:\program files\stinger
2016-10-05 05:20 . 2016-09-22 09:58 9837072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{176BE95C-98A1-4E25-AF71-89BA572CDCC1}\mpengine.dll
2016-10-05 05:20 . 2016-09-26 13:19 915640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71068FFC-1DAB-41ED-AE35-92B085A66930}\gapaengine.dll
2016-10-04 14:31 . 2016-10-04 15:02 -------- d-----w- c:\users\utente\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2016-10-04 14:31 . 2016-10-04 14:31 -------- d-----w- c:\program files\Plumbytes Software
2016-10-04 11:18 . 2016-10-04 11:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2016-10-04 06:55 . 2016-10-04 06:55 -------- d-----w- c:\users\utente\AppData\Roaming\Eusing
2016-10-04 06:54 . 2016-10-04 06:55 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2016-10-03 18:38 . 2016-09-22 09:58 9837072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-03 11:11 . 2016-10-03 11:11 -------- d-----w- c:\users\utente\AppData\Roaming\ProductData
2016-10-03 11:10 . 2016-10-04 07:03 -------- d-----w- c:\programdata\ProductData
2016-09-30 18:07 . 2016-09-30 18:07 -------- d-----w- c:\program files\PDFsam Basic
2016-09-30 17:44 . 2016-09-30 17:44 36648 ----a-w- c:\windows\system32\DbxSvc.exe
2016-09-30 17:38 . 2016-09-30 17:38 62064 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-09-30 17:38 . 2016-09-30 17:38 62064 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-09-30 17:38 . 2016-09-30 17:38 62064 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-09-30 05:25 . 2016-09-30 05:30 -------- d-----w- c:\program files\LibreOffice 5
2016-09-27 14:35 . 2016-09-26 13:19 915640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-09-26 13:16 . 2016-09-28 06:18 -------- d-----w- c:\program files\Microsoft Security Client
2016-09-22 04:55 . 2016-10-05 20:13 -------- d-----w- c:\users\utente\AppData\Roaming\Skype
2016-09-22 04:54 . 2016-09-22 04:55 -------- d-----r- c:\program files\Skype
2016-09-22 04:54 . 2016-09-22 04:55 -------- d-----w- c:\programdata\Skype
2016-09-21 12:48 . 2016-05-25 10:53 851176 ----a-w- c:\windows\system32\drivers\winusbcoinstaller2.dll
2016-09-21 12:48 . 2016-05-25 10:53 28160 ----a-w- c:\windows\system32\drivers\usbser.sys
2016-09-21 12:48 . 2016-05-25 10:53 249856 ----a-w- c:\windows\system32\drivers\hw_quusbnet.sys
2016-09-21 12:48 . 2016-05-25 10:53 195200 ----a-w- c:\windows\system32\drivers\hw_quusbmdm.sys
2016-09-21 12:48 . 2016-05-25 10:53 1837296 ----a-w- c:\windows\system32\drivers\WUDFUpdate_01009.dll
2016-09-21 12:48 . 2016-05-25 10:53 15360 ----a-w- c:\windows\system32\drivers\ew_usbccgpfilter.sys
2016-09-21 12:48 . 2016-05-25 10:53 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2016-09-21 12:48 . 2016-05-25 10:53 112512 ----a-w- c:\windows\system32\drivers\hw_cdcacm.sys
2016-09-21 12:48 . 2016-05-25 10:53 102272 ----a-w- c:\windows\system32\drivers\hw_usbdev.sys
2016-09-21 12:47 . 2016-09-21 12:49 -------- d-----w- c:\program files\HiSuite
2016-09-21 12:47 . 2016-09-21 12:50 -------- d-----w- c:\users\utente\AppData\Local\Hisuite
2016-09-21 06:09 . 2016-09-21 06:09 -------- d-----w- c:\programdata\regid.2006-01.com.fbackup
2016-09-21 05:55 . 2016-08-05 15:13 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-19 12:54 . 2016-09-21 11:32 -------- d-----w- c:\programdata\Glarysoft
2016-09-17 11:50 . 2016-07-07 15:20 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-09-17 11:49 . 2016-08-06 15:15 581632 ----a-w- c:\windows\system32\oleaut32.dll
2016-09-14 13:09 . 2016-09-14 13:09 -------- d-----w- c:\program files\PrivaZer
