PROBLEMA NON RIESCO AD INSTALLARE ANTIVIRUS

[Filippo Viti]

salve

questo è il log di combofix


ComboFix 14-08-24.01 - enzo 24/08/2014 19:05:04.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3767.2668 [GMT 2:00]
Eseguito da: c:\users\enzo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2014-07-24 al 2014-08-24 )))))))))))))))))))))))))))))))))))
.
.
2014-08-24 17:09 . 2014-08-24 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-24 17:09 . 2014-08-24 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-24 16:51 . 2014-08-24 16:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2014-08-24 16:51 . 2014-08-24 16:51 -------- d-----w- c:\program files (x86)\PC Tools
2014-08-24 16:50 . 2014-08-24 16:50 -------- d-----w- c:\programdata\PC Tools
2014-08-24 16:50 . 2014-08-24 16:50 -------- d-----w- c:\users\enzo\AppData\Roaming\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-24 17:03 . 2014-05-01 08:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-14 07:05 . 2014-07-10 17:06 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 07:05 . 2014-07-10 17:06 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-05-27 17:59 . 2014-07-10 17:06 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-05-27 17:59 . 2014-07-10 17:06 130584 ----a-w- c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\users\enzo\Desktop\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-27 2495088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-04-25 4478976]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
"PlayMovie"="c:\program files (x86)\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 177384]
"TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
"IDProtect Monitor"="c:\program files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-12-02 323664]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2013-11-07 188416]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-21 751184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SagekeySecurity.ocx"="c:\windows\system32\SagekeySecurity.ocx" [2007-02-27 245760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2012-3-2 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 c40b;fewapinybeax.exe;c:\windows\system32\drivers\c40b.sys;c:\windows\SYSNATIVE\drivers\c40b.sys [x]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService64.exe;c:\program files\ASUS\P7131\Remote Control\RCService64.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\enzo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\enzo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbx64.sys;c:\windows\SYSNATIVE\DRIVERS\a38usbx64.sys [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S2 AK910SwitchService;AK910SwitchService;c:\program files (x86)\AK910SwitchService\svc\AK910SwitchService.exe;c:\program files (x86)\AK910SwitchService\svc\AK910SwitchService.exe [x]
S2 cbVSCService11;Cobian Backup 11 Servizio Volume Shadow Copy;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe;c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [x]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe;c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [x]
S3 3xHybr64;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - 7fcf2e8ada30054d
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-18 10:38 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:06]
.
2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]
"bit4id csp store register (M x64)"="c:\windows\system32\bit4upki-store.dll" [2013-11-07 237568]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://google.it/
mStart Page = https://it.yahoo.com?fr=hp-avast&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://it.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\7fcf2e8ada30054d]
"ImagePath"="\SystemRoot\System32\Drivers\7fcf2e8ada30054d.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DenieD: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
Ora fine scansione: 2014-08-24 19:11:03
ComboFix-quarantined-files.txt 2014-08-24 17:11
ComboFix2.txt 2014-08-24 16:34
ComboFix3.txt 2014-07-10 16:41
.
Pre-Run: 110.814.134.272 byte disponibili
Post-Run: 110.765.801.472 byte disponibili
.
- - End Of File - - E8EAAE0B7972A2E434A07BEB9F261E7F
A36C5E4F47E84449FF07ED3517B43A31

 

[Filippo Viti]

Sono riuscito ad installare avast ma non parte la protezione e se provo a fare una scansione mi da l'errore degli endpoint
ho provato a disistallarlo con l'apposito tool in modalità provvisoria e reinstallarlo ma niente ...

 

[tecnico24]

Ciao.
Hai anche installato Antivir e pc tools.
Prova a disinstallare tutto , anche perchè vanno in conflitto più software di sicurezza.
Fai una pulizia con Ccleaner e poi prova ad installare un solo software antivirus.

