Condividi:        

pp.developunit.info

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

pp.developunit.info

Postdi mauri1974 » 24/02/14 13:52

Ciao ragazzi.
Chi mi dà una mano ad eliminare pp.developunit.info ??

Grazie
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Sponsor
 

Re: pp.developunit.info

Postdi FDACCC » 24/02/14 13:57

Scarica AdwCleaner: http://www.bleepingcomputer.com/download/adwcleaner/
● salva il file sul Desktop
● clicca sull'icona di AdwCleaner
● clicca sul pulsante Cerca
● attendi pazientemente il termine della scansione
● clicca sul pulsante Elimina e conferma cliccando OK
● prosegui cliccando OK per altre due volte: il sistema si riavvierà automaticamente
allega il log che compare al riavvio

Scarica Junkware Removal Tool: http://www.bleepingcomputer.com/downloa ... oval-tool/
Link alternativo: http://thisisudax.org/downloads/JRT.exe
● salva il file sul Desktop
● clicca sull'icona di JRT e attendi pazientemente la fine della scansione
● se rileva minacce, verrà richiesto un riavvio: premi Y
● una volta riavviato, dovrebbe aprirsi il log sul desktop come JRT.txt
allega il log che compare al riavvio
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 14:52

Scusa l' ignoranza, ma quando faccio sava file non è specificato dove lo voglio salvare.
Io clicco su Salva, ma nel desktop non mi compare l' icona?

Dove caspita me la salva ? :?:

Grazie
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 15:18

Come non detto ....

Ecco il log

Codice: Seleziona tutto
# AdwCleaner v3.019 - Report created 24/02/2014 at 14:59:06
# Updated 17/02/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Otto - LENOVO-PC
# Running from : C:\Users\Otto\Downloads\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
[#] Service Deleted : Update BuzzSearch
[#] Service Deleted : Util BuzzSearch

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\BuzzSearch
Folder Deleted : C:\Program Files (x86)\LiveSupport
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Nosibay
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Users\Otto\AppData\Local\FilesFrog Update Checker
Folder Deleted : C:\Users\Otto\AppData\Local\lollipop
Folder Deleted : C:\Users\Otto\AppData\Roaming\aartemis
Folder Deleted : C:\Users\Otto\AppData\Roaming\Nosibay
Folder Deleted : C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
Folder Deleted : C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
File Deleted : C:\Users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\aartemis.xml
File Deleted : C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\user.js
File Deleted : C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [bubbledock@nosibay.com]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442C-B14C-3D1081953C94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBFCF40E-A87B-463F-A782-55BDD4160B5E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\BuzzSearch
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\LiveSupport
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Nosibay
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\aartemisSoftware
Key Deleted : HKLM\Software\BuzzSearch
Key Deleted : HKLM\Software\do-searchSoftware
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aartemis Browser Protecter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveSupport_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v27.0.1 (it)

[ File : C:\Users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\prefs.js ]

Line Deleted : user_pref("extensions.BQ_hOi.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.inde[...]
Line Deleted : user_pref("extensions.wZkVeTbL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.in[...]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Otto\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8224 octets] - [24/02/2014 14:57:28]
AdwCleaner[S0].txt - [7029 octets] - [24/02/2014 14:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7089 octets] ##########
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 15:23

JRT non mi ha chiesto di riavviare e non ho quindi nessun log da postare ...

:undecided:
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi FDACCC » 24/02/14 15:30

Controlla sul desktop o nel disco locale C:\, dovrebbe esserci!
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 15:39

FDACCC ha scritto:Controlla sul desktop o nel disco locale C:\, dovrebbe esserci!


Si, infatti poi l'ho trovato.

Sopra trovi il log da controllare.... ;)
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi FDACCC » 24/02/14 15:42

Mi riferivo a JRT veramente :)

Il PC ora come funziona?
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 16:05

FDACCC ha scritto:Mi riferivo a JRT veramente :)

Il PC ora come funziona?



