Toggle sidebar Toggle sidebar

PROBLEMA pagine internet che si aprono da sole ...virus?

F

FDAC

Utente Attivo
1,335
194
Il contenuto di questo file, devi inserirlo in un file di testo TXT sul Desktop che chiamerai CFScript.txt:
Text Upload - Free Content Hosting

Trascina dunque il file appena creato sull'icona di ComboFix, partirà la scansione, attendi e allega il report generato al termine.


Francesco
 
  • Mi piace
Reazioni: Nordavind
Nordavind

Nordavind

Utente Attivo
153
8
CPU
Intel i5 quad core 3450 3.1 GHz 6MB Socket 1155 Ivy Bridge
Scheda Madre
AsRock H77 Pro4/MVP
HDD
HDD int. WD Caviar Blue 500GB + HDD est. WD 1TB & Lacie 1TB
RAM
16GB DDR3 Corsair Vengeance LP 1600MHz
GPU
Sapphire Radeon HD6450 1GB DDR3 fanless
Audio
[sistema audio] Scythe Kro Craft Rev. B
Monitor
Dell U2412M 24'' 16:10 1920x1200px
PSU
XFX Pro Series 550W (RMA) --> sostituito con Seasonic S12II 520 W
Case
Corsair Carbide 300R
OS
Windows 7 Home Premium 64bit
ecco fatto