 

[Filippo Viti]

Ciao.
Hai anche installato Antivir e pc tools.
Prova a disinstallare tutto , anche perchè vanno in conflitto più software di sicurezza.
Fai una pulizia con Ccleaner e poi prova ad installare un solo software antivirus.

grazie della risposta ho provato ma non cè verso sempre il solito errore degli endpoint e la protezione non si avvia credo che dovrò formattare


ComboFix 14-08-26.02 - enzo 26/08/2014 20:44:38.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.3767.2593 [GMT 2:00]
Eseguito da: c:\users\enzo\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\InfoSat.txt
c:\program files (x86)\Cinema-Plus-1.3
c:\program files (x86)\Cinema-Plus-1.3\1293297481.mxaddon
c:\program files (x86)\Cinema-Plus-1.3\360-60896.crx
c:\program files (x86)\Cinema-Plus-1.3\60896.crx
c:\program files (x86)\Cinema-Plus-1.3\60896.xpi
c:\program files (x86)\Cinema-Plus-1.3\background.html
c:\program files (x86)\Cinema-Plus-1.3\bgNova.html
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-bg.exe
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-bho.dll
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-bho64.dll
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-codedownloader.exe
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-nova.dll
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-nova.exe
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-novainstaller.exe
c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3.ico
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-10.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-11.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-2.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-3.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-4.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218-5.exe
c:\program files (x86)\Cinema-Plus-1.3\d3277556-9813-4717-8083-c5246d146218.crx
c:\program files (x86)\Cinema-Plus-1.3\Interop.IWshRuntimeLibrary.dll
c:\program files (x86)\Cinema-Plus-1.3\Newtonsoft.Json.dll
c:\program files (x86)\Cinema-Plus-1.3\SuperSocket.ClientEngine.Common.dll
c:\program files (x86)\Cinema-Plus-1.3\SuperSocket.ClientEngine.Core.dll
c:\program files (x86)\Cinema-Plus-1.3\SuperSocket.ClientEngine.Protocol.dll
c:\program files (x86)\Cinema-Plus-1.3\Uninstall.exe
c:\program files (x86)\Cinema-Plus-1.3\utils.exe
c:\program files (x86)\Cinema-Plus-1.3\WebSocket4Net.dll
c:\programdata\374311380
c:\users\enzo\AppData\Local\ContextFree
c:\users\enzo\AppData\Local\ContextFree\cntcmd.exe
c:\users\enzo\AppData\Local\ContextFree\Context2pro_Uninstaller.exe
c:\users\enzo\AppData\Local\ContextFree\framei.exe
c:\users\enzo\AppData\Local\ContextFree\navigation.exe
c:\users\enzo\AppData\Local\ContextFree\notifications.exe
c:\users\enzo\AppData\Local\ContextFree\nvcmd.exe
c:\users\enzo\AppData\Local\ContextFree\windoclib.exe
c:\users\enzo\AppData\Roaming\LiveSupport.exe_log.txt
c:\users\enzo\AppData\Roaming\regsvr32.exe_log.txt
c:\users\enzo\Desktop\Search.lnk
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
.
.
((((((((((((((((((((((((( Files Creati Da 2014-07-28 al 2014-08-28 )))))))))))))))))))))))))))))))))))
.
.
2014-08-26 18:48 . 2014-08-26 18:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-08-26 18:48 . 2014-08-26 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-26 18:00 . 2014-08-26 18:00 -------- d-----w- c:\programdata\IePluginServices
2014-08-26 18:00 . 2014-08-26 18:14 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-08-26 18:00 . 2014-08-26 18:00 -------- d-----w- c:\program files (x86)\SupTab
2014-08-26 17:59 . 2014-08-26 18:30 -------- d-----w- c:\users\enzo\AppData\Roaming\istartsurf
2014-08-26 17:00 . 2014-08-26 17:35 -------- d-----w- c:\program files\AVAST Software
2014-08-26 16:56 . 2014-08-26 17:11 -------- d-----w- c:\program files (x86)\Advanced Fix
2014-08-26 16:53 . 2014-08-26 17:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-26 16:53 . 2014-08-26 18:07 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-08-26 16:53 . 2014-08-26 16:55 -------- d-----w- c:\program files (x86)\Hi-ghD-V11
2014-08-26 16:53 . 2014-08-26 18:30 -------- d-----w- c:\users\enzo\AppData\Local\fabulous_08261653
2014-08-26 16:52 . 2014-08-26 16:52 -------- d-----w- c:\users\enzo\AppData\Local\globalUpdate
2014-08-26 16:52 . 2014-08-26 16:52 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-26 16:21 . 2014-08-26 18:09 4128 ----a-w- c:\windows\SysWow64\bit4upki-store.dll.elog.bin
2014-08-26 16:21 . 2014-08-26 18:08 14128 ----a-w- c:\windows\system32\bit4upki-store.dll.elog.bin
2014-08-26 16:17 . 2014-08-26 17:39 -------- d-----w- c:\program files\System Maintenance GL
2014-08-26 16:17 . 2014-08-26 16:17 -------- d-----w- c:\programdata\System Maintenance GL
2014-08-26 16:17 . 2014-08-26 16:17 -------- d-----w- c:\users\enzo\AppData\Roaming\System Maintenance GL
2014-08-26 16:16 . 2014-08-26 16:16 -------- d-----w- c:\users\enzo\AppData\Roaming\StormFall
2014-08-26 16:16 . 2014-08-26 16:16 -------- d-----w- c:\users\enzo\AppData\Local\StormFall
2014-08-26 16:16 . 2014-08-26 16:16 -------- d-----w- c:\users\enzo\AppData\Roaming\GoodGameEmpire
2014-08-26 16:16 . 2014-08-26 16:16 -------- d-----w- c:\users\enzo\AppData\Local\GGEmpire
2014-08-26 16:16 . 2014-08-05 17:14 20328 ----a-w- c:\windows\system32\roboot64.exe
2014-08-25 21:14 . 2014-08-25 21:14 -------- d-----w- c:\users\enzo\AppData\Roaming\AVG
2014-08-25 21:14 . 2014-08-25 21:14 -------- d-----w- c:\users\enzo\AppData\Local\AVG
2014-08-25 21:13 . 2014-08-25 21:15 -------- d-----w- c:\programdata\AVG
2014-08-25 17:49 . 2014-08-26 16:14 -------- d-----w- c:\users\enzo\AppData\Local\13621
2014-08-25 17:48 . 2014-08-25 17:48 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2014-08-25 17:46 . 2014-08-25 17:46 -------- d-----w- c:\program files (x86)\CandyBox
2014-08-25 16:23 . 2014-08-26 16:03 -------- d-----w- C:\$AVG
2014-08-25 16:22 . 2014-08-25 20:52 -------- d-----w- c:\users\enzo\AppData\Local\Avg2014
2014-08-25 14:39 . 2014-08-25 14:39 108544 ----a-w- c:\windows\SysWow64\hfnapi.dll
2014-08-25 14:39 . 2014-08-25 14:39 246784 ----a-w- c:\windows\SysWow64\hfpapi.dll
2014-08-24 16:51 . 2014-08-25 17:48 -------- d-----w- c:\program files (x86)\PC Tools
2014-08-24 16:50 . 2014-08-26 17:53 -------- d-----w- c:\programdata\PC Tools