Ora sono al lavoro e non ho il mio pc dietro.

Ti rispondo entro domani mattina ...
Grazie
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi FDACCC » 24/02/14 16:41

Nessun problema.
Ci aggiorniamo domani!
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: pp.developunit.info

Postdi mauri1974 » 24/02/14 20:48

Sto provando ora ....

Va sicuramente meglio, però mi si apre spesso questa finestra mentre navigo e ogni volta mi tocca chiuderla ...

http://fastdailyfind.com/ads-clicktrack ... ersion=1.1
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 07:15

Questa è un' altra pagina che mi si apre stamattina .....

http://click.dealshark.com/ads-clicktra ... ersion=1.1
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 07:21

Appena comparso anche pp.devoeopunit ..... :evil:

e ancora questa ...

http://click.dealshark.com/ads-clicktra ... ersion=1.1
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 12:25

C'è qualcuno che mi può aiutare ?? :(
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 13:27

Log di JRT .... :?:

Codice: Seleziona tutto
[ResponseResult]
ResultCode=0
[Install Progress]
 Confirm Realtek Driver
 Check Operation System Version
 OS Information [WINMAJOR Number] = 6
 OS Information [WINMAJOR String] = 6.2
 OS Information [SYSINFO.nWinMajor] = 6
 OS Information [SYSINFO.nWinMinor] = 2
 OS Information [IsWin2000] = 0
 OS Information [IsWinXP] = 0
 OS Information [IsWin2003] = 0
 OS Information [IsVista] = 0
 OS Information [IsWin2008] = 0
 OS Information [IsWin7] = 0
 OS Information [IsWin8] = 1
 OS Information [IsWin2008R2x64] = 0
 OS Information [IsMCE] = 0
 OS Information [IsServer] = 0
 OS Information [Service Pack] = 0
 OS Information [x64] = 1
 Operation System was Windows x64
 Rtlupd [GetRtlupdForPackage] = 1
 Rtlupd version [C:\SWTOOLS\DRIVERS\AUDIO\Vista64\RtlUpd64.exe] = 2.8.0.6
 Rtkupd version [\] =
 Current use Rtlupd version [C:\SWTOOLS\DRIVERS\AUDIO\Vista64\RtlUpd64.exe] = 2.8.0.6
 Default Path [RtkAudioDir] = C:\Program Files (x86)\Realtek\Audio
 Default Path [RtkAudioDir x64] = C:\Program Files\Realtek\Audio
 Default Path [RtlTempDir] = C:\Program Files (x86)\Realtek\Audio\Drivers
 Default Path [RtkHDADrvDir] = C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64
 Default Path [RtkHDMIDrvDir] = C:\Program Files (x86)\Realtek\Audio\Drivers\HDMI\XP2K
 Default Path [RtlPFHDADir] = C:\Program Files\Realtek\Audio\HDA
 Default Registry key [Installer Base Key] = SOFTWARE\Realtek\Audio\Installer
 Current model : Lenovo
 Current driver version = 6.0.1.6710  x64 Edition
 
 Realtek HD Audio Driver Vista64 Directory Exist .
 Dolby4.Page ( PCEE4 ) Application Directory Exist
 ADCTL - Lenovo - Reg CmdUtil - Application Directory Exist
 Status - OnMoveData
 Status - ProgramFiles_Installing
 delete C:\Program Files (x86)\Realtek\Audio\Drivers\Vista64
 Copy Realtek HD Audio Driver from Vista64 Directory
 Copy ADCTL.exe from Source-ADCTL Directory
 Run RtlUpd64.exe : C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe --- > -s -cb -nrg2709 (TRUE)
 Status - ProgramFiles_Installed
 Install Realtek HD Audio Audio Driver
 Run RtlUpd64.exe : C:\Program Files (x86)\Realtek\Audio\Drivers\RtlUpd64.exe --- > -u -s -fi -nrg2709 (TRUE)
 -->Realtek HD Audio - SetupAPI result LAAW_PARAMETERS.nLaunchResult = -4
 Register C:\windows\system32\RtkAPO64.dll in Vista system .
 Status - OnFirstUIAfter
 Installer - OnEnd
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 13:58

