Problema Con Mysearc...

[Giusto]

Ieri ad un certo punto apro Internet ed al posto di Google esce My searchresults irrimovibile

Ho eseguito la procedura

- CCleaner

- Combofix

- Malwarebyte

- Advanced Systemcare

- Hijackthis

Uso Windows 7 64 bit.

Ecco il report di Hijackthis:

hijackthis.log

Se necessita ho pure salvato i report di

- Combofix

- - mbam log

Aspetto le vostre osservazioni.

Grazie.

[Mr 4011]

Ciao Giusto

Scarica OTL By OldTimer: http://oldtimer.geekstogo.com/OTL.exe

● posiziona il tool scaricato sul Desktop

● doppio click sull'icona del programma per avviarlo

● metti il segno di spunta a Scan All Users

● clicca sul bottone Quick Scan

● attendi pazientemente la fine della scansione

● alla fine della scansione, verranno generati 2 logs: allegali

OTListIt.txt (aperto)

Extra.txt (minimizzato)

Scarica aswMBR.exe

e salvalo sul tuo desktop.

• Doppio click suaswMBR.exe per avviare il tool. (Vista/Windows 7 - click destro, Esegui come amministratore)
  
• Click Scan
  
  • Al termine della scansione clicca su Save log salvalo sul tuo desktop, e postalo nella tua prossima risposta.
    Attenzione: non eseguire nessun fix.
    
  • Noterete anche un altro file creato sul desktop denominatoMBR.dat. Tasto destro del mouse al file e selezionare Invia a> file compresso (zip) . Allega anche il file compresso nella tua prossima risposta .
    

[Giusto]

Ho installato OTL. nel Desktop.

Quando lo apro appare questo:

Purtroppo e' in spagnolo e non so cosa cliccare.

Mi puoi dare una dritta, forse visivamente lo conosci meglio di me.

Porta pazienza.

[Mr 4011]

Metti un segno di spunta su "analizar todos e clicca su "Analisis Minimo"

[Giusto]

Ecco quanto richiesto:

aswMBR.txtExtras.TxtMBR.zipOTL.Txt

Spero sia corretto.

Ciao.

[Mr 4011]

Ciao Giusto

Esegui OTL.exe

• Copia / incolla il seguente testo scritto all'interno della finestra "Anàlisis Personalizado / Còdigo de reparaciòn" nella parte inferiore dell'interfaccia di OTL
  

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [url="http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148[/url]
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = [url="http://dts.search-results.com/sr?src=ieb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2073432957514541&q={searchTerms"]http://dts.search-results.com/sr?src=ieb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2073432957514541&q={searchTerms[/url]}
IE - HKU\S-1-5-21-1521616580-377884854-3422553788-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1521616580-377884854-3422553788-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
CHR - default_search_provider: Web Search ()
CHR - default_search_provider: search_url = [url="http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148[/url]
CHR - homepage: [url="http://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148[/url]
O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No CLSID value found.
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
[CREATERESTOREPOINT]
[Reboot]

• Quindi fare clic sul pulsante Reparar in alto
  
• Lasciare che il programma esegua il fix senza ostacoli.
  
• Verrà creato un log che ho bisogno di vedere nella tua risposta successiva.
  
• Riavviare quando il tool ha finito di lavorare.
  

AdwCleaner

Scarica AdwCleaner by Xplode sul tuo desktop

Chiudere tutti i programmi e le pagine internet aperte.

Fare doppio clic su AdwCleaner.exe per eseguire lo strumento.

Fare clic su Elimina.

Confermare ogni volta con Ok.

Il computer verrà riavviato automaticamente. Un file di testo si aprirà dopo il riavvio.

Si prega di inviare il contenuto di tale file di log nela risposta successiva.

È possibile trovare il file di log anche in C:\AdwCleaner [s1] txt ..

Si prega di non allegare i log, fare copia / incolla del loro contenuto

[Giusto]

Sperodi non avere sbagliato. Ecco i due Log

All processes killed

Error: Unable to interpret <IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmood...cr=1303669148IE">http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmood...B&cr=1303669148[/url]IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...{searchTerms}IE">http://dts.search-results.com/sr?src=ieb&gct=ds&appid=418&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=2073432957514541&q={searchTerms"]http://dts.search-re...&q={searchTerms[/url]}IE - HKU\S-1-5-21-1521616580-377884854-3422553788-1001\..\SearchScopes,Backup.Old.DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}IE - HKU\S-1-5-21-1521616580-377884854-342> in the current context!

Error: Unable to interpret <2553788-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundCHR - default_search_provider: Web Search ()CHR - default_search_provider: search_url = http://start.funmood...r=1303669148CHR">http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmood...B&cr=1303669148[/url]CHR - homepage: http://start.funmood...cr=1303669148O2">http://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148"]http://start.funmood...B&cr=1303669148[/url]O2 - BHO: (no name) - {7F6AFBF1-E065-4627-A2FD-> in the current context!

