Olimpo Informatico

[Symptom77]

Salve a tutti, mi chiamo cristiano, ho eseguito alla lettera le istruzioni passo passo per eliminare i fastidiosi pop up, qui in allegato vi allego i log report, che fare dopo?
La conversazione di partenza è questa http://forum.zeusnews.com/viewtopic.php?t=65236

Log reports:
.txt]AdwCleaner[S0].txt

Extras.Txt

JRT.txt

Malwarebytes.txt

OTL.Txt

[R16]

Ciao Cristiano.
Hai un'infezione al router, o nella scheda di rete.
Le pagine pubblicitarie sono riconducibili a "AdultCameras.inf" ?
Le pagine sono del tipo pornografiche?

Segui queste indicazioni:
Fai:
Start e digita CMD nel campo di ricerca e poi clicca Invio.
Compare l'icona del Prompt dei comandi.
Clicca con il tasto destro sopra l'icona e scegli "Esegui come Amministratore".
Si apre una schermata nera.
Digita nslookup e clicca Invio
Posta qui le scritte del risultato.

Per cortesia rispondi alle domande che ho postato.

[Symptom77]

Ciao R16, allora
niente adultcamera.inf, le pagine sono di pubblicita porno ma anche pubblcita di videogiochi o generiche.
ho eseguito le tue istruzioni e mi dice:

Server predefintio:unknown
Address: 195.238.181.164

[R16]

Ciao.
Hai il router infetto da un IP ucraino.
Si deve resettare il router alle impostazioni di fabbrica.
Di solito c'è un pulsantino sul retro del router, da tenere premuto con un qualcosa di appuntito: una penna biro, uno stuzzicadenti, o altro.

Cambia anche la password del router.

Poi:

Scarica FRST sul desktop: (è obligatorio)

Installa la versione adatta al tuo Sistema Operativo (32 bit oppure 64 bit )

link

Avvialo e clicca Esegui.

Sulla finestra che ti compare clicca SI.

Clicca Scan.

Aspetta pazientemente la fine della scansione.

Posta i 2 log log che rilascia sul desktop (FRST.txt e Addition.txt)

[Symptom77]

Ps ora mi accorgo che i pop up sono di adult.info si...

[R16]

Esegui lo stesso le indicazioni scritte.

Poi esegui queste indicazioni alla lettera:

Scarica questo file .reg sul desktop:

link

Fai doppio clic dhcp.reg e rispondi Sì alle richieste.
Dovresti ricevere un messaggio di successo.

Se non compare significa che qualcosa è andato storto.

Riavvia il pc. (è importante)


Per ultimo:

Scarica SystemLook:

link (per S.O a 32 bit)

link (per S.O a 64 bit)

Doppio clic su SystemLook.exe per avviarlo
Copia il seguente codice nella schermata principale

[Symptom77]