LOG ESATTO DI JRT ..... Scusate quello di prima era sbagliato !! :oops:

Codice: Seleziona tutto
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Otto on 25/02/2014 at 13.51.33,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F15655CF-A85B-B770-22DF-48D010880FD6}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F15655CF-A85B-B770-22DF-48D010880FD6}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F15655CF-A85B-B770-22DF-48D010880FD6}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\m0x7ahq8.default-1387107677864\prefs.js

user_pref("extensions.BQ_hOi.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\
user_pref("extensions.wZkVeTbL.scode", "(function(){try{var url=window.self.location.href;if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf
Emptied folder: C:\Users\Otto\AppData\Roaming\mozilla\firefox\profiles\m0x7ahq8.default-1387107677864\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/02/2014 at 13.55.26,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi FDACCC » 25/02/14 14:04

Ciao Mauri, scusa non sono 24 h su 24 al pc.


Vedi se riesci ad eseguire questa scansione;

ComboFix: rimuovere le infezioni presenti nel sistema

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
link alternativo: http://www.combofix.org/downloadlink.php
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● clicca due volte sul file ComboFix per avviare l'applicazione
● clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:

"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"


● nel caso di Windows XP, verrà richiesta l' installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer; inoltre potrebbe impostarlo come browser predefinito

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
● se non trovi il Report del programma, clicca Start, Esegui e inserisci questa stringa (infine clicca il pulsante Invio):
cmd /c dir /a/s/b c:\qoobox >log2.txt & log2.txt

Note - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, prima di avviarlo, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso
esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette USB, Hard Disk Esterni, Lettori MP3, Schedine SD..) per prevenire future minacce e aumentare la sicurezza del Computer: quando inserisci un dispositivo esterno, dovrai avviarlo "manualmente" dalle Risorse del computer. Se vuoi che il PC torni come prima, comunicalo nel tuo prossimo post
● se ComboFix rileva Bootkit/Rootkit in attività sul tuo sistema, dopo un avviso ti verrà richiesto di riavviare la macchina: acconsenti (al riavvio la macchina potrebbe mostrare una finestra nera per alcuni minuti, è normale)
● se dopo aver eseguito il programma ricevi un qualunque tipo di messaggio riguardo chiavi di registro cancellate, riavvia la macchina e il problema scomparirà (le chiavi di registro non verranno cancellate, tranquillo)
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 15:02