Codice: 
ComboFix 12-07-20.01 - Proprietario 20/07/2012  12:39:19.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8087.6145 [GMT 2:00]
Eseguito da: c:\users\Proprietario\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Proprietario\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
FILE ::
"c:\users\Proprietario\AppData\Local\PosService\Pos.exe"
"c:\users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe"
"c:\users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe"
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Proprietario\AppData\Local\PosService\Pos.exe
c:\users\Proprietario\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\Proprietario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
-------\Service_SoftwareUpd
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-06-20 al 2012-07-20  )))))))))))))))))))))))))))))))))))
.
.
2012-07-20 09:58 . 2012-06-29 10:04    9133488    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8C88CAD-46B6-49D5-84B0-84787A9911EF}\mpengine.dll
2012-07-19 17:07 . 2012-07-20 10:42    94656    ----a-w-    c:\windows\system32\WPRO_41_2001woem.tmp
2012-07-19 16:51 . 2012-02-03 13:26    27760    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2012-07-19 16:51 . 2012-02-03 13:26    132320    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-07-19 16:51 . 2012-02-03 13:26    97312    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-07-19 16:51 . 2012-07-19 16:51    --------    d-----w-    c:\programdata\Avira
2012-07-19 16:51 . 2012-07-19 16:51    --------    d-----w-    c:\program files (x86)\Avira
2012-07-19 15:38 . 2012-07-19 15:38    --------    d-----w-    c:\program files (x86)\Trend Micro
2012-07-19 13:21 . 2012-07-19 13:22    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:21 . 2012-07-19 13:21    --------    d-----w-    c:\programdata\Malwarebytes
2012-07-19 13:21 . 2012-07-03 11:46    24904    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-07-19 01:44 . 2012-07-19 16:42    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-07-19 01:44 . 2012-07-19 16:42    --------    d-----w-    c:\program files (x86)\Spybot - Search & Destroy
2012-07-18 23:50 . 2012-07-18 23:50    --------    d-----w-    c:\program files (x86)\OpenOffice.org 3
2012-07-18 21:53 . 2012-07-18 21:53    --------    d-----w-    c:\program files\Common Files\DESIGNER
2012-07-18 21:53 . 2012-07-18 21:53    --------    d-----w-    c:\windows\PCHEALTH
2012-07-18 21:51 . 2012-07-18 21:51    --------    d-----w-    c:\program files\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 21:51    --------    d-----w-    c:\program files (x86)\Microsoft Analysis Services
2012-07-18 21:51 . 2012-07-18 22:22    --------    d-----w-    c:\program files\Microsoft Office
2012-07-18 21:50 . 2012-07-18 21:50    --------    d-----r-    C:\MSOCache
2012-07-18 21:36 . 2012-07-18 22:43    --------    d-----w-    c:\programdata\Microsoft Help
2012-07-18 18:05 . 2012-07-18 18:05    --------    d-----w-    c:\program files (x86)\uTorrent
2012-07-18 16:49 . 2012-07-18 16:49    --------    d-----w-    c:\programdata\Sony Corporation
2012-07-18 16:15 . 2012-07-18 16:49    --------    d-----w-    c:\program files (x86)\Sony
2012-07-17 01:05 . 2012-07-17 01:06    --------    d-----w-    c:\program files (x86)\Ciel
2012-07-16 23:59 . 2012-07-16 23:59    --------    d-----w-    c:\program files (x86)\AnvSoft
2012-07-16 23:57 . 2012-07-16 23:57    --------    d-----w-    c:\program files (x86)\Common Files\xing shared
2012-07-16 23:57 . 2012-07-16 23:57    499712    ----a-w-    c:\windows\SysWow64\msvcp71.dll
2012-07-16 23:57 . 2012-07-16 23:57    348160    ----a-w-    c:\windows\SysWow64\msvcr71.dll
2012-07-16 23:56 . 2012-07-16 23:57    --------    d-----w-    c:\program files (x86)\Real
2012-07-16 19:06 . 2012-07-16 19:06    --------    d-----w-    c:\program files (x86)\IrfanView
2012-07-16 17:05 . 2012-07-16 17:05    --------    d-----w-    c:\program files (x86)\FastStone Image Viewer
2012-07-16 16:16 . 2012-07-16 17:39    --------    d-----w-    c:\programdata\InstallShield
2012-07-16 00:32 . 2012-07-16 00:32    --------    d-----w-    c:\program files (x86)\TPE
2012-07-15 20:40 . 2008-01-30 15:36    90112    ----a-w-    c:\windows\unvise32.exe
2012-07-15 20:40 . 2012-07-15 20:40    --------    d-----w-    c:\program files (x86)\Datacolor
2012-07-15 01:16 . 2012-07-15 01:16    --------    d-----w-    c:\program files (x86)\VideoLAN
2012-07-14 23:34 . 2012-07-14 23:34    --------    d-----w-    c:\program files (x86)\CrystalDiskInfo
2012-07-13 13:28 . 2012-06-12 03:08    3148800    ----a-w-    c:\windows\system32\win32k.sys
2012-07-13 13:21 . 2012-06-06 06:06    2004480    ----a-w-    c:\windows\system32\msxml6.dll
2012-07-13 12:43 . 2012-07-13 12:43    --------    d-----w-    c:\programdata\ATI
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\programdata\AMD
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\AMD AVT
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\AMD APP