Error: Unable to interpret <810366367D01} - No CLSID value found.O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not found:Filesipconfig /flushdns /c:Commands[emptytemp][resethosts][start explorer][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11012012_005313

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v2.006 - Fichero creado el 01/11/2012 a 01:35:44

# Actualizado el 30/10/2012 por Xplode

# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuario : User - USER-PC

# Modo de inicio : Normal

# Ejecutado desde : C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DZ0LTCF\AdwCleaner.exe

# Opción [supresión]

***** [servicios] *****

***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files (x86)\Conduit

Carpeta Suprimido : C:\Program Files (x86)\freeTVRadio

Carpeta Suprimido : C:\Program Files (x86)\Funmoods

Carpeta Suprimido : C:\ProgramData\~0

Carpeta Suprimido : C:\ProgramData\Ask

Carpeta Suprimido : C:\ProgramData\Babylon

Carpeta Suprimido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly

Carpeta Suprimido : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Fichero Suprimido : C:\user.js

***** [Registro] *****

Clave Supprimida : HKCU\Software\AppDataLow\Software

Clave Supprimida : HKCU\Software\BabylonToolbar

Clave Supprimida : HKCU\Software\BrowserCompanion

Clave Supprimida : HKCU\Software\Conduit

Clave Supprimida : HKCU\Software\DataMngr_Toolbar

Clave Supprimida : HKCU\Software\DealPly

Clave Supprimida : HKCU\Software\Default Tab

Clave Supprimida : HKCU\Software\DefaultTab

Clave Supprimida : HKCU\Software\freeTVRadio

Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Clave Supprimida : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Clave Supprimida : HKCU\Software\ilivid

Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Clave Supprimida : HKCU\Software\Softonic

Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Clave Supprimida : HKLM\Software\Babylon

Clave Supprimida : HKLM\Software\BabylonToolbar

Clave Supprimida : HKLM\Software\BrowserCompanion

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL

Clave Supprimida : HKLM\SOFTWARE\Classes\Prod.cap

Clave Supprimida : HKLM\Software\Conduit

Clave Supprimida : HKLM\Software\DealPly

Clave Supprimida : HKLM\Software\Default Tab

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dpicnlijpdlebkhpegfenfjpglinfdhm

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}

Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

Clave Supprimida : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Valor Supprimida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerbox@spointer.com]

Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421

Sustituido : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=grupo&chnl=grupo&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByDzytD0EyCyCzz0A0AtDtN0D0Tzu0CtByCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1303669148 --> hxxp://www.google.com

-\\ Google Chrome v [imposible obtener la versión]

*************************

AdwCleaner[s1].txt - [8308 octets] - [01/11/2012 01:35:44]

########## EOF - C:\AdwCleaner[s1].txt - [8368 octets] ##########

Scusa se ho sbagliato ma in queste cose sono proprio una frana.

Grazie per la pazienza.

Buona festa a te e family.

[Mr 4011]

Ciao Giusto

Purtroppo lo script non e' andato a buon fine, il tool che hai scaricato è in spagnolo e i comandi non li ha capiti, ma grazie a Dio AdwCeaner ha lavorato per due

Ora segui le mie direttive

disattivare antivirus e antispyware , in quanto interferiscono con gli strumenti di rimozione

Fare doppio clic su ComboFix.exe e seguire le istruzioni.

Al termine, verrà prodotto un file di testo. Si prega di includere il file C:\ComboFix.txt nella tua prossima risposta per un'ulteriore revisione.

[Giusto]

Ecco il file di Combofix

ComboFix 12-10-30.03 - User 01/11/2012 17:10:39.5.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3583.2280 [GMT 1:00]

Running from: c:\users\User\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\User\Desktop\Internet Explorer.lnk

.

c:\windows\SysWow64\qmgr.dll . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))

.

.

2012-11-01 16:30 . 2012-11-01 16:30 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-01 16:30 . 2012-11-01 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-31 23:53 . 2012-10-31 23:53 -------- d-----w- C:\_OTL

2012-10-31 12:42 . 2012-10-31 12:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-31 12:42 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-30 15:38 . 2012-10-30 15:38 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE430778-D2D7-43D0-BA4C-26E4A6AF0F24}\offreg.dll

2012-10-30 15:31 . 2012-10-30 18:31 -------- d-----w- c:\users\User\AppData\Roaming\DefaultTab

2012-10-30 15:24 . 2012-10-30 15:24 -------- d-----w- c:\program files (x86)\IrfanView

2012-10-30 14:38 . 2004-03-08 23:00 609824 ----a-w- c:\windows\SysWow64\COMCTL32.ocx

2012-10-30 06:56 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE430778-D2D7-43D0-BA4C-26E4A6AF0F24}\mpengine.dll

2012-10-28 17:58 . 2012-10-28 17:58 -------- d-----w- c:\programdata\YTD Video Downloader

2012-10-28 17:58 . 2012-10-28 17:58 -------- d-----w- c:\program files (x86)\GreenTree Applications

2012-10-28 16:15 . 2012-10-28 16:19 -------- d-----w- c:\users\User\AppData\Roaming\vlc

