Rinvio del motore a siti non richiesti

[Maestro Yoda]

Salve! Sono circa tre giorni che mi avviene un fenomeno anomalo. Su qualsiasi browser(io ho mozilla,google chrome ed opera)se digito nel motore di ricerca una parola, mi appare come sempre la pagina con l'elenco dei siti; ma se clicco su uno di essi il motore mi rimanda ad altri siti che non c'entrano nulla con quello che avevo cliccato.Se non mi sono spiegato evolete altri dettagli, chiedete pure.Ho fatto un analisi con Spyboot ed ho ripulito un pò ma il fenomeno si ripete.Grazie.

[shel]

ciao hai un reindirizzamento potrebbe essere opera di un malware, fai questa scansione

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[Maestro Yoda]

Ho il rapporto, ma vorrei inviarlo come allegato invveceche come post.Come faccio? Grazie.

[Maestro Yoda]

posto il rapporto.
ComboFix 13-01-15.02 - Andrea 15/01/2013 14:56:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4094.2052 [GMT 1:00]
Eseguito da: c:\users\Andrea\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\OfferBox
c:\program files (x86)\Tor\tor.exe
c:\programdata\ntuser.dat
c:\users\Andrea\AppData\Local\Temp\SASE744.tmp
c:\users\Andrea\AppData\Roaming\cacaoweb
c:\users\Andrea\AppData\Roaming\cacaoweb\errorlog.txt
c:\users\Andrea\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0036D75BFEC8113FD53E22C3A10702AA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating01F08F4D876021AD99746C56B0CADD95.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating024EC902BABED5FD436B39DF82BD8640.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0A77F2719AC9F38E24FC7C0E662D1C9F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0AF6C8BB846532A6B980306C73F8FFC8.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating0E7E8C2F2638B5B308536FF7196AF82B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1A4116EAFA875F9E3894174FAA2F8418.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1AEC305E40707907460EBBAB37729A6F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating1E43CA7CD459A16C1E6E3EA6242F1B9E.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating23CEB95AD004C896811D1450E1395768.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating268027D236812F57B009342EF50DC652.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating28D5C3D5F918A07B0793293F0B7F3B89.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating29834048F7C21C8B866EE02B692DD685.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating2D575B7D790D9BACB044B552F23C193A.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating3669561B8ACBC3C6EB1B3D32F600EA66.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating37BD784C8DED7DD86E886B23BC06533B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating393D25BBF497B8E99AF7CEEDEE5787E5.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating4ACFD27B790A3D7AAE2DD5952E6D1957.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating50D63F991AC0779372DC5C70845162AA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating50E7BDD482EA2B815C753E3CC029C360.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5525E9576F221B9BCE265CED316E6ECA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating56C5C9A53639CEBE3C759E1B8CE72B03.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5B07D65C14C18656E2DF1A31E8D49316.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating5BFEC80921EA9F53F4FCB10489D69DF5.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating6EB6FB192C1F06D2B1A783BA5FB90A37.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating723CAB60E79C6B6C75A0B1CCE8DD5602.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating73CFA045C8D769FF88E3C98764F056A1.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating79A7675438FFF95B32FFBC29F58A2E6C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating79D89BECC397AB73ADEF5B25897F3B49.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating81ED81E4465F92B32E0F64F06752DEFA.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8A466F8B1955C27315CB5BBF16B78724.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8B80C7FEF36BBE74BFFF23E439654A01.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating8DF25129D2B152CEFF1B257CB3FE83CC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating916B786EBE603353A98876727ED9C8A7.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicating9321916BB1C2E3B1355B3ADD8758A00D.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingA32C744892789D2DFA0CB2D5EAED160A.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingA6536F19C9B282A933052E5662DD69AB.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingB2DAD0C95277C432176D859FC36E1CE9.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingB8C154C252E5FAF60D96CA8E047CEC70.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingC37CBE1160FBA849F75467A8AA28822B.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingC6661D4B062D01640201290ECF0F3194.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingD024A28D19C449917B2B2927B6D6204C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingD0E935CFEE6DDA57562CBEE4786714F4.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingDFB7C58130C34E547C7A83471D2DE15F.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE023E0782FF9862C0D694C23A0C873DD.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingE63C0655D4AD268C6A77BCC6E4D4DFAC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingED82881908EA281E90DB3BAC6C1686CD.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingEF683DF2EA090D34635024EBC1264C8C.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingF0A58C919EBADB4770328450E5AAEEA9.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFBB11EF692C045803DBB295D911A9CB8.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFF0D013FE5D2BA9F4E53A982F67AB342.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\replicatingFF33E8D1EE439E1AF1DB2BDBC7A3F1FC.cacao