Log FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by utente (administrator) on PC on 20-02-2015 19:12:05
Running from C:\Users\utente\Downloads
Loaded Profiles: utente (Available profiles: utente)
Platform: Windows 8.1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Google\Update\Install\{5F63AE85-C69B-414D-BC60-84F431DB61FF}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\setup.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1068435704-4054283964-3984961076-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.it/", "hxxp://www.repubblica.it/"
CHR Profile: C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-15]
CHR Extension: (Google Docs) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-15]
CHR Extension: (Google Drive) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-15]
CHR Extension: (YouTube) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-15]
CHR Extension: (Google Search) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-15]
CHR Extension: (Google Sheets) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-15]
CHR Extension: (Pin It Button) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-02-13]
CHR Extension: (Google Wallet) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-15]
CHR Extension: (Gmail) - C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-15] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
R3 BlueletAudio; C:\Windows\system32\DRIVERS\blueletaudio.sys [38160 2007-05-11] (IVT Corporation.)
R3 BlueletSCOAudio; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [37648 2007-03-05] (IVT Corporation.)
R3 BT; C:\Windows\system32\DRIVERS\btnetdrv.sys [25360 2007-03-05] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [44688 2007-05-09] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidEnum; C:\Windows\SysWOW64\Drivers\vbtenum.sys [24976 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R0 BTHidMgr; C:\Windows\SysWOW64\Drivers\BTHidMgr.sys [49680 2007-03-05] (IVT Corporation.)
R3 VComm; C:\Windows\system32\DRIVERS\VComm.sys [47120 2007-03-05] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [63248 2007-03-05] (IVT Corporation.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-25] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 19:12 - 2015-02-20 19:12 - 00009577 _____ () C:\Users\utente\Downloads\FRST.txt
2015-02-20 19:12 - 2015-02-20 19:12 - 00000000 ____D () C:\FRST
2015-02-20 19:11 - 2015-02-20 19:11 - 02086912 _____ (Farbar) C:\Users\utente\Downloads\FRST64.exe
2015-02-19 16:42 - 2015-02-19 16:43 - 00046700 _____ () C:\Users\utente\Downloads\Extras.Txt
2015-02-19 16:42 - 2015-02-19 16:42 - 00213586 _____ () C:\Users\utente\Downloads\OTL.Txt
2015-02-19 16:33 - 2015-02-19 16:33 - 00602112 _____ (OldTimer Tools) C:\Users\utente\Downloads\OTL.exe
2015-02-19 16:32 - 2015-02-19 16:32 - 00000615 _____ () C:\Users\utente\Downloads\JRT.txt
2015-02-19 16:28 - 2015-02-19 16:29 - 01388274 _____ (Thisisu) C:\Users\utente\Downloads\JRT.exe
2015-02-19 16:26 - 2015-02-19 16:26 - 00004105 _____ () C:\Users\utente\Downloads\AdwCleaner[S0].txt
2015-02-19 16:22 - 2015-02-19 16:23 - 00000000 ____D () C:\AdwCleaner
2015-02-19 16:19 - 2015-02-19 16:19 - 02126848 _____ () C:\Users\utente\Downloads\adwcleaner_4.111.exe
2015-02-19 16:19 - 2015-02-19 16:19 - 00027156 _____ () C:\Users\utente\Downloads\Malwarebytes.txt
2015-02-19 16:03 - 2015-02-19 16:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-19 16:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-02-19 16:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-02-19 16:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-19 13:01 - 2015-02-19 13:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\utente\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-18 16:40 - 2015-02-18 16:40 - 00006191 _____ () C:\Users\utente\Desktop\Giallo - Tracklist.txt
2015-02-18 14:30 - 2015-02-18 14:30 - 00000000 ____D () C:\Users\utente\Downloads\provini violenti 4 blocchi
2015-02-12 22:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 22:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 14:43 - 2015-02-12 14:58 - 00000000 ____D () C:\Users\utente\Desktop\Apollo Beat - Stereofonie Moderne (2015)
2015-02-12 01:17 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-12 01:17 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-12 01:17 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-12 01:17 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-12 01:17 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-12 01:17 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-12 01:17 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-12 01:17 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-12 01:17 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-12 01:16 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-12 01:16 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-12 01:11 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-12 01:11 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-12 01:11 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-12 01:11 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-12 01:11 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-12 01:11 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-12 01:11 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-12 01:11 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-12 01:11 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-12 01:11 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-12 01:11 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-12 01:11 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-12 01:11 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-12 01:11 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-12 01:11 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-12 01:11 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-12 01:08 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-12 01:08 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-12 01:08 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-12 01:08 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-12 01:08 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-12 01:08 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-12 01:08 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-12 01:08 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-12 01:08 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-12 01:08 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-12 01:08 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-12 01:08 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-12 01:08 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-12 01:08 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-12 01:08 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-12 01:08 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-12 01:08 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-12 01:08 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-12 01:08 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-12 01:08 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-12 01:08 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-12 01:08 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-12 01:08 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-12 01:08 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-12 01:08 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-12 