2012-10-28 16:08 . 2012-10-28 16:12 -------- d-----w- c:\users\User\AppData\Local\iLivid

2012-10-28 10:27 . 2012-10-28 10:27 -------- d-----w- C:\FFOutput

2012-10-27 18:35 . 2012-10-31 14:05 -------- d-----w- c:\users\User\AppData\Roaming\Media Player Classic

2012-10-27 18:29 . 2012-10-28 16:55 -------- d-----w- c:\users\User\.DVDslideshowGUI

2012-10-27 18:29 . 2012-10-27 18:29 34936 ----a-w- c:\windows\SysWow64\uninstHelixYUV.exe

2012-10-27 18:29 . 2012-10-27 18:29 -------- d-----w- c:\program files (x86)\GUI for dvdauthor

2012-10-27 18:29 . 2012-10-27 18:29 -------- d-----w- c:\program files (x86)\AvsP

2012-10-27 18:29 . 2012-10-27 18:29 -------- d-----w- c:\program files (x86)\AviSynth 2.5

2012-10-27 18:29 . 2012-10-27 18:29 -------- d-----w- c:\program files (x86)\DVD slideshow GUI

2012-10-26 08:16 . 2012-10-26 08:16 -------- d-----w- c:\users\User\AppData\Roaming\PhraseExpander

2012-10-26 08:15 . 2012-10-26 08:15 -------- d-----w- c:\users\User\AppData\Local\Programs

2012-10-20 12:07 . 2012-10-20 12:07 208256 ----a-w- c:\windows\SysWow64\drivers\PDisk.sys

2012-10-13 14:55 . 2012-10-13 14:55 -------- d-----w- c:\program files (x86)\Premium Booster

2012-10-13 06:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-13 06:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-13 06:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-13 06:51 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-13 06:50 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-13 06:50 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-13 06:50 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-13 06:50 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-13 06:50 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-13 06:50 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-08 17:35 . 2012-10-08 17:35 -------- d-----w- c:\program files (x86)\DriverTuner

2012-10-04 09:36 . 2012-10-04 09:36 -------- d-----w- c:\program files (x86)\Pixarra

2012-10-03 14:30 . 2012-10-03 14:30 -------- d-----w- c:\program files\Zoner

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-31 11:48 . 2011-04-20 13:50 637272 ----a-w- c:\windows\system32\drivers\klif.sys

2012-10-13 07:46 . 2010-11-15 11:12 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 15:26 . 2012-04-04 07:47 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 15:26 . 2012-02-05 10:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-25 14:00 . 2012-09-03 10:07 162490 ----a-w- c:\windows\DP Animation Maker Uninstaller.exe

2012-09-24 13:32 . 2012-09-02 16:27 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-24 13:32 . 2010-11-24 18:39 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-17 10:43 . 2011-02-15 12:46 31301632 ----a-w- c:\windows\SysWow64\common_res.dll

2012-09-12 14:14 . 2012-09-12 14:14 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-09-12 14:14 . 2012-09-12 14:14 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-09-12 14:14 . 2012-09-12 14:14 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-09-12 14:14 . 2012-09-12 14:14 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-09-01 14:13 . 2010-11-25 16:06 1176400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-08-24 11:15 . 2012-09-22 07:10 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 07:10 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 07:10 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 07:10 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 07:10 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 07:10 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 07:11 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 07:10 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 07:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 07:10 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 07:10 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 07:10 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 07:10 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 07:11 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 07:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 07:11 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 07:10 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 07:10 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 07:10 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 07:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 07:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 07:11 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 06:46 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 06:46 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 06:46 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 06:46 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 05:22 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-20 17:38 . 2012-10-13 06:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-22 39408]

"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"AVFX Engine"="c:\creative live! cam\VideoFX\StartFX.exe" [2006-06-09 24576]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-11-29 110592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 SUHDCrypt;SUHDCrypt;c:\windows\system32\Drivers\PDisk.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 136176]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]

R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 136176]

R3 netr7364;Controlador de tarjeta LAN inalámbrica USB RT73 para Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-15 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-12 1026432]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 203264]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 7883264]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 285696]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:27]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 22:00]

.

2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-22 22:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.it/

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\system32\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Agregar al componente Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)

AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1521616580-377884854-3422553788-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1521616580-377884854-3422553788-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-01 17:31:42

ComboFix-quarantined-files.txt 2012-11-01 16:31

ComboFix2.txt 2012-10-31 12:32

.

Pre-Run: 361.207.816.192 bytes libres

Post-Run: 361.155.739.648 bytes libres

.

- - End Of File - - 5535EFE207A2A94796DC72EF42C2D06E

Fatto.

[Mr 4011]

Ciao Giusto

Puoi dirmi come va il tuo pc e se ci sono altri problemi .

[Giusto]

Ora tutto ok.

L'unico problema era "Mysearch ...".

Grazie per l'aiuto.

Un saluto a te ed alla family.

[Mr 4011]

De Nada Giusto