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files (x86)\ATI Technologies
2012-07-13 12:41 . 2012-07-13 12:41    --------    d-----w-    c:\program files\ATI Technologies
2012-07-07 17:30 . 2012-07-07 17:30    --------    d-----w-    c:\program files\CCleaner
2012-07-07 12:49 . 2012-07-07 12:49    0    ----a-w-    c:\windows\ativpsrm.bin
2012-07-07 03:24 . 2012-07-07 03:24    --------    d-----w-    c:\program files (x86)\SystemRequirementsLab
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Common Files\Java
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Oracle
2012-07-07 03:21 . 2012-05-04 17:29    772504    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2012-07-07 03:21 . 2012-05-04 17:29    687504    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2012-07-07 03:21 . 2012-07-07 03:21    --------    d-----w-    c:\program files (x86)\Java
2012-07-06 13:22 . 2012-07-06 13:22    --------    d-----w-    c:\programdata\Hewlett-Packard
2012-07-06 13:22 . 2009-07-14 01:41    230400    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-07-06 00:20 . 2012-07-06 00:20    --------    d-----w-    c:\program files (x86)\MyPcCleaner
2012-07-06 00:15 . 2012-07-06 00:15    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2012-07-06 00:14 . 2012-07-06 00:15    --------    d-----w-    c:\program files\Adobe
2012-07-06 00:13 . 2012-07-06 00:15    --------    d-----w-    c:\program files\Common Files\Adobe
2012-07-05 22:30 . 2010-02-23 08:16    294912    ----a-w-    c:\windows\system32\browserchoice.exe
2012-07-05 21:43 . 2012-07-16 19:33    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2012-07-05 21:43 . 2012-07-05 21:43    --------    d-----w-    c:\program files (x86)\Adobe Download Assistant
2012-07-05 19:55 . 2012-07-13 13:27    59701280    ----a-w-    c:\windows\system32\MRT.exe
2012-07-05 18:44 . 2012-07-05 18:44    --------    d-----w-    c:\program files (x86)\Common Files\logishrd
2012-07-05 18:44 . 2012-07-05 18:44    --------    d-----w-    c:\program files\Common Files\logishrd
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\SysWow64\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\system32\wbem\en-US
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\SysWow64\Wat
2012-07-05 18:36 . 2012-07-05 18:36    --------    d-----w-    c:\windows\system32\Wat
2012-07-05 18:21 . 2012-03-01 06:46    23408    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2012-07-05 18:21 . 2012-03-01 06:38    220672    ----a-w-    c:\windows\system32\wintrust.dll
2012-07-05 18:21 . 2012-03-01 06:33    81408    ----a-w-    c:\windows\system32\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 06:28    5120    ----a-w-    c:\windows\system32\wmi.dll
2012-07-05 18:21 . 2012-03-01 05:37    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2012-07-05 18:21 . 2012-03-01 05:33    159232    ----a-w-    c:\windows\SysWow64\imagehlp.dll
2012-07-05 18:21 . 2012-03-01 05:29    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2012-07-05 16:08 . 2012-07-05 16:08    --------    d-----w-    C:\viewpower
2012-07-05 16:08 . 2012-07-05 16:08    --------    d-----w-    c:\program files (x86)\ViewPower
2012-07-05 16:08 . 2012-07-05 16:08    --------    d--h--w-    c:\program files (x86)\Zero G Registry
2012-07-05 15:24 . 2012-07-18 21:53    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2012-07-05 15:21 . 2012-07-06 00:20    --------    d-----w-    c:\program files\WinRAR
2012-07-05 14:58 . 2012-07-05 14:59    --------    d-----w-    c:\program files (x86)\softOSD
2012-07-05 14:58 . 2007-05-03 16:19    14032    ----a-w-    c:\windows\system32\drivers\se64a.sys
2012-07-05 14:43 . 2012-07-13 14:20    70344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 14:43 . 2012-07-13 14:20    426184    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 14:43 . 2012-07-05 14:43    --------    d-----w-    c:\windows\SysWow64\Macromed
2012-07-05 14:43 . 2012-07-05 14:43    --------    d-----w-    c:\windows\system32\Macromed
2012-07-05 14:41 . 2012-07-06 00:14    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2012-07-05 14:34 . 2012-04-26 05:41    77312    ----a-w-    c:\windows\system32\rdpwsx.dll
2012-07-05 14:33 . 2012-05-04 11:06    5559664    ----a-w-    c:\windows\system32\ntoskrnl.exe
2012-07-05 14:33 . 2012-05-04 10:03    3968368    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2012-07-05 14:33 . 2012-05-04 10:03    3913072    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2012-07-05 14:30 . 2011-01-17 11:09    197120    ----a-w-    c:\windows\system32\d3d10_1.dll
2012-07-05 14:30 . 2011-01-17 05:47    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2012-07-05 14:30 . 2011-04-29 03:06    467456    ----a-w-    c:\windows\system32\drivers\srv.sys
2012-07-05 14:30 . 2011-04-29 03:05    410112    ----a-w-    c:\windows\system32\drivers\srv2.sys
