schede che si aprono in continiazione con tutti i browser

**filippo2480** · 29-12-2014, 20:43

Innanzitutto mi scuso con tutti gli utenti e con gli amministratori per aver aperto un altro post, ma il titolo del precedente poteva ingannare gli utenti e quindi ne ho aperto uno nuovo. scusatemi ancora.
allora: mi si aprono in continuazione schede pubblicitarie mentre navigo (con qualsiasi browser). le ho tentate tutte, ma proprio TUTTE e poi ho seguito scrupolosamente la GUIDA RIMOZIONE MALWARE, ma senza successo. Di conseguenza posterò il log di HJT. Ecco il log. Vi ringrazio in anticipo per gli aiuti.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:29:32, on 29/12/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)

FIREFOX: 34.0.5 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\LSM\lsm.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\skydrive.exe
C:\Program Files\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_ x86__8wekyb3d8bbwe\glcnd.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\salvatore\Downloads\HijackThis.exe
C:\Program Files\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe
O4 - HKLM\..\Run: [RtkNGUI] "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
O4 - HKLM\..\Run: [AnyProtect Tray] "C:\Program Files\AnyProtectEx\AnyProtectTrayIcon.exe"
O4 - HKLM\..\RunOnce: [Raptor] "C:\Program Files\McAfee\Raptor\Raptor.exe" --run
O4 - HKCU\..\Run: [uTorrent] "C:\Users\salvatore\AppData\Roaming\uTorrent\uTorr ent.exe" /MINIMIZED
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_6C6FEA9BA44FF914411C8B506E8 74C2C] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: ASUS HID Access Service (AsHidService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.e xe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files\LSM\aus.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @oem29.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Broadcom Corporation. - C:\Windows\system32\BtwRSupportService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: @oem72.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DI SPLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Intel Corporation - C:\Windows\system32\DptfParticipantProcessorServic e.exe
O23 - Service: @oem72.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DIS PLAY_NAME%;Intel(R) Dynamic Platform & Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Intel Corporation - C:\Windows\system32\DptfPolicyCriticalService.exe
O23 - Service: @oem72.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_ NAME%;Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Intel Corporation - C:\Windows\system32\DptfPolicyLpmService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: Log Session Manager (Log S.M.) - MS - C:\Program Files\LSM\lsm.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 7960 bytes

**SkinBonno** · 29-12-2014, 21:24

Scarica Adwcleaner , avvialo, premi prima su Scan e attendi, ripeti la procedura cliccando su Clean e attendi la fine dell'operazione.
Posta il log generato.

**filippo2480** · 30-12-2014, 14:24

grazie per l'interesse. ecco il log:

# AdwCleaner v4.106 - Rapporto creato 29/12/2014 in 19:21:28
# Aggiornato 21/12/2014 di Xplode
# Database : 2014-12-28.1 [Live]
# Sistema operativo : Windows 8.1 (32 bits)
# Nome utente : salvatore - PC-SALVO-LAVORO
# In esecuzione da : C:\Users\salvatore\Downloads\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\3a7cb6b9f1e5434e
Cartella Eliminato : C:\Program Files\AnyProtectEx
Cartella Eliminato : C:\Program Files\globalUpdate
Cartella Eliminato : C:\Program Files\predm
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\Administrator\AppData\Local\torch
Cartella Eliminato : C:\Users\Guest\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\Guest\AppData\Local\torch
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\torch
Cartella Eliminato : C:\Users\salvatore\AppData\Local\Chromatic Browser
Cartella Eliminato : C:\Users\salvatore\AppData\Local\globalUpdate
Cartella Eliminato : C:\Users\salvatore\AppData\Local\torch
Cartella Eliminato : C:\Users\salvatore\AppData\Roaming\Systweak
Cartella Eliminato : C:\Users\salvatore\AppData\Roaming\WebExtend
Cartella Eliminato : C:\Users\salvatore\AppData\Roaming\Mozilla\Firefox \Profiles\f776tnf1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Google\Chrome \User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrom e\User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\salvatore\AppData\Local\Comodo\Dragon\Use r Data\Default\Extensions\aaipilfmheplbcghignccoiieb ekkdhe
Cartella Eliminato : C:\Users\Administrator\AppData\Local\Comodo\Dragon \User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\HomeGroupUser$\AppData\Local\Comodo\Drago n\User Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
Cartella Eliminato : C:\Users\salvatore\AppData\Local\Comodo\Dragon\Use r Data\Default\Extensions\defecceidmmapigenhiaecoooe cmpffc
File Eliminato : C:\Users\salvatore\AppData\Roaming\aps.uninstall.s can.results
File Eliminato : C:\Users\salvatore\AppData\Roaming\Mozilla\Firefox \Profiles\f776tnf1.default\user.js