01:08 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-12 01:08 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-12 01:08 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-12 01:08 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-12 01:08 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-12 01:08 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-12 01:08 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-12 01:08 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-12 01:08 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-12 01:08 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-12 01:08 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-12 01:05 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-12 01:05 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-12 01:05 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-12 01:05 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-12 01:05 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-12 01:05 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-12 01:05 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-12 01:05 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-04 12:36 - 2015-02-20 11:50 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-04 12:36 - 2015-02-04 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-04 12:35 - 2015-02-20 18:46 - 00001164 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 12:35 - 2015-02-20 12:46 - 00001160 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 12:35 - 2015-02-04 12:41 - 00004136 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:35 - 2015-02-04 12:41 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 12:34 - 2015-02-04 12:35 - 00000000 ____D () C:\Users\utente\AppData\Local\Deployment
2015-02-04 12:34 - 2015-02-04 12:34 - 00000000 ____D () C:\Users\utente\AppData\Local\Apps\2.0
2015-02-04 12:07 - 2015-02-04 12:07 - 00542224 _____ () C:\Users\utente\Downloads\Fabio Frizzi - Blastfighter,1984 & Massacre In Dinosaur Valley,1985 DATAGLIARE.mp3.sfk
2015-01-30 19:38 - 2015-01-30 19:58 - 00000000 ____D () C:\Users\utente\Documents\Bluetooth
2015-01-30 19:38 - 2015-01-30 19:38 - 00000000 ____D () C:\ProgramData\Bluetooth
2015-01-30 19:37 - 2015-01-30 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IVT BlueSoleil
2015-01-30 19:37 - 2007-05-11 03:12 - 00038160 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\blueletaudio.sys
2015-01-30 19:37 - 2007-05-09 02:00 - 00044688 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\btcusb.sys
2015-01-30 19:37 - 2007-05-09 02:00 - 00016144 _____ (IVT Corporation.) C:\WINDOWS\system32\btinstall.dll
2015-01-30 19:37 - 2007-03-05 05:48 - 00037648 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\BlueletSCOAudio.sys
2015-01-30 19:37 - 2007-03-05 05:47 - 00025360 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\BtNetDrv.sys
2015-01-30 19:37 - 2007-03-05 05:44 - 00023184 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\VHIDMini.sys
2015-01-30 19:37 - 2007-03-05 05:42 - 00049680 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
2015-01-30 19:37 - 2007-03-05 05:41 - 00024976 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\VBTEnum.sys
2015-01-30 19:37 - 2007-03-05 05:39 - 00063248 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\VcommMgr.sys
2015-01-30 19:37 - 2007-03-05 05:38 - 00047120 _____ (IVT Corporation.) C:\WINDOWS\system32\Drivers\VComm.sys
2015-01-30 19:37 - 2006-10-09 00:29 - 00032832 _____ () C:\WINDOWS\system32\Drivers\BTNetFilter.sys
2015-01-30 19:35 - 2015-01-30 19:37 - 00000032 _____ () C:\WINDOWS\0
2015-01-30 19:35 - 2015-01-30 19:35 - 00000000 ____D () C:\Program Files (x86)\IVT Corporation
2015-01-30 19:35 - 2015-01-30 19:35 - 00000000 _____ () C:\WINDOWS\SysWOW64\0
2015-01-28 23:34 - 2015-01-28 23:34 - 00000000 ____D () C:\Users\utente\aTubeCatcher
2015-01-27 03:14 - 2015-01-27 03:14 - 00000000 ____D () C:\Users\utente\AppData\Roaming\MPC-HC
2015-01-25 21:15 - 2015-01-25 21:15 - 00000024 _____ () C:\WINDOWS\582DC1EBF3601502.log
2015-01-24 15:55 - 2015-01-24 15:58 - 16669699 _____ () C:\Users\utente\Desktop\Untitled.wmv
2015-01-24 15:31 - 2015-01-28 23:46 - 00000000 ____D () C:\Users\utente\Desktop\New VISUALS
2015-01-23 11:04 - 2015-01-23 11:04 - 00000000 _____ () C:\Users\utente\AppData\Local\{12682808-C6EB-4F78-BC1D-C109E13F14C8}
2015-01-22 11:59 - 2015-01-22 11:59 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-20 17:45 - 2014-12-26 16:00 - 00003926 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9A9E66D8-17BF-45A9-8AC9-7E0C1BA1071B}
2015-02-20 17:45 - 2014-12-25 19:32 - 01905217 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 17:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 15:35 - 2014-12-17 22:19 - 00000000 ____D () C:\Users\utente\Downloads\Xxx
2015-02-20 13:21 - 2014-12-15 12:48 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1068435704-4054283964-3984961076-1001
2015-02-19 16:25 - 2014-12-25 19:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-19 16:25 - 2014-09-24 06:56 - 00013746 _____ () C:\WINDOWS\PFRO.log
2015-02-19 16:25 - 2013-08-22 15:46 - 00293689 _____ () C:\WINDOWS\setupact.log
2015-02-19 16:25 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-19 16:25 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-19 15:57 - 2015-01-14 16:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-19 15:57 - 2014-12-12 18:04 - 00000000 ____D () C:\Users\utente\AppData\Roaming\Adobe
2015-02-19 11:58 - 2014-12-15 12:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-19 01:23 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-18 14:34 - 2014-09-24 16:06 - 01813012 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-18 14:34 - 2014-09-24 15:33 - 00802322 _____ () C:\WINDOWS\system32\perfh010.dat
2015-02-18 14:34 - 2014-09-24 15:33 - 00156482 _____ () C:\WINDOWS\system32\perfc010.dat
2015-02-12 22:33 - 2014-12-25 19:39 - 00000000 ____D () C:\Users\utente
2015-02-12 22:27 - 2014-12-15 17:34 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 22:26 - 2014-12-15 17:34 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 22:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 15:07 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 09:56 - 2013-08-22 15:44 - 00453592 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-12 09:53 - 2014-12-16 11:57 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 09:53 - 2014-09-24 17:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-04 12:36 - 2014-12-15 12:48 - 00000000 ____D () C:\Program Files (x86)\Google
2015-02-03 20:31 - 2014-09-24 17:37 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-09-24 17:37 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-29 17:05 - 2014-12-17 22:19 - 00000000 ____D () C:\Users\utente\Downloads\cml 182
2015-01-26 16:36 - 2014-12-17 22:19 - 00000000 ____D () C:\Users\utente\Downloads\Project C - El Fiesto 2014-15
2015-01-25 21:34 - 2014-12-15 12:55 - 00000000 ____D () C:\Users\utente\AppData\Local\Avg2015
2015-01-25 21:27 - 2014-12-15 12:59 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-25 21:27 - 2014-12-15 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-25 21:25 - 2014-12-21 20:58 - 00000000 ____D () C:\Users\utente\Desktop\Full Movies
2015-01-25 21:15 - 2015-01-05 00:42 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2015-01-25 21:06 - 2015-01-05 00:44 - 00000040 ___SH () C:\ProgramData\.zreglib