2012-07-05 14:30 . 2011-04-29 03:05    168448    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2012-07-05 14:30 . 2011-08-17 05:26    613888    ----a-w-    c:\windows\system32\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 05:25    108032    ----a-w-    c:\windows\system32\psisrndr.ax
2012-07-05 14:30 . 2011-08-17 04:24    465408    ----a-w-    c:\windows\SysWow64\psisdecd.dll
2012-07-05 14:30 . 2011-08-17 04:19    75776    ----a-w-    c:\windows\SysWow64\psisrndr.ax
2012-07-05 14:30 . 2012-04-28 03:55    210944    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2012-07-05 14:30 . 2011-12-28 03:59    498688    ----a-w-    c:\windows\system32\drivers\afd.sys
2012-07-05 14:28 . 2011-02-23 04:55    90624    ----a-w-    c:\windows\system32\drivers\bowser.sys
2012-07-05 14:24 . 2012-07-05 14:24    --------    d--h--w-    c:\programdata\Common Files
2012-07-05 14:24 . 2012-07-19 16:45    --------    d-----w-    c:\programdata\MFAData
2012-07-05 14:20 . 2012-07-19 12:51    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2012-06-29 19:49 . 2012-06-29 13:02    --------    d-----w-    c:\windows\Panther
2012-06-29 13:25 . 2012-02-17 06:38    1031680    ----a-w-    c:\windows\system32\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 05:34    826880    ----a-w-    c:\windows\SysWow64\rdpcore.dll
2012-06-29 13:25 . 2012-02-17 04:57    23552    ----a-w-    c:\windows\system32\drivers\tdtcp.sys
2012-06-29 13:22 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-29 13:22 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-29 13:22 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2012-06-29 13:22 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2012-06-29 13:22 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2012-06-29 13:22 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2012-06-29 13:22 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2012-06-29 13:22 . 2012-06-02 13:19    186752    ----a-w-    c:\windows\system32\wuwebv.dll
2012-06-29 13:22 . 2012-06-02 13:15    36864    ----a-w-    c:\windows\system32\wuapp.exe
2012-06-29 13:17 . 2012-06-29 13:17    --------    d-----w-    c:\program files (x86)\Common Files\Intel Corporation
2012-06-29 13:15 . 2012-06-29 13:15    --------    d-----w-    c:\program files\ASRock Utility
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 18:59 . 2012-06-11 18:59    10248192    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35    70144    ----a-w-    c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29    24826368    ----a-w-    c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00    20467712    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24    924160    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2012-06-11 17:23    1090560    ----a-w-    c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19    532992    ----a-w-    c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19    239616    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17    21504    ----a-w-    c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16    6301696    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2012-06-11 17:01    6914560    ----a-w-    c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51    4246528    ----a-w-    c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45    5480448    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45    15703040    ----a-w-    c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43    4729344    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40    13277696    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36    6605824    ----a-w-    c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27    539136    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    368640    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26    17920    ----a-w-    c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    14848    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    41984    ----a-w-    c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26    33280    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26    367616    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2012-06-11 16:25    54784    ----a-w-    c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25    42496    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25    45056    ----a-w-    c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24    32768    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23    56320    ----a-w-    c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23    56320    ----a-w-    c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23    56832    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23    56832    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
2012-06-11 11:50 . 2012-06-11 11:50    187392    ----a-w-    c:\windows\system32\clinfo.exe
2012-06-11 11:50 . 2012-06-11 11:50    75264    ----a-w-    c:\windows\system32\OpenVideo64.dll
2012-06-11 11:50 . 2012-06-11 11:50    65024    ----a-w-    c:\windows\SysWow64\OpenVideo.dll
2012-06-11 11:50 . 2012-06-11 11:50    63488    ----a-w-    c:\windows\system32\OVDecode64.dll