2014-08-24 16:50 . 2014-08-24 16:50 -------- d-----w- c:\users\enzo\AppData\Roaming\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-14 07:05 . 2014-07-10 17:06 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 07:05 . 2014-07-10 17:06 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-06-17 14:21 . 2014-06-17 14:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 14:07 . 2014-06-17 14:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 14:06 . 2014-06-17 14:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 14:06 . 2014-06-17 14:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 14:06 . 2014-06-17 14:06 242968 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-17 14:06 . 2014-06-17 14:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611341141}]
2014-08-26 16:54 524696 ----a-w- c:\program files (x86)\Hi-ghD-V11\Hi-ghD-V11-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-08-26 18:00 515464 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\users\enzo\Desktop\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
"SystemMaintenanceUpdaterGL"="c:\program files\System Maintenance GL\System Maintenance Updater.exe" [2014-08-26 197392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-27 2495088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-04-25 4478976]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 148776]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 202024]
"TVEService"="c:\program files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 226536]
"IDProtect Monitor"="c:\program files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-12-02 323664]
"bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2013-11-07 188416]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4086432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SagekeySecurity.ocx"="c:\windows\system32\SagekeySecurity.ocx" [2007-02-27 245760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2012-3-2 519744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"PlayMovie"="c:\program files (x86)\CyberLink\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
R1 c40b;fewapinybeax.exe;c:\windows\system32\drivers\c40b.sys;c:\windows\SYSNATIVE\drivers\c40b.sys [x]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
R2 SoftwareUpd;Software Upd;c:\users\enzo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\enzo\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R3 3xHybr64;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\3xHybr64.sys [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbx64.sys;c:\windows\SYSNATIVE\DRIVERS\a38usbx64.sys [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys;c:\windows\SYSNATIVE\drivers\ArcSec.sys [x]
S2 AK910SwitchService;AK910SwitchService;c:\program files (x86)\AK910SwitchService\svc\AK910SwitchService.exe;c:\program files (x86)\AK910SwitchService\svc\AK910SwitchService.exe [x]
S2 cbVSCService11;Cobian Backup 11 Servizio Volume Shadow Copy;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 RCSERVICE;RCSERVICE;c:\program files\ASUS\P7131\Remote Control\RCService64.exe;c:\program files\ASUS\P7131\Remote Control\RCService64.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe;c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [x]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe;c:\program files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [x]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - 7fcf2e8ada30054d
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-26 18:38 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.94\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-08-28 c:\windows\Tasks\236130c0-6805-48f2-862c-5bcd33222c34.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-4.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\32290ea1-404b-4eec-823e-3691f8918bd1.job
- c:\program files (x86)\Hi-ghD-V11\32290ea1-404b-4eec-823e-3691f8918bd1.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-1.job
- c:\program files (x86)\Hi-ghD-V11\Hi-ghD-V11-codedownloader.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-11.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-11.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-2.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-2.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-3.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-3.exe [2014-08-26 16:53]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-4.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-4.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-5.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-5.exe [2014-08-26 16:55]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-5_user.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-5.exe [2014-08-26 16:55]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-6.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-6.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\e9c59bc5-c835-45e5-b7ee-fafc9f564196-7.job
- c:\program files (x86)\Hi-ghD-V11\e9c59bc5-c835-45e5-b7ee-fafc9f564196-7.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\feba186d-5842-40a3-bb11-678236fdfb5a.job
- c:\program files (x86)\Hi-ghD-V11\feba186d-5842-40a3-bb11-678236fdfb5a.exe [2014-08-26 16:54]
.
2014-08-28 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-26 16:53]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:06]
.
2014-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15 17:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-26 17:37 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\enzo\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-06 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-06 413720]
"bit4id csp store register (M x64)"="c:\windows\system32\bit4upki-store.dll" [2013-11-07 237568]
"SystemMaintenanceUpdaterGL"="c:\program files\System Maintenance GL\System Maintenance Updater.exe" [2014-08-26 197392]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1409075929&from=smt&uid=MAXTORXSTM3160215AS_5RA8RFRYXXXX5RA8RFRY
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409075929&from=smt&uid=MAXTORXSTM3160215AS_5RA8RFRYXXXX5RA8RFRY&q={searchTerms}
mSearch Bar = https://it.yahoo.com?fr=hp-avast&type=avastbcl
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1409075929&from=smt&uid=MAXTORXSTM3160215AS_5RA8RFRYXXXX5RA8RFRY
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1409075929&from=smt&uid=MAXTORXSTM3160215AS_5RA8RFRYXXXX5RA8RFRY&q={searchTerms}
uInternet Settings,ProxyServer =

uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StLKYZZHUxozG7WbG8M4ZbpPFmdMo1AYeJNGPquJ6tgk7k1OOu0nCZPruBHCqD5pUUfAQY3Y8HtVcgM7mZXXwbMOXWFNVYWPYgyBzH7OOvaeWHW0QoxCVTyFp_UqHvr4ADBA54ikYFFBzBQnQBw6_O6pPu4TsoIL95T-u9jye8e_kBYzfPUAmOJxv3KTu4h_VKkCpwrXvz4Q,,&q={searchTerms}
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
BHO-{11111111-1111-1111-1111-110611081196} - c:\program files (x86)\Cinema-Plus-1.3\Cinema-Plus-1.3-bho.dll
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
Wow6432Node-HKCU-Run-framei - c:\users\enzo\AppData\Local\ContextFree\framei.exe
Wow6432Node-HKCU-Run-nvcmd - c:\users\enzo\AppData\Local\ContextFree\nvcmd.exe
Wow6432Node-HKCU-Run-cntcmd - c:\users\enzo\AppData\Local\ContextFree\cntcmd.exe
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
SafeBoot-73062387.sys
Toolbar-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
WebBrowser-{41564952-412D-5637-4300-7A786E7484D7} - (no file)
AddRemove-ContextFree - c:\users\enzo\AppData\Local\ContextFree\Context2pro_Uninstaller.exe
AddRemove-GoodGameEmpire - c:\users\enzo\AppData\Local\Temp\is633825481\73A90AB0_stp\Uninstaller.exe
AddRemove-StormFall - c:\users\enzo\AppData\Local\Temp\is633825481\0047A4FB_stp\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\7fcf2e8ada30054d]
"ImagePath"="\SystemRoot\System32\Drivers\7fcf2e8ada30054d.sys"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DenieD: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @DenieD: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DenieD: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DenieD: (A) (Users) @DenieD: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @DenieD: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\SupTab\HpUI.exe
c:\program files (x86)\SupTab\Loader32.exe
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2014-08-28 18:21:29 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2014-08-28 16:21
ComboFix2.txt 2014-08-24 17:11
ComboFix3.txt 2014-08-24 16:34
ComboFix4.txt 2014-07-10 16:41
.
Pre-Run: 115.902.885.888 byte disponibili
Post-Run: 115.650.596.864 byte disponibili
.
- - End Of File - - 14EF8BE528CC5110BA2039BA7225D3B6
A36C5E4F47E84449FF07ED3517B43A31