c:\users\Andrea\AppData\Roaming\cacaoweb\storage.db
c:\users\Andrea\AppData\Roaming\OfferBox
c:\users\Andrea\AppData\Roaming\OfferBox\config.xml
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_tor
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-15 al 2013-01-15 )))))))))))))))))))))))))))))))))))
.
.
2013-01-15 14:13 . 2013-01-15 14:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\users\Andrea\AppData\Roaming\Malwarebytes
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\programdata\Malwarebytes
2013-01-14 19:37 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-14 19:37 . 2013-01-14 19:37 -------- d-----w- c:\users\Andrea\AppData\Local\Programs
2013-01-14 15:39 . 2013-01-14 15:39 388096 ----a-r- c:\users\Andrea\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-14 15:39 . 2013-01-14 15:39 -------- d-----w- c:\program files (x86)\Trend Micro
2013-01-13 13:27 . 2012-12-13 10:49 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2013-01-13 11:20 . 2013-01-13 11:20 -------- d-----w- c:\users\Andrea\AppData\Roaming\SUPERAntiSpyware.com
2013-01-13 09:02 . 2013-01-13 09:02 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-01-13 00:24 . 2013-01-13 08:58 -------- d-----w- c:\programdata\SecTaskMan
2013-01-12 16:05 . 2013-01-12 16:05 126976 --sha-r- c:\windows\SysWow64\schedclip.dll
2013-01-12 15:39 . 2013-01-12 15:39 -------- d-----w- c:\users\Andrea\AppData\Roaming\desksware
2013-01-09 12:53 . 2013-01-09 21:43 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 13:50 . 2012-03-31 17:44 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 13:50 . 2011-05-19 16:50 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 07:20 . 2011-01-15 16:39 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 17:24 . 2012-12-06 06:19 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{62B768F3-CEFE-4A69-A35F-0244795347F1}\mpengine.dll
2012-10-30 22:50 . 2012-01-31 02:29 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-18 18:25 . 2012-11-14 07:16 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-20 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-07-17 319488]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-13 08:52 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:50]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 11:25]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 11:25]
.
2013-01-15 c:\windows\Tasks\IVYHTNJ.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 06&sr=0&q=
FF - ExtSQL: 2012-11-24 19:45; {5ddeb737-082c-48fb-8c06-aa4b38d61e5f}; c:\program files (x86)\Mozilla Firefox\extensions\{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
FF - ExtSQL: 2013-01-13 14:27; donottrack@checkpoint.com; c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\70m1lu9u.default\extensions\donottrack@checkpoint.com
FF - ExtSQL: 2013-01-13 14:27; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-01-13 21:06; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_de ... 020069a&q=
FF - user.js: extensions.BabylonToolbar.id - 5e931fa900000000000020cf3020069a
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15668
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.819:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbi ... sId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?src= ... &Lan=it&q={searchTerms}&gu=e27bd25cb76d43058cb6c6432967c3d7&tu=10G9000665B000c&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbi ... sId=&ver=&
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src= ... e2013&Lan={dfltLng}&gu=e27bd25cb76d43058cb6c6432967c3d7&tu=10G9000665B000c&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 5e931fa900000000000020cf3020069a
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15718
FF - user.js: extensions.zonealarm.vrsn - 1.8.3.16
FF - user.js: extensions.zonealarm.vrsni - 1.8.3.16
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.8.3.1614:24
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN116378072107920-1001
FF - user.js: extensions.zonealarm.dfltLng - it
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{CAC42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files (x86)\BitAccelerator\BitAccelerator.dll
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Andrea\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
Toolbar-10 - (no file)
WebBrowser-{4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - (no file)
AddRemove-ZoneAlarm Free Antivirus + Firewall - c:\program files (x86)\CheckPoint\Install\Install.exe
AddRemove-FLV Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
c:\program files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Ora fine scansione: 2013-01-15 15:40:06 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-01-15 14:40
.
Pre-Run: 857.651.056.640 byte disponibili
Post-Run: 857.621.401.600 byte disponibili
.
- - End Of File - - 321154FCB5AF55C4F73BF5565EB43582