2012-06-11 11:50 . 2012-06-11 11:50    56320    ----a-w-    c:\windows\SysWow64\OVDecode.dll
2012-06-11 11:50 . 2012-06-11 11:50    16457728    ----a-w-    c:\windows\system32\amdocl64.dll
2012-06-11 11:49 . 2012-06-11 11:49    13008896    ----a-w-    c:\windows\SysWow64\amdocl.dll
2012-06-11 11:48 . 2012-06-11 11:48    54784    ----a-w-    c:\windows\system32\OpenCL.dll
2012-06-11 11:48 . 2012-06-11 11:48    50176    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2012-05-31 10:25 . 2010-11-21 03:27    279656    ------w-    c:\windows\system32\MpSigStub.exe
2012-05-10 14:35 . 2012-05-10 14:35    43520    ----a-w-    c:\windows\system32\kdbsdk64.dll
2012-05-10 14:35 . 2012-05-10 14:35    29184    ----a-w-    c:\windows\SysWow64\kdbsdk32.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-20_10.02.29   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-20 10:13    37358              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-20 10:13    35144              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-29 13:14 . 2012-07-20 10:42    34752              c:\windows\system32\drivers\WPRO_41_2001.sys
- 2012-06-29 13:14 . 2012-07-20 10:02    34752              c:\windows\system32\drivers\WPRO_41_2001.sys
+ 2012-06-29 13:08 . 2012-07-20 10:13    9674              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4259828143-2418007124-1487343570-1000_UserData.bin
- 2012-07-20 10:01 . 2012-07-20 10:01    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-20 10:42 . 2012-07-20 10:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-20 10:01 . 2012-07-20 10:01    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-20 10:42 . 2012-07-20 10:42    2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-20 10:01    525972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-20 10:41    525972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 16:09 . 2012-07-20 10:41    1644040              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-07-03 16:09 . 2012-07-20 10:01    1644040              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-05 18:34 . 2012-07-20 10:41    31846108              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4259828143-2418007124-1487343570-1000-8192.dat
- 2012-07-05 18:34 . 2012-07-20 10:01    31846108              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4259828143-2418007124-1487343570-1000-8192.dat
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-07-16 296096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-02-03 258512]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [BU]
.
c:\users\Proprietario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViewPower.lnk - c:\program files (x86)\ViewPower\ViewPower.exe [2012-7-5 116224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\se64a.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Spyder4;Datacolor Spyder4;c:\windows\system32\DRIVERS\dccmtr.sys [2011-06-02 15360]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-05 1255736]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-02-03 27760]
S1 se64a;EnTech softEngine;c:\windows\system32\Drivers\se64a.sys [2007-05-03 14032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-02-03 86224]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 softOSD;softOSD;c:\program files (x86)\softOSD\softOSD.exe [2010-12-18 291384]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-07-20 34752]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 14:20]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000Core.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4259828143-2418007124-1487343570-1000UA.job
- c:\users\Proprietario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-07 04:20]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
2012-07-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 11:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"combofix"="c:\combofix\CF8642.3XE" [2010-11-21 345088]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 79.137.95.200 80.79.48.66
FF - ProfilePath - c:\users\Proprietario\AppData\Roaming\Mozilla\Firefox\Profiles\1rzly8nm.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bca82793a-f805-4684-8df7-c391bb2ca180%7D&mid=7d8186d9f8b747d0b24e6d16b2dc55b3-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&ds=AVG&v=11.1.0.12&lang=it&pr=fr&d=2012-07-05%2016%3A30%3A56&sap=ku&q=
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @[URL="http://www.tomshw.it/forum/member.php?u=97929"]DenieD[/URL]: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\softLCP.exe
c:\progra~2\VIEWPO~1\TOMCAT~1.EXE
c:\program files (x86)\ViewPower\jre\bin\javaw.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-20  12:45:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-07-20 10:45
ComboFix2.txt  2012-07-20 10:05
.
Pre-Run: 128.574.603.264 byte disponibili
Post-Run: 128.312.541.184 byte disponibili
.
- - End Of File - - 8FB84FDE8C509635B6C1EE1F67E05C03