 

[tecnico24]

Forse ci sono conflitti o residui di antivirus che bloccano la protezione.
Un'installazione pulita di windows risolverebbe il problema , però stavolta fai attenzione ad installare un solo software di protezione.Ciao.

 

[massi76]

Salve a tutti anche io non riesco ad installare nessun antivirus.
In allegato la scansione con combofix. Mi potete aiutare a capire come mai?

 

[danilo79]

Ciao esegui queste scansioni:

carica tdsskiller da qui www.bleepingcomputer.com/download/tdsskiller/
Segui questa guida per il programma http://www.why-tech.it/come-rimuovere-defi...t-dal-pc-1.html
Posta il log report

Poi scarica Malwarebyte Antirootkit da qui https://it.malwarebytes.com/antirootkit/
Segui la guida fornita nel sito nella stessapagina del download
Posta il log generato

Poi esegui una scansione con roguekiller...
Scaricalo da qui...
http://www.adlice.com/download/roguekiller/
Segui questa guida per usare il programma
http://it.ccm.net/faq/3204-come-usare
Cancella solo le voci di colore rosso...
Posta il report

Infine scarica frst da qui https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
scarica la versione adatta al tuo sistema operativo 32 o 64 bit
posiziona l eseguibile sul desktop
tasto dx sopra eseguibile--apri come amministratore
una volta aperto clicca su scan
postare log frst.txt e addition.txt

NB: non preoccuparti le scansioni sono relativamente veloci

Ciao