PROBLEMA pagine internet che si aprono da sole ...virus?

[Nordavind]

ho appena acquistato un nuovo pc, con windows 7, ho dei problemi perchè ogni tanto (raramente comunque) si aprono pagine internet da sole

mi sa che ho beccato un virus, anche se ho installato subito AVG (free edition) appena m'è arrivato il pc e faccio frequentemente scansioni, non mi ha trovato niente ...ho lanciato pure CCleaner e stasera amche Spybot Search and Destroy e mi hanno corretto alcuni errori


in documenti poi ho una cartella ''appdata'' che non riesco a eliminare e non capisco che roba sia:



è un virus? che roba è?

che devo fare? ...se avete dei consigli, sono un inesperto totale... :blush: sul forum ho trovato altre discussioni simili, ad esempio si dice di usare combofix, ma vorrei chiedere a voi prima di muovermi... vista la mia inesperienza

 

[Federico83]

appdata contiene informazioni delle applicazioni non devi rimuoverla.

 

[Nordavind]

ok grazie mille
come posso controllare se ho un virus? ho il problema che si aprono pagine internet da sole

quei file che ho postato nello screenshot sopra mi parevano dei virus cercando in internet, ma come detto essendo inesperto probabilmente mi sbaglio

 

[Federico83]

dai una passata di malwarebytes e vedi cosa succede

 

[Nordavind]

dai una passata di malwarebytes e vedi cosa succede

ho fatto una scansione approfondita, mi ha trovato 2 file ''PUP.ToolbarDownloader'', li ho eliminati poi mi ha fatto riavviare il pc

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Proprietario :: PROPRIETARIO-PC [amministratore]

Protezione: Attivata

19/07/2012 15:23:30
mbam-log-2012-07-19 (15-23-30).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 295017
Tempo impiegato: 17 minuti, 51 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 2
C:\$Recycle.Bin\S-1-5-21-4259828143-2418007124-1487343570-1000\$R1Z2VW0.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.
C:\$Recycle.Bin\S-1-5-21-4259828143-2418007124-1487343570-1000\$RAGDNIR.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.

(fine)

ora spero di essere a posto
i file che ho postato nello screenshot sopra non sono virus allora?

ps intanto grazie ancora!!

 

[Federico83]

hai fatto lo scan veloce o approfondito? fai così aggiorna malwarebytes e fai uno scan approfondito mi sembrano pochi 17minuti

 

[Nordavind]

approfondito sì, con il software appena scaricato e quindi aggiornato

tieni conto che ho il pc da neanche due settimane quindi c'è dentro pochissima roba, non so se dipenda da questo il tempo così breve

 

[Federico83]

bhe un aggiornamento fallo a prescindere non è detto che il programma contenga tutte le nuove informazioni sui nuovi virus

 

[Nordavind]

ok ora riprovo

ps a questo utente http://www.tomshw.it/forum/sicurezz...ne-web-che-si-aprono-da-sole.html#post2179855 tutti i file presenti nello screenshot che ho postato sopra ComboFix glieli ha eliminati

7z.dll
AppLib.Zip.dll
kw.sdb
PLauncher
PService
RegHandlerDll.dll

non è che devo usare questo programma? sono virus?

intanto riprovo con Malwarebytes

- - - Updated - - -

Malwarebytes Anti-Malware (Prova) 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.07.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Proprietario :: PROPRIETARIO-PC [amministratore]

Protezione: Attivata

19/07/2012 16:13:08
mbam-log-2012-07-19 (16-13-08).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 295066
Tempo impiegato: 16 minuti, 14 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)

sembra non ci siano problemi, però ci sono quei file che non so se siano virus o che...mmm...quasi quasi provo a lanciare combofix, che dite? solo che vedo che c'è un avviso di non usarlo di propria iniziativa, non so che fare... :(

 

[Federico83]

io non lo ho mai usato combo quindi non so darti supporto

 

[Nordavind]

ok aspetto l'intervento di qualche esperto, anche per sapere se quei file sono virus o cosa, intanto grazie!

ho lanciato pure tdsskiller (non ha trovato niente) e Hijack, ecco il log se può servire:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:57, on 19/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Public\Documents\AppData\PoApp\PService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe"  /DoAction
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @[URL="http://www.tomshw.it/forum/member.php?u=102397"]Key[/URL]iso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14085 bytes

aggiornamento: allora su consiglio di un amico ho fixato questi files:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url=http://search.findeer.com]Search[/url]
Diagnosi E' consigliabile premere subito il pulsante Fix in HijackThis! 