==================== Files in the root of some directories =======

2015-01-23 11:04 - 2015-01-23 11:04 - 0000000 _____ () C:\Users\utente\AppData\Local\{12682808-C6EB-4F78-BC1D-C109E13F14C8}
2015-01-05 00:44 - 2015-01-25 21:06 - 0000040 ___SH () C:\ProgramData\.zreglib

Some content of TEMP:
====================
C:\Users\utente\AppData\Local\Temp\Quarantine.exe
C:\Users\utente\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-19 17:08


Log SystemLook
SystemLook 30.07.11 by jpshortstuff
Log created at 19:27 on 20/02/2015 by utente
Administrator - Elevation successful

========== filefind ==========

Searching for "*adult* "
C:\Cristiano\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\images\Hotels\adults.png --a---- 1083 bytes [10:00 26/07/2012] [09:59 26/07/2012] 926AE8CD73D6FE2F21C0EAC96882027B
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultcameras.info_0.localstorage --a---- 1978368 bytes [11:47 31/01/2015] [18:24 20/02/2015] F1EE7AE157C942BBF38CE3E2D0E08026
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultcameras.info_0.localstorage-journal --a---- 12896 bytes [11:47 31/01/2015] [18:24 20/02/2015] 8207D725E490A6D4B2DA5DB8507163EB
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultyum.com_0.localstorage --a---- 3072 bytes [15:57 17/02/2015] [08:24 18/02/2015] B464E1E967E541A820EA674C4EA0F39E
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultyum.com_0.localstorage-journal --a---- 3608 bytes [15:57 17/02/2015] [08:24 18/02/2015] 063D76833B28CB65FCCAB600AD1E4958
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultyum.info_0.localstorage --a---- 5120 bytes [10:25 16/02/2015] [00:54 20/02/2015] 7815754549397EDC8DB5959570E64CD5
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultyum.info_0.localstorage-journal --a---- 3608 bytes [10:25 16/02/2015] [00:54 20/02/2015] 6F932766C69200A1745ADA92F6C16613