2016-09-14 11:29 . 2016-09-14 11:29 0 ---ha-w- c:\users\utente\AppData\Local\BIT8D77.tmp
2016-09-12 12:28 . 2016-09-12 19:22 -------- d-----w- c:\program files\Macrium
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-04 15:03 . 2016-02-10 15:32 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-15 01:12 . 2016-09-23 04:52 9837072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8688A65E-AF46-4993-AC05-14938C90025F}\mpengine.dll
2016-09-14 12:38 . 2016-02-11 08:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-09-14 12:38 . 2016-02-11 08:36 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-07 13:22 . 2016-05-25 06:55 23984 ----a-w- c:\windows\WiseRegNotify.sys
2016-08-30 20:02 . 2016-02-08 17:06 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-08-25 08:46 . 2016-08-25 08:46 252808 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2016-08-25 08:46 . 2015-11-13 06:50 105696 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2016-08-08 15:02 . 2016-02-10 09:56 8192 ----a-w- c:\windows\system32\srvany.exe
2016-07-28 07:38 . 2016-08-07 13:11 26968 ----a-w- c:\windows\system32\ambakdrv.sys
2016-07-28 07:38 . 2016-08-07 13:11 14936 ----a-w- c:\windows\system32\amwrtdrv.sys
2016-07-28 07:38 . 2016-08-07 13:11 11224 ----a-w- c:\windows\system32\amreg.sys
2016-07-27 19:25 . 2016-02-08 17:21 406184 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-09-30 17:42 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FBackup 6 Tray Agent"="c:\program files\Softland\FBackup 6\bTray.exe" [2016-09-20 15067000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-09-12 29635712]
"SpybotPostWindows10UpgradeReInstall"="c:\program files\Common Files\AV\Spybot - Search and Destroy\Test.exe" [2015-07-28 1011200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-09-30 25242560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1004064]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qlock.lnk]
backup=c:\windows\pss\qlock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MalTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2016-09-01 16:13 67384 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanoScan Toolbox 4.9]
2006-09-07 10:18 1259072 ----a-w- c:\progra~1\Canon\CANOSC~1.9\CSTBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardOS API]
2012-08-22 09:47 196608 ----a-w- c:\program files\CardOS API\bin\cardoscp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-08-26 19:23 6868696 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-10-21 20:47 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-10-21 20:47 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBackup 6 Tray Agent]
2016-09-20 09:30 15067000 ----a-w- c:\program files\Softland\FBackup 6\bTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2016-09-05 03:26 43984 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDProtect Monitor]
2013-10-08 07:30 506168 ----a-w- c:\program files\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2016-09-09 13:00 164152 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicPick Start]
2016-08-26 00:27 19764680 ----a-w- c:\program files\PicPick\picpick.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2011-10-04 10:28 220992 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanGearStarter]
2006-07-28 13:27 1455704 ----a-w- c:\windows\twain_32\CNQSG\SGST.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-06-22 12:11 598552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2015-07-13 10:44 248176 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"Persistence"="c:\windows\system32\igfxpers.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
.