finito?



grazie mille intanto!!!

ps posso riattivare firewall, antivirus, punti di ripristino?

- - - Updated - - -

pps queste 3 cartelle è normale che ci siano ancora?

appdata2.jpg

(la cartella appdata è visibile solo visualizzando cartelle/file nascosti)

se ho capito bene devo cancellare le 3 cartelle, giusto?

inoltre se vado in pannello di controllo --> programmi e funzionalità, vedo che ho PowerOffer 2.0, devo disinstallare pure quello?
 
Ultima modifica:
Nordavind

Nordavind

Utente Attivo
153
8
CPU
Intel i5 quad core 3450 3.1 GHz 6MB Socket 1155 Ivy Bridge
Scheda Madre
AsRock H77 Pro4/MVP
HDD
HDD int. WD Caviar Blue 500GB + HDD est. WD 1TB & Lacie 1TB
RAM
16GB DDR3 Corsair Vengeance LP 1600MHz
GPU
Sapphire Radeon HD6450 1GB DDR3 fanless
Audio
[sistema audio] Scythe Kro Craft Rev. B
Monitor
Dell U2412M 24'' 16:10 1920x1200px
PSU
XFX Pro Series 550W (RMA) --> sostituito con Seasonic S12II 520 W
Case
Corsair Carbide 300R
OS
Windows 7 Home Premium 64bit
fatto!

va benissimo (a parte l'icona dell'audio che ogni tanto esce con la croce rossa, ma funziona, penso sia un errore di windows)

già ieri comunque fixando le voci con HiJackThis mi pareva che avevo risolto, di certo col tuo aiuto ho rimosso meglio queste schifezze, grazie infinitamente!!

solo una cosa: se volessi disinstallare combofix, ho solo l'icona sul desktop, non c'è il programma in pannello di controllo --> programmi e funzionalità, basta che la elimino?


ps posso riattivare i punti di ripristino?

poi mi rimane l'incognita di questa cartella che non so cosa sia
app3.jpg

comunque ecco un nuovo log di Hijack
Codice: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31:25, on 20/07/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @[URL="http://www.tomshw.it/forum/member.php?u=102397"]Key[/URL]iso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10585 bytes

ps quando ho lanciato combofix per il log (la prima volta) e anche quando ho lanciato lo script che mi hai dato, al riavvio usciva su qualsiasi file che tentastvo di cliccare ''Operazione non valida tentata su una chiave di registro che è stato contrassegnato per l'eliminazione'' ...è bastato riavviare per risolvere

è normale o qualcosa è andato storto?
 
Ultima modifica:
F

FDAC

Utente Attivo
1,335
194
In Hijackthis, fixa questa voce:

O4 - HKLM\..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe

Riavvia il PC ed elimina la cartella come da tua immagine postata (softwareupdater) insieme a questa:

C:\Users\Public\Documents\AppData\PoApp

Riavvia il PC ed allega l'ultimo log di HJT.
 
Nordavind

Nordavind

Utente Attivo
153
8
CPU
Intel i5 quad core 3450 3.1 GHz 6MB Socket 1155 Ivy Bridge
Scheda Madre
AsRock H77 Pro4/MVP
HDD
HDD int. WD Caviar Blue 500GB + HDD est. WD 1TB & Lacie 1TB
RAM
16GB DDR3 Corsair Vengeance LP 1600MHz
GPU
Sapphire Radeon HD6450 1GB DDR3 fanless
Audio
[sistema audio] Scythe Kro Craft Rev. B
Monitor
Dell U2412M 24'' 16:10 1920x1200px
PSU
XFX Pro Series 550W (RMA) --> sostituito con Seasonic S12II 520 W
Case
Corsair Carbide 300R
OS
Windows 7 Home Premium 64bit
fatto

quella cartella (C:\Users\Public\Documents\AppData\PoApp) non ce l'ho, chissà perchè, magari era un rimasuglio di non so cosa
forse di questa cartella appdata.jpg che ho eliminato all'inizio, quando ho lanciato HiJack la prima volta



ecco il nuovo log
Codice: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:31:43, on 20/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\softLCP.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
C:\Program Files (x86)\ViewPower\ViewPower.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ViewPower\jre\bin\javaw.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Proprietario\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - Startup: ViewPower.lnk = C:\Program Files (x86)\ViewPower\ViewPower.exe
O