O17 - HKLM\System\CCS\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CS1\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

O17 - HKLM\System\CS2\Services\Tcpip\..\{36AF3C18-696F-43AB-8C42-36DD9438F506}: NameServer = 176.31.229.24,176.31.229.25
Diagnosi Conoscete l'indirizzo IP o il Dominio '176.31.229.24,176.31.229.25'? Se no, eliminate questo oggetto.

poi ho cancellato (in modalità provvisoria) i file postati nello screenshot


unico problema che Hijack continua a mostrarmi il log della prima analisi che ha fatto, non mi mostra il log dopo il fix, non so come mai

 

[Ivan Sala]

potrebbero essere dei comunissimi pop-up? (le pagine che ti si aprono..)...Prova a scaricare adblock per firefox o per crome...e fai sapere se ti si aprono ancora....

 

[Nordavind]

no no avevo già installato adblock

leggendo un altro thread http://www.tomshw.it/forum/sicurezz...rono-le-pagine-web-da-sole-2.html#post2143302 avevo delle voci identiche (vedi log che ho postato nel messaggio precedente), come detto le ho fixate con Hijack e adesso spero di essere a posto




metto il log completo, dopo il fix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:21:04, on 19/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Google Update] "C:\Users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @[URL="http://www.tomshw.it/forum/member.php?u=102397"]Key[/URL]iso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11616 bytes

in teoria ora sono a posto, non dovrebbe nemmeno servire usare combofix se non erro
se qualcuno mi può confermare...

- - - Updated - - -

mmm ho ancora qualche dubbio

questi file sono da fixare?

O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Users\Proprietario\AppData\Local\PosService\Pos.exe


O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe 

        
O23 - Service: Software Upd (SoftwareUpd) -  SoftwareUpdService -  C:\Users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe

 

[FDAC]

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
● disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
● disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
● senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
● sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
● ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.

 

[Nordavind]

dopo che ha riavviato e ha generato il log ho dovuto riavviare di nuovo perchè non mi faceva più fare niente