R2 dbupdate;Servizio Aggiornamento Dropbox (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 143144]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2011-01-21 145920]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2016-08-08 8192]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-07-29 3046688]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R2 uzsvc;UltraZip Service;c:\program files\UltraZip\uzsvc.exe [2016-05-05 45248]
R2 uzupd;UltraZip Updater;c:\program files\UltraZip\uzupd.exe [2016-05-05 85696]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2015-01-23 22528]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 dbupdatem;Servizio Aggiornamento Dropbox (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 143144]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys [2016-05-25 15360]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-09-01 102912]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2016-10-04 170200]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-11-28 17408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-08-30 280864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2016-07-27 32288]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo32.dll [2016-02-13 13264]
R3 WiseRegNotify;WiseRegNotify;c:\windows\WiseRegNotify.sys [2016-09-07 23984]
R4 IMFFilter;IMFFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [2016-04-01 21184]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys [2016-07-28 26968]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-21 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-21 43656]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2015-10-12 16016]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-21 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-21 185480]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-02-12 17472]
S1 MpKsl076bbe74;MpKsl076bbe74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{176BE95C-98A1-4E25-AF71-89BA572CDCC1}\MpKsl076bbe74.sys [2016-10-05 39168]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys [2016-07-28 14936]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2016-09-30 36648]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
S2 FBackup6Srv;FBackup 6 Service;c:\program files\Softland\FBackup 6\bService.exe [2016-09-20 5117304]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-12-25 97912]
S2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\program files\HiSuite\HandSetService\HuaweiHiSuiteService.exe [2016-08-26 155848]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2016-07-26 1600288]
S2 pbamw_service;AMW Service;c:\program files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe run [x]
S2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2015-05-26 396024]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2015-07-13 93040]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-10-31 588024]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-05-26 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-04 11:13 1266792 ----a-w- c:\program files\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-10-01 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14 07:21]
.
2016-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11 12:38]
.
2016-10-05 c:\windows\Tasks\DropboxUpdateTaskMachineCore1d21492249a3873.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 17:44]
.
2016-10-05 c:\windows\Tasks\DropboxUpdateTaskMachineUA1d2149227c7142f.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 17:44]
.
2016-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
2016-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
2016-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d1e956f6c0671e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: maris.com\www.redshift
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\0zojxdbc.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-RealProtect - c:\program files\McAfee\Real Protect\RealProtect.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="35-4KYR-UVX7-GEFN-P566-2VJ2-SBTTEND"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Plumbytes Software\Plumbytes Anti-Malware\AmwService.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Ora fine scansione: 2016-10-05 22:52:31 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2016-10-05 20:52
.
Pre-Run: 261.756.596.224 byte disponibili
Post-Run: 261.369.118.720 byte disponibili
.
- - End Of File - - 6E43DE317BF4915D1425D1D387AA0721
A36C5E4F47E84449FF07ED3517B43A31

Log del giorno 08

ComboFix 16-09-28.01 - utente 08/10/2016 7:51.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.2038.772 [GMT 2:00]
Eseguito da: e:\new download\combofix_16-09-28.01.exe
AV: IObit Malware Fighter *Disabled/Outdated* {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
Overlay Annulata ... Per Piacere rieseguite ComboFix
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\utente\AppData\Local\Temp\Softland\FBackup 6\LangTemp\BTray\bResourceStrings.ITA
c:\users\utente\AppData\Local\Temp\Softland\FBackup 6\LangTemp\BTray\bTray.ITA
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WiseBootAssistant
.
.
((((((((((((((((((((((((( Files Creati Da 2016-09-08 al 2016-10-08 )))))))))))))))))))))))))))))))))))
.
.