Si, scusami .... :D

Ecco il report di combofix

Codice: Seleziona tutto
ComboFix 14-02-24.02 - Otto 25/02/2014  14.23.19.1.2 - x64
Microsoft Windows 8  6.2.9200.0.1252.39.1040.18.3948.2215 [GMT 1:00]
Eseguito da: c:\users\Otto\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - windows: deleted 0 bytes in 1 streams. [/i]
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco\2.1\background.html
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco\2.1\content.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco\2.1\lsdb.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco\2.1\manifest.json
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\efjaofigpmcdifbmbadeocdcbecagjco\2.1\N0YJV9eI.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn\5.4_0\background.html
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn\5.4_0\content.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn\5.4_0\lsdb.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn\5.4_0\manifest.json
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Extensions\paceidfaiinlplbgaehedekgkcefpnhn\5.4_0\RjjPpd.js
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efjaofigpmcdifbmbadeocdcbecagjco_0.localstorage-journal
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_efjaofigpmcdifbmbadeocdcbecagjco_0.localstorage
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_paceidfaiinlplbgaehedekgkcefpnhn_0.localstorage-journal
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_paceidfaiinlplbgaehedekgkcefpnhn_0.localstorage
c:\users\Otto\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\hty2uixr@alco-my.org
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\hty2uixr@alco-my.org\bootstrap.js
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\hty2uixr@alco-my.org\chrome.manifest
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\hty2uixr@alco-my.org\content\bg.js
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\hty2uixr@alco-my.org\install.rdf
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\yozikjp@azslfjr.edu
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\yozikjp@azslfjr.edu\bootstrap.js
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\yozikjp@azslfjr.edu\chrome.manifest
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\yozikjp@azslfjr.edu\content\bg.js
c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\extensions\yozikjp@azslfjr.edu\install.rdf
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-01-25 al 2014-02-25  )))))))))))))))))))))))))))))))))))
.
.
2014-02-25 13:38 . 2014-02-25 13:39   --------   d-----w-   c:\users\Otto\AppData\Local\temp
2014-02-25 13:38 . 2014-02-25 13:38   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-02-24 19:51 . 2014-02-06 09:01   10536864   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3122A09E-F865-43C5-B9E7-0C219DC8D018}\mpengine.dll
2014-02-24 14:21 . 2014-02-24 14:21   --------   d-----w-   c:\windows\ERUNT
2014-02-24 13:56 . 2014-02-25 13:11   --------   d-----w-   C:\AdwCleaner
2014-02-22 19:25 . 2014-02-22 19:25   255664   ----a-w-   c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10234.bin
2014-02-21 15:10 . 2014-02-21 15:10   --------   d-----w-   c:\programdata\savingtuoyou
2014-02-12 20:58 . 2013-12-04 23:43   583680   ----a-w-   c:\windows\system32\msdrm.dll
2014-02-12 20:58 . 2013-12-04 23:37   451072   ----a-w-   c:\windows\SysWow64\msdrm.dll
2014-02-12 19:51 . 2013-11-01 05:53   2232664   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2014-02-12 19:51 . 2013-11-25 23:17   83968   ----a-w-   c:\windows\system32\drivers\hidclass.sys
2014-02-12 19:48 . 2013-11-20 00:15   3842560   ----a-w-   c:\windows\system32\d2d1.dll
2014-02-12 19:48 . 2014-01-12 23:30   2238976   ----a-w-   c:\windows\system32\d3d10warp.dll
2014-02-12 19:48 . 2013-11-19 23:57   3288576   ----a-w-   c:\windows\SysWow64\d2d1.dll
2014-02-12 19:48 . 2014-01-12 23:30   2032640   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2014-02-07 20:30 . 2014-02-21 15:10   --------   d-----w-   c:\programdata\baf8ad8b7a82d7b4
2014-02-07 20:30 . 2014-02-07 20:30   --------   d-----w-   c:\programdata\PPTChecckier
2014-02-07 20:30 . 2014-02-07 20:30   --------   d-----w-   c:\programdata\paceidfaiinlplbgaehedekgkcefpnhn
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-25 13:04 . 2013-06-10 07:29   88567024   ----a-w-   c:\windows\system32\MRT.exe
2014-02-24 13:00 . 2013-06-08 09:41   17536   ----a-w-   c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-02-23 18:00 . 2013-06-08 09:41   50784   ----a-w-   c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-02-17 22:03 . 2013-11-13 19:12   78304   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03 . 2013-11-13 19:12   694240   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2013-06-28 16:06   270496   ------w-   c:\windows\system32\MpSigStub.exe
2013-12-18 20:09 . 2014-01-26 07:05   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-07 06:37 . 2014-01-15 12:59   688640   ----a-w-   c:\windows\system32\WSShared.dll
2013-12-07 06:37 . 2014-01-15 12:59   163840   ----a-w-   c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15 . 2014-01-15 12:59   562688   ----a-w-   c:\windows\SysWow64\WSShared.dll