ecco il log

ComboFix 12-07-20.01 - Proprietario 20/07/2012  11:58:45.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8087.5973 [GMT 2:00]
Eseguito da: c:\users\Proprietario\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Proprietario\AppData\Local\unins000.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-06-20 al 2012-07-20  )))))))))))))))))))))))))))))))))))
.
.
2012-07-20 10:01 . 2012-07-20 10:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-07-20 09:58 . 2012-06-29 10:04    9133488    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8C88CAD-46B6-49D5-84B0-84787A9911EF}\mpengine.dll
2012-07-19 17:07 . 2012-07-20 10:02    94656    ----a-w-    c:\windows\system32\WPRO_41_2001woem.tmp
2012-07-19 16:51 . 2012-02-03 13:26    27760    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2012-07-19 16:51 . 2012-02-03 13:26    132320    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-07-19 16:51 . 2012-02-03 13:26    97312    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-07-19 16:51 . 2012-07-19 16:51    --------    d-----w-    c:\programdata\Avira
2012-07-19 16:51 . 2012-07-19 16:51    --------    d-----w-    c:\program files (x86)\Avira
2012-07-19 15:38 . 2012-07-19 15:38    --------    d-----w-    c:\program files (x86)\Trend Micro
2012-07-19 13:21 . 2012-07-19 13:22    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:21 . 2012-07-19 13:21    --------    d-----w-    c:\programdata\Malwarebytes
2012-07-19 13:21 . 2012-07-03 11:46    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-07-19 01:44 . 2012-07-19 16:42    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-07-19 01:44 . 2012-07-19 16:42    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2012-07-18 23:50 . 2012-07-18 23:50    --------    d-----w-    c:\program files (x86)\OpenOffice.org 3
2012-07-18 21:53 . 2012-07-18 21:53    --------    d-----w-    c:\program files\Common Files\DESIGNER
2012-07-18 21:53 . 2012-07-18 21:53    --------    d-----w-    c:\windows\PCHEALTH
2012-07-18 21:51 . 2012-07-18 21:51    --------    d-----w-    c:\program files\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 21:51    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 22:22    --------    d-----w-    c:\program files\Microsoft Office
2012-07-18 21:50 . 2012-07-18 21:50    --------    d-----r-    C:\MSOCache
2012-07-18 21:36 . 2012-07-18 22:43    --------    d-----w-    c:\programdata\Microsoft Help
2012-07-18 18:05 . 2012-07-18 18:05    --------    d-----w-    c:\program files (x86)\uTorrent
2012-07-18 16:49 . 2012-07-18 16:49    --------    d-----w-    c:\programdata\Sony Corporation
2012-07-18 16:15 . 2012-07-18 16:49    --------    d-----w-    c:\program files (x86)\Sony
2012-07-17 01:05 . 2012-07-17 01:06    --------    d-----w-    c:\program files (x86)\Ciel
2012-07-16 23:59 . 2012-07-16 23:59    --------    d-----w-    c:\program files (x86)\AnvSoft
2012-07-16 23:57 . 2012-07-16 23:57    --------    d-----w-    c:\program files (x86)\Common Files\xing shared
2012-07-16 23:57 . 2012-07-16 23:57    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2012-07-16 23:57 . 2012-07-16 23:57    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2012-07-16 23:56 . 2012-07-16 23:57    --------    d-----w-    c:\program files (x86)\Real
2012-07-16 19:06 . 2012-07-16 19:06    --------    d-----w-    c:\program files (x86)\IrfanView
2012-07-16 17:05 . 2012-07-16 17:05    --------    d-----w-    c:\program files (x86)\FastStone Image Viewer
2012-07-16 16:16 . 2012-07-16 17:39    --------    d-----w-    c:\programdata\InstallShield
2012-07-16 00:32 . 2012-07-16 00:32    --------    d-----w-    c:\program files (x86)\TPE
2012-07-15 20:40 . 2008-01-30 15:36    90112    ----a-w-    c:\windows\unvise32.exe
2012-07-15 20:40 . 2012-07-15 20:40    --------    d-----w-    c:\program files (x86)\Datacolor
2012-07-15 01:16 . 2012-07-15 01:16    --------    d-----w-    c:\program files (x86)\VideoLAN
2012-07-14 23:34 . 2012-07-14 23:34    --------    d-----w-    c:\program files (x86)\CrystalDiskInfo
2012-07-13 13:28 . 2012-06-12 03:08    3148800    ----a-w-    c:\windows\system32\win32k.sys
2012-07-13 13:21 . 2012-06-06 06:06    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2012-07-13 12:43 . 2012-07-13 12:43    --------    d-----w-    c:\programdata\ATI
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\programdata\AMD
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\AMD AVT
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\AMD APP
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files\ATI Technologies
2012-07-07 17:30 . 2012-07-07 17:30    --------    d-----w-    c:\program files\CCleaner
2012-07-07 12:49 . 2012-07-07 12:49    0    ----a-w-    c:\windows\ativpsrm.bin
2012-07-07 03:24 . 2012-07-07 03:24    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Common Files\Java
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Oracle
2012-07-07 03:21 . 2012-05-04 17:29    772504    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-07-07 03:21 . 2012-05-04 17:29    687504    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Java
2012-07-06 13:22 . 2012-07-06 13:22    --------    d-----w-    c:\programdata\Hewlett-Packard