2016-10-08 06:05 . 2016-10-08 06:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-08 05:26 . 2016-10-08 05:26 39168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DEC1789-11F8-49B5-8EE9-576C46866E96}\MpKsl36853499.sys
2016-10-07 17:15 . 2016-10-07 17:15 -------- d-----w- c:\users\utente\AppData\Roaming\ProductData
2016-10-07 17:12 . 2016-10-07 17:12 -------- d-----w- c:\programdata\ProductData
2016-10-07 05:41 . 2016-09-22 09:58 9837072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DEC1789-11F8-49B5-8EE9-576C46866E96}\mpengine.dll
2016-10-06 21:06 . 2016-10-06 21:06 36648 ----a-w- c:\windows\system32\DbxSvc.exe
2016-10-06 21:00 . 2016-10-06 21:00 62064 ----a-w- c:\windows\system32\drivers\dbx-stable.sys
2016-10-06 21:00 . 2016-10-06 21:00 62064 ----a-w- c:\windows\system32\drivers\dbx-dev.sys
2016-10-06 21:00 . 2016-10-06 21:00 62064 ----a-w- c:\windows\system32\drivers\dbx-canary.sys
2016-10-06 14:30 . 2016-10-07 06:56 -------- d-----w- c:\users\utente\AppData\Roaming\Enigma Software Group
2016-10-06 14:30 . 2016-10-06 14:30 -------- d-----w- C:\sh4ldr
2016-10-06 05:32 . 2016-09-22 09:58 9837072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-05 05:54 . 2016-10-05 07:27 -------- d-----w- c:\program files\stinger
2016-10-05 05:20 . 2016-09-26 13:19 915640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71068FFC-1DAB-41ED-AE35-92B085A66930}\gapaengine.dll
2016-10-04 14:31 . 2016-10-04 15:02 -------- d-----w- c:\users\utente\AppData\Local\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}
2016-10-04 11:18 . 2016-10-04 11:19 -------- d-----w- c:\program files\Mozilla Thunderbird
2016-10-04 06:55 . 2016-10-04 06:55 -------- d-----w- c:\users\utente\AppData\Roaming\Eusing
2016-09-30 18:07 . 2016-09-30 18:07 -------- d-----w- c:\program files\PDFsam Basic
2016-09-30 05:25 . 2016-09-30 05:30 -------- d-----w- c:\program files\LibreOffice 5
2016-09-27 14:35 . 2016-09-26 13:19 915640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-09-26 13:16 . 2016-09-28 06:18 -------- d-----w- c:\program files\Microsoft Security Client
2016-09-22 04:55 . 2016-10-08 05:38 -------- d-----w- c:\users\utente\AppData\Roaming\Skype
2016-09-22 04:54 . 2016-09-22 04:55 -------- d-----r- c:\program files\Skype
2016-09-22 04:54 . 2016-09-22 04:55 -------- d-----w- c:\programdata\Skype
2016-09-21 12:48 . 2016-05-25 10:53 851176 ----a-w- c:\windows\system32\drivers\winusbcoinstaller2.dll
2016-09-21 12:48 . 2016-05-25 10:53 28160 ----a-w- c:\windows\system32\drivers\usbser.sys
2016-09-21 12:48 . 2016-05-25 10:53 249856 ----a-w- c:\windows\system32\drivers\hw_quusbnet.sys
2016-09-21 12:48 . 2016-05-25 10:53 195200 ----a-w- c:\windows\system32\drivers\hw_quusbmdm.sys
2016-09-21 12:48 . 2016-05-25 10:53 1837296 ----a-w- c:\windows\system32\drivers\WUDFUpdate_01009.dll
2016-09-21 12:48 . 2016-05-25 10:53 15360 ----a-w- c:\windows\system32\drivers\ew_usbccgpfilter.sys
2016-09-21 12:48 . 2016-05-25 10:53 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2016-09-21 12:48 . 2016-05-25 10:53 112512 ----a-w- c:\windows\system32\drivers\hw_cdcacm.sys
2016-09-21 12:48 . 2016-05-25 10:53 102272 ----a-w- c:\windows\system32\drivers\hw_usbdev.sys
2016-09-21 12:47 . 2016-10-06 18:29 -------- d-----w- c:\program files\HiSuite
2016-09-21 06:09 . 2016-09-21 06:09 -------- d-----w- c:\programdata\regid.2006-01.com.fbackup
2016-09-21 05:55 . 2016-08-05 15:13 2048 ----a-w- c:\windows\system32\tzres.dll
2016-09-19 12:54 . 2016-09-21 11:32 -------- d-----w- c:\programdata\Glarysoft
2016-09-17 11:50 . 2016-07-07 15:20 1309928 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-09-17 11:49 . 2016-08-06 15:15 581632 ----a-w- c:\windows\system32\oleaut32.dll