***** [ Compiti ] *****

Compito Eliminati : APSnotifierPP1
Compito Eliminati : APSnotifierPP2
Compito Eliminati : APSnotifierPP3

***** [ Collegamenti ] *****

***** [ Registro ] *****

Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r
Chiave Eliminati : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManage r.1
Valore Eliminati : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [AnyProtect Scanner]
Chiave Eliminati : HKCU\Software\Mozilla\Extends
Chiave Eliminati : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Eliminati : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Eliminati : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Eliminati : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chiave Eliminati : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chiave Eliminati : HKCU\Software\AnyProtect
Chiave Eliminati : HKCU\Software\Fabulous
Chiave Eliminati : HKCU\Software\GlobalUpdate
Chiave Eliminati : HKCU\Software\PennyBee
Chiave Eliminati : HKCU\Software\systweak
Chiave Eliminati : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminati : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Chiave Eliminati : HKLM\SOFTWARE\GlobalUpdate
Chiave Eliminati : HKLM\SOFTWARE\InstallCore
Chiave Eliminati : HKLM\SOFTWARE\systweak
Chiave Eliminati : HKLM\SOFTWARE\Tutorials

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v34.0.5 (x86 it)

[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1QzuyEtBtCyC yB0EzytC0FzyzztB0C0CtCtDtN0D0Tzu0StCtDtAzztN1L2Xzu tAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD[...]
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1QzuyEtBtCyC yB0EzytC0FzyzztB0C0CtCtDtN0D0Tzu0StCtDtAzztN1L2Xzu tAtFyCtFtDtFtAtN1L1CzutCyEtBzytD[...]
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_ir_14_45_ff&cd=2XzuyEtN2Y1L1QzuyEtBtCyC yB0EzytC0FzyzztB0C0CtCtDtN0D0Tzu0StCtDtAzztN1L2Xzu tAtFyCtFtDtFtAtN1L1CzutCyEtBzy[...]
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.htdKRpqw.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sumorob[...]
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.quick_start.enable_search1", false);
[f776tnf1.default\prefs.js] - Riga eliminata : user_pref("extensions.quick_start.sd.closeWindowWi thLastTab_prev_state", false);

-\\ Google Chrome v39.0.2171.95

-\\ Comodo Dragon v

*************************

AdwCleaner[R0].txt - [6739 octets] - [29/12/2014 19:14:47]
AdwCleaner[S0].txt - [6777 octets] - [29/12/2014 19:21:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6837 octets] ##########

**SkinBonno** · 30-12-2014, 22:39

bene, una bella parte di schifezze è stata rimossa.
ti si presenta ancora il problema?

**filippo2480** · 31-12-2014, 07:25

Purtroppo si...e nn so cos'altro fare..

**SkinBonno** · 31-12-2014, 13:55

Malwarebytes l'hai già eseguito seguendo la guida, giusto?
Andiamo un po' più a fondo

Scarica CCleaner , eseguilo.
In fase di installazione togli la spunta alla casella della yahoo toolbar, non installarla.
Ripulisci i file e ripara eventuali problemi al registro.

Scarica Combofix usando Internet Explorer e salvalo sul desktop. Quando lo salvi, rinominalo in abc.exe. Disconnettiti da internet, disattiva l'antivirus. Avvia Combofix (abc.exe) e attendi la fine della scansione.
Non eseguire nessuna operazione mentre Combofix analizza il pc, non muovere nemmeno il mouse, potresti bloccare la scansione.
Finita la scansione il pc si dovrebbe riavviare e in C: dovresti avere un rapporto Combofix.txt. Carica questo rapporto su Wikisend e riporta sul forum il link che otterrai.

N.B. Nel caso non riesci a fare partire combofix, da start-->esegui copia e incolla questa riga di comando comprese le virgolette e dai invio:

"%userprofile%\desktop\abc.exe" /killall

La scansione dovrebbe partire in automatico.

**filippo2480** · 02-01-2015, 10:56

Provato tutto ma senza risultati. Alla fine ho ripristinato il Pc. Grazie comunque a tutti

**SkinBonno** · 03-01-2015, 01:20

Originariamente inviata da filippo2480

Provato tutto ma senza risultati. Alla fine ho ripristinato il Pc. Grazie comunque a tutti

ovviamente senza risultati, se non dai modo di finire le operazioni di pulizia. comunque buon per te

Discussione: schede che si aprono in continiazione con tutti i browser

Strumenti discussione

Ricerca discussione

Visualizza

schede che si aprono in continiazione con tutti i browser

Permessi di invio