2012-07-06 13:22 . 2009-07-14 01:41    230400    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-07-06 00:20 . 2012-07-06 00:20    --------    d-----w-    c:\program files (x86)\MyPcCleaner
2012-07-06 00:15 . 2012-07-06 00:15    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2012-07-06 00:14 . 2012-07-06 00:15    --------    d-----w-    c:\program files\Adobe
2012-07-06 00:13 . 2012-07-06 00:15    --------    d-----w-    c:\program files\Common Files\Adobe
2012-07-05 22:30 . 2010-02-23 08:16    294912    ----a-w-    c:\windows\system32\browserchoice.exe
2012-07-05 21:43 . 2012-07-16 19:33    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2012-07-05 21:43 . 2012-07-05 21:43    --------    d-----w-    c:\program files (x86)\Adobe Download Assistant
2012-07-05 19:55 . 2012-07-13 13:27    59701280    ----a-w-    c:\windows\system32\MRT.exe
2012-07-05 18:44 . 2012-07-05 18:44    --------    d-----w-    c:\program files (x86)\Common Files\logishrd
2012-07-05 18:44 . 2012-07-05 18:44    --------    d-----w-    c:\program files\Common Files\logishrd
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\SysWow64\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\system32\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\SysWow64\Wat
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\system32\Wat
2012-07-05 18:21 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2012-07-05 18:21 . 2012-03-01 06:38    220672    ----a-w-    c:\windows\system32\wintrust.dll
2012-07-05 18:21 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2012-07-05 18:21 . 2012-03-01 05:37    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2012-07-05 18:21 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2012-07-05 16:08 . 2012-07-05 16:08    --------    d-----w-    C:\viewpower
2012-07-05 16:08 . 2012-07-05 16:08    --------    d-----w-    c:\program files (x86)\ViewPower
2012-07-05 16:08 . 2012-07-05 16:08    --------    d--h--w-    c:\program files (x86)\Zero G Registry
2012-07-05 15:24 . 2012-07-18 21:53    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2012-07-05 15:21 . 2012-07-06 00:20    --------    d-----w-    c:\program files\WinRAR
2012-07-05 14:58 . 2012-07-05 14:59    --------    d-----w-    c:\program files (x86)\softOSD
2012-07-05 14:58 . 2007-05-03 16:19    14032    ----a-w-    c:\windows\system32\drivers\se64a.sys
2012-07-05 14:43 . 2012-07-13 14:20    70344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 14:43 . 2012-07-13 14:20    426184    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 14:43 . 2012-07-05 14:43    --------    d-----w-    c:\windows\SysWow64\Macromed
2012-07-05 14:43 . 2012-07-05 14:43    --------    d-----w-    c:\windows\system32\Macromed
2012-07-05 14:41 . 2012-07-06 00:14    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2012-07-05 14:34 . 2012-04-26 05:41    77312    ----a-w-    c:\windows\system32\rdpwsx.dll
2012-07-05 14:33 . 2012-05-04 11:06    5559664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2012-07-05 14:33 . 2012-05-04 10:03    3968368    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2012-07-05 14:33 . 2012-05-04 10:03    3913072    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2012-07-05 14:30 . 2011-01-17 11:09    197120    ----a-w-    c:\windows\system32\d3d10_1.dll
2012-07-05 14:30 . 2011-01-17 05:47    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2012-07-05 14:30 . 2011-04-29 03:06    467456    ----a-w-    c:\windows\system32\drivers\srv.sys
2012-07-05 14:30 . 2011-04-29 03:05    410112    ----a-w-    c:\windows\system32\drivers\srv2.sys
2012-07-05 14:30 . 2011-04-29 03:05    168448    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2012-07-05 14:30 . 2011-08-17 05:26    613888    ----a-w-    c:\windows\system32\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 05:25    108032    ----a-w-    c:\windows\system32\psisrndr.ax
2012-07-05 14:30 . 2011-08-17 04:24    465408    ----a-w-    c:\windows\SysWow64\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 04:19    75776    ----a-w-    c:\windows\SysWow64\psisrndr.ax
2012-07-05 14:30 . 2012-04-28 03:55    210944    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2012-07-05 14:30 . 2011-12-28 03:59    498688    ----a-w-    c:\windows\system32\drivers\afd.sys
2012-07-05 14:28 . 2011-02-23 04:55    90624    ----a-w-    c:\windows\system32\drivers\bowser.sys
2012-07-05 14:24 . 2012-07-05 14:24    --------    d--h--w-    c:\programdata\Common Files
2012-07-05 14:24 . 2012-07-19 16:45    --------    d-----w-    c:\programdata\MFAData
2012-07-05 14:20 . 2012-07-19 12:51    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2012-06-29 19:49 . 2012-06-29 13:02    --------    d-----w-    c:\windows\Panther
2012-06-29 13:25 . 2012-02-17 06:38    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 05:34    826880    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 04:57    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2012-06-29 13:22 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-29 13:22 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-29 13:22 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2012-06-29 13:22 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2012-06-29 13:22 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2012-06-29 13:22 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2012-06-29 13:22 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2012-06-29 13:22 . 2012-06-02 13:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2012-06-29 13:22 . 2012-06-02 13:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2012-06-29 13:17 . 2012-06-29 13:17    --------    d-----w-    c:\program files (x86)\Common Files\Intel Corporation