2016-09-14 13:09 . 2016-10-07 05:28 -------- d-----w- c:\program files\PrivaZer
2016-09-14 11:29 . 2016-09-14 11:29 0 ---ha-w- c:\users\utente\AppData\Local\BIT8D77.tmp
2016-09-12 12:28 . 2016-09-12 19:22 -------- d-----w- c:\program files\Macrium
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-07 19:48 . 2016-02-10 15:32 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-07 08:56 . 2016-02-11 08:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-10-07 08:56 . 2016-02-11 08:36 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-09-15 01:12 . 2016-09-23 04:52 9837072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8688A65E-AF46-4993-AC05-14938C90025F}\mpengine.dll
2016-09-07 13:22 . 2016-05-25 06:55 23984 ----a-w- c:\windows\WiseRegNotify.sys
2016-08-30 20:02 . 2016-02-08 17:06 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-08-25 08:46 . 2016-08-25 08:46 252808 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2016-08-25 08:46 . 2015-11-13 06:50 105696 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2016-08-08 15:02 . 2016-02-10 09:56 8192 ----a-w- c:\windows\system32\srvany.exe
2016-07-28 07:38 . 2016-08-07 13:11 26968 ----a-w- c:\windows\system32\ambakdrv.sys
2016-07-28 07:38 . 2016-08-07 13:11 14936 ----a-w- c:\windows\system32\amwrtdrv.sys
2016-07-28 07:38 . 2016-08-07 13:11 11224 ----a-w- c:\windows\system32\amreg.sys
2016-07-27 19:25 . 2016-02-08 17:21 406184 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10]
@="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9]
@="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}]
2016-10-06 21:04 223552 ----a-w- c:\program files\Dropbox\Client\DropboxExt.65536.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FBackup 6 Tray Agent"="c:\program files\Softland\FBackup 6\bTray.exe" [2016-09-20 15067000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2016-09-12 29635712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2016-10-06 25243040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^utente^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qlock.lnk]
backup=c:\windows\pss\qlock.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanGearStarter
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2016-09-01 16:13 67384 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanoScan Toolbox 4.9]
2006-09-07 10:18 1259072 ----a-w- c:\progra~1\Canon\CANOSC~1.9\CSTBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardOS API]
2012-08-22 09:47 196608 ----a-w- c:\program files\CardOS API\bin\cardoscp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2016-08-26 19:23 6868696 ----a-w- c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-10-21 20:47 743560 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-10-21 20:47 70792 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2016-09-05 03:26 43984 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDProtect Monitor]
2013-10-08 07:30 506168 ----a-w- c:\program files\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2016-09-09 13:00 164152 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicPick Start]
2016-08-26 00:27 19764680 ----a-w- c:\program files\PicPick\picpick.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
2011-10-04 10:28 220992 ----a-w- c:\program files\Software602\Print2PDF\Print2PDF.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2016-06-22 12:11 598552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2015-07-13 10:44 248176 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"IgfxTray"="c:\windows\system32\igfxtray.exe"
"Persistence"="c:\windows\system32\igfxpers.exe"
"HotKeysCmds"="c:\windows\system32\hkcmd.exe"
.