Searching for "*adultcameras* "
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultcameras.info_0.localstorage --a---- 1978368 bytes [11:47 31/01/2015] [18:24 20/02/2015] F1EE7AE157C942BBF38CE3E2D0E08026
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adultcameras.info_0.localstorage-journal --a---- 12896 bytes [11:47 31/01/2015] [18:24 20/02/2015] 8207D725E490A6D4B2DA5DB8507163EB

========== folderfind ==========

Searching for "*adult* "
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_adultcameras.info_0.indexeddb.leveldb d------ [16:57 29/01/2015]

Searching for "*adultcameras* "
C:\Users\utente\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\http_adultcameras.info_0.indexeddb.leveldb d------ [16:57 29/01/2015]

========== regfind ==========

Searching for "adult "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\20b37283]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\611b5aa0]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1068435704-4054283964-3984961076-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\20b37283]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1068435704-4054283964-3984961076-1001\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\611b5aa0]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1068435704-4054283964-3984961076-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\20b37283]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"
[HKEY_USERS\S-1-5-21-1068435704-4054283964-3984961076-1001_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsApp%5CWindows.UI.SettingsApp.pri\1d0207052db4a7c\611b5aa0]
"@{windows?ms-resource://Windows.UI.SettingsApp/SearchResources/SystemSettings_Search_SafeSearch/Keywords}"="adulto adulti;pulito;pornografia;adult adults;clean cleans;porn"

Searching for "adultcameras - See more at: http://forum.zeusnews.com/viewtopic.php?t=67636#sthash.sQXVpumJ.dpuf"
No data found.

-= EOF =-

[R16]

Ciao.
Ti avevo chiesto di scaricare FRST sul DESKTOP.
E invece lo hai scaricato nella cartella Downloads
C:\Users\utente\Downloads
Penso di non chiedere molto......solo di eseguire alla lettera le indicazioni che indico, con un pò di attenzione.
Questo velocizzerà la soluzione del problema.
Vai nella cartella Downloads e clicca con il tasto destro sopra l'icona di FRST e scegli "Taglia".
Poi vai nel desktop, e su un punto vuoto, clicca con il tasto destro e scegli "Incolla".

Se vuoi salva i preferiti di Chrome, e disinstallalo completamente.
link
Ricorda (è importante) di selezionare la casella: "Elimina anche i tuoi dati di navigazione".
Finita la disinstallazione,fai una pulizia con CCleaner, compreso il registro.

Riavvia il pc.

Per il momento, NON reistallare Chrome, lo faremo alla fine.
Usa temporaneamente un'altro browser.

Avvia SystemLook.

Copia il seguente codice nella schermata principale

[Symptom77]

SystemLook.txt

[R16]

Buono.
Riscontri problemi pubblicitari?

[Symptom77]

ora sto usando Explorer, che faccio rinstallo chrome? Per ora no

[Symptom77]

Per ora no, sto usando Explorer, posso installare Chrome?

[R16]

Installa Chrome. (dal sito ufficiale)
link
Testa il pc e dimmi se il problema è risolto.

[Symptom77]

Per ora no, ti ringrazio tantissimo sei un grande, ti tengo aggiornato cmq.
Grazie ancora

[R16]

Ciao.
Ho cambiato il titolo del topic con il nome del virus.
Il virus aveva infettato il router, e si era installato sul browser Chrome.

Cestina SystemLook.
Cestina JRT.
Segui questo percorso e elimina la cartella FRST:
C:\FRST
Elimina il file.reg dhcp.reg

Apri OTL e clicca su CleanUP.
Si disinstallerà OTL.
Ti chiederà il riavvio del pc: acconsenti.
Al riavvio fai una pulizia con CCleaner. (registro compreso)
Sempre con CCleaner:
Apri CCleaner.
Clicca su "Strumenti".
Clicca su "Ripristino Sistema"
Seleziona TUTTI i punti di ripristino e poi clicca "Rimuovi".

N.B:
Il punto segnalato in grigio (il primo) non lo puoi eliminare per motivi di sicurezza.

[Symptom77]

ok fatto tutto, grazie!

[R16]

Di niente.
Ciao!