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 18:59 . 2012-06-11 18:59    10248192    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35    70144    ----a-w-    c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29    24826368    ----a-w-    c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00    20467712    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24    924160    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23    1090560    ----a-w-    c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19    532992    ----a-w-    c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16    6301696    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01    6914560    ----a-w-    c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51    4246528    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45    5480448    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45    15703040    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43    4729344    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40    13277696    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36    6605824    ----a-w-    c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27    539136    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    368640    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    367616    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25    54784    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25    42496    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25    45056    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24    32768    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50    187392    ----a-w-    c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50    75264    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50    65024    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50    63488    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50    56320    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50    16457728    ----a-w-    c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49    13008896    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48    54784    ----a-w-    c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48    50176    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-05-31 10:25 . 2010-11-21 03:27    279656    ------w-    c:\windows\system32\MpSigStub.exe
2012-05-10 14:35 . 2012-05-10 14:35    43520    ----a-w-    c:\windows\system32\kdbsdk64.dll
2012-05-10 14:35 . 2012-05-10 14:35    29184    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-07-16 296096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
.
c:\users\Proprietario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViewPower.lnk - c:\program files (x86)\ViewPower\ViewPower.exe [2012-7-5 116224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ServUpdater;Serv Updater;c:\users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe [2011-12-16 156160]
R2 SoftwareUpd;Software Upd;c:\users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [2012-04-23 161280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 se64a;EnTech softEngine;c:\windows\system32\Drivers\se64a.sys [2007-05-03 14032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PowerOffer Service;Pos Service;c:\users\Proprietario\AppData\Local\PosService\Pos.exe [2012-04-03 169472]
S2 softOSD;softOSD;c:\program files (x86)\softOSD\softOSD.exe [2010-12-18 291384]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-07-20 34752]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 14:20]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000Core.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000UA.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 79.137.95.200 80.79.48.66
FF - ProfilePath - c:\users\Proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\1rzly8nm.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bca82793a-f805-4684-8df7-c391bb2ca180%7D&mid=7d8186d9f8b747d0b24e6d16b2dc55b3-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.12&lang=it&pr=fr&d=2012-07-05%2016%3A30%3A56&sap=ku&q=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-PosService - c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\Proprietario\AppData\Local\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\softLCP.exe
c:\progra~2\VIEWPO~1\TOMCAT~1.EXE
c:\program files (x86)\ViewPower\jre\bin\javaw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-20  12:05:10 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-07-20 10:05
.
Pre-Run: 128.389.734.400 byte disponibili
Post-Run: 128.437.555.200 byte disponibili
.
- - End Of File - - B3EA451E12EBF32230E6CD17E0A0D861

ps se poi devo creare un file txt, lo devo rinominare ''xxxx.txt'' o non devo scrivere ''.txt''? basta scegliere ''salva come documento di testo txt'', giusto?


ps ho anche disattivato il ripristino configurazione di sistema, lo posso riattivare ora?