R1 MpKsl21bd774f;MpKsl21bd774f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DEC1789-11F8-49B5-8EE9-576C46866E96}\MpKsl21bd774f.sys [2016-10-07 39168]
R2 dbupdate;Servizio Aggiornamento Dropbox (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 143144]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2011-01-21 145920]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2016-08-08 8192]
R2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [2016-07-29 3046688]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R2 uzsvc;UltraZip Service;c:\program files\UltraZip\uzsvc.exe [2016-05-05 45248]
R2 uzupd;UltraZip Updater;c:\program files\UltraZip\uzupd.exe [2016-05-05 85696]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2015-01-23 22528]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 dbupdatem;Servizio Aggiornamento Dropbox (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 143144]
R3 dbx;dbx;c:\windows\system32\DRIVERS\dbx.sys [x]
R3 ew_usbccgpfilter;HwHandSet_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbccgpfilter.sys [2016-05-25 15360]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-09-01 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2016-03-10 53120]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-11-28 17408]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2016-08-25 105696]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2016-08-30 280864]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2016-07-27 32288]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WiseHDInfo;WiseHDInfo;c:\windows\WiseHDInfo32.dll [2016-02-13 13264]
R3 WiseRegNotify;WiseRegNotify;c:\windows\WiseRegNotify.sys [2016-09-07 23984]
R4 IMFFilter;IMFFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\IMFFilter.sys [2016-04-01 21184]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-21 39560]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-21 43656]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2015-10-12 16016]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-21 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-21 185480]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-02-12 17472]
S1 MpKsl36853499;MpKsl36853499;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DEC1789-11F8-49B5-8EE9-576C46866E96}\MpKsl36853499.sys [2016-10-08 39168]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
S2 DbxSvc;DbxSvc;c:\windows\system32\DbxSvc.exe [2016-10-06 36648]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-10-21 60552]
S2 FBackup6Srv;FBackup 6 Service;c:\program files\Softland\FBackup 6\bService.exe [2016-09-20 5117304]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-21 23176]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2012-12-25 97912]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2016-07-26 1600288]
S2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2015-05-26 396024]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2015-07-13 93040]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-10-31 588024]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2016-03-10 24448]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-05-26 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-04 11:13 1266792 ----a-w- c:\program files\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-10-08 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\system32\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-14 07:21]
.
2016-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11 08:56]
.
2016-10-08 c:\windows\Tasks\DropboxUpdateTaskMachineCore1d21492249a3873.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 17:44]
.
2016-10-08 c:\windows\Tasks\DropboxUpdateTaskMachineUA1d2149227c7142f.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2016-03-05 17:44]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
2016-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d1e956f6c0671e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-02-08 19:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com/?h=7A15F9217B6364D3AD43AAC7D954084E4D366D29ED1C9F39519CAE9882B4D69875C466206E3115717D47E1472D9854E58E5DC8DE5CC3BC04BC51DDFB17719D55&g=55dc1156-558a-4b91-b0a3-2c54a1e26a56&c=313936&s=313030
uInternet Settings,ProxyOverride = *.local
Trusted Zone: maris.com\www.redshift
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Profiles\0zojxdbc.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_162_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence0"="35-4KYR-UVX7-GEFN-P566-2VJ2-SBTTEND"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\windows\system32\rundll32.exe
c:\program files\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2016-10-08 08:21:19 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2016-10-08 06:21
ComboFix2.txt 2016-10-05 20:52
.
Pre-Run: 261.507.510.272 byte disponibili
Post-Run: 260.920.369.152 byte disponibili
.
- - End Of File - - 9C9E91E084697D00B9F402F0F3516541
A36C5E4F47E84449FF07ED3517B43A31
cbbusto
Inviato: Saturday, October 08, 2016 10:48:33 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao sono rientrato da poco, ho visto i log di Combofix ho dato una passata veloce ma mi serve più tempo per esaminarli bene.
Comunque search findeer è stato tolto in entrampi i log, non mi hai detto come va il pc oggi.
Ho notato che hai todo backup e macrium reflect che sono 2 programmi che fanno la stessa cosa cioè creare un'immagine del sistema, non capisco perchè averne 2, quindi presumo tu abbia fatto l'immagine del sistema quando il pc funzionava perfettamente ed era pulito, se così è non capisco perchè stiamo perdendo così tanto tempo quando puoi fare un ripristino e mettere tutto a posto ????
Vedo che usi un sacco di programmi di pulizia e protezione, fai un sacco di scansioni, quindi si presume che tu sia un attento utilizzatore del pc, poi ti vai a beccare searc findeer, Think Think Shame on you Shame on you
questi disturbatori arrivano per disattenzione e per mancanza di controlli su ciò che si scarica dalla rete e non si controlla bene quando vengono installati, scusa per questo appunto non te la prendere. Fammi sapere. Ciao
giza
Inviato: Sunday, October 09, 2016 11:04:35 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
sarebbe utile usare sandboxie per visitare siti poco affidabili.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.