[shel]

combofix ha eliminato molte infezioni presenti, ora fai queste due scansioni

scarica adwcleaner clicca su delete e allega il log

scarica OTL
Metti la spunta su SCAN ALL USERS.
Sotto output spunta minimal output
Clicca sulla freccettina di File Age e seleziona 60 Days
Metti la spunta a LOP Check and Purity Check.
A fine scansione OTL produrrà due file di log (OTL.txt ed Extras.txt)

i log vanno allegati non copiati

[Maestro Yoda]

Si, mi poteyte cortesemente spiegare come allegarli?Grazie.

[shel]

vai qui = > http://www.wikisend.com clicca su sfoglia selezioni il file clicchi su upload e incolli il primo link

[Maestro Yoda]

extras.txt
OTL.txt
[url=http://wikisend.com/download/434766/AdwCleaner[R4].txt]AdwCleaner[R4].txt[/url]

[Maestro Yoda]

http://wikisend.com/download/434766/AdwCleaner[R4].txt

[Maestro Yoda]

Ho seguito le istruzioni.Se qualcosa non va ditemelo pure.Grazie per l'aiuto.

[shel]

nel log non vedo altre infezioni

apri otl e clicca cleanup rimuoverai combofix e lo stesso otl

segui la procedura di pulizia >>> disattiva e riattiva il ripristino fai pulizia dei file temp con ccleaner
Importante:
In fase d’installazione togli la spunta altrimenti viene installata Yahoo Tollbar.
Avvialo e clicca su:
- Opzioni Avanzate
Togli la spunta da:
- Elimina file solo se più vecchi di 48 ore
Clicca i tasti:
- Pulizia (il primo in alto a Sinistra)
- Analizza ( Pulsante in basso Centrale)
- Avvia Pulizia (Pulsante in basso a Destra)

Correzione errori File di Registro
CCleaner
Clicca i tasti:
- Registro (Secondo tasto in alto a Sinistra)
- Trova Problemi (Pulsante in basso Centrale)
- Ripara selezionati Pulsante in basso a Destra
- alla domanda:
- Vuoi eseguire il Backup delle modifiche del Registro”
- clicca:
- SI

ScaricaATF-Cleaner
(Non richiede installazione)
Spunta la voce:
- Select all
Premi il tasto:
- Empty Select

[Maestro Yoda]

Prima che tu mi rispondessi ho instalato una versione di Kaspersky, dopo aver disintallato OTL e combofix con revounistaller.Doppo la scansione ho effettuato rpove e sembra tutto a posto.Consigli lo stesso cclianer e ATF cleaner?

[shel]

usa ccleaner e atf cleaner per pulire il sistema, lascia gli altri

per rimuovere combofix e otl e' esagerato usare un programma come revounisteller

[Maestro Yoda]

Eseguito come da tue istruzioni.Sembrerebbe tutto a posto.Molte grazie del prezioso aiuto.