2013-12-07 05:15 . 2014-01-15 12:59   124928   ----a-w-   c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F15655CF-A85B-B770-22DF-48D010880FD6}]
2014-02-21 15:10   427008   ----a-w-   c:\programdata\savingtuoyou\QmOuHW.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2013-06-28 444840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-08-30 548864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Otto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-8-17 1346936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S2 BcmBtRSupport;Bluetooth Radio Control Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 FPLService;TrueSuiteService;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe;c:\program files\Lenovo Fingerprint Reader\TrueSuiteService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Lenovo System Agent Service;Lenovo System Agent Service;c:\program files\lenovo\SystemAgent\SystemAgentService.exe;c:\program files\lenovo\SystemAgent\SystemAgentService.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LnvHotSpotSvc;LnvMHService;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe;c:\program files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [x]
S2 LocationTaskManager;Location Task Manager;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe;c:\program files (x86)\Lenovo\LocationAware\loctaskmgr.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 Power Manager DBC Service;Lenovo Settings Power Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BthLEEnum;Driver Bluetooth a basso consumo;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
S3 vm331avs;Digital Camera 1;c:\windows\System32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-04 19:45   1210320   ----a-w-   c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04   215416   ----a-w-   c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 15:06]
.
2014-02-25 c:\windows\Tasks\find-a-deal Update.job
- c:\program files (x86)\findAdeal\fadupdate.exe [2013-11-24 13:28]
.
2014-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 09:23]
.
2014-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-10 09:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B13DB39-154C-5114-E6D7-753F8D0278C6}]
2014-02-07 20:30   475136   ----a-w-   c:\programdata\PPTChecckier\42lG.x64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F15655CF-A85B-B770-22DF-48D010880FD6}]
2014-02-21 15:10   475136   ----a-w-   c:\programdata\savingtuoyou\QmOuHW.x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39   463952   ----a-w-   c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39   463952   ----a-w-   c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39   463952   ----a-w-   c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39   463952   ----a-w-   c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2012-07-20 373760]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-26 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-26 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-26 441152]
"LnvMobHotspotClient"="c:\program files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe" [2012-08-20 1010784]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-08-13 564320]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Otto\AppData\Roaming\Mozilla\Firefox\Profiles\m0x7ahq8.default-1387107677864\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Bubble Dock - c:\users\Otto\AppData\Roaming\Nosibay\Bubble Dock\Uninstall Bubble Dock.exe
AddRemove-lollipop_12091330 - c:\users\otto\appdata\local\lollipop\lollipop_12091330.bat
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Ora fine scansione: 2014-02-25  14:59:20
ComboFix-quarantined-files.txt  2014-02-25 13:59
.
Pre-Run: 257.283.833.856 byte disponibili
Post-Run: 259.979.767.808 byte disponibili
.
- - End Of File - - D327557118866F4F773D49F2BBCAB36B
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi mauri1974 » 25/02/14 15:05

Comunque il problema permane

questo link mi appare spesso

http://click.dealshark.com/ads-clicktra ... ersion=1.1
mauri1974
Utente Senior
 
Post: 268
Iscritto il: 14/01/10 23:32

Re: pp.developunit.info

Postdi FDACCC » 25/02/14 15:24

I programmi che stiamo usando stanno eliminando via via tutte le infezioni.

Però avrei bisogno della tua collaborazione; perchè quando scrivo:
● posiziona il file scaricato sul Desktop

vuol dire che deve essere sul Desktop, non qui:
c:\users\Otto\Downloads\ComboFix.exe

Altrimenti, se dovessi eseguire uno script, non ne avrei la possibilità e ci toccherebbe fare tutto da capo.

Cosa contiene questa cartella?
c:\programdata\savingtuoyou

Cancella questa cartella:
c:\programdata\paceidfaiinlplbgaehedekgkcefpnhn

Riavvia il PC, e dimmi che problema riscontri ora.
Prova anche a cambiare browser (internet explorer, google chrome) e vedi se il problema persiste.
FDACCC
Utente Senior
 
Post: 170
Iscritto il: 20/12/13 10:16

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "pp.developunit.info":

Network cell INfo lite
Autore: nikita75
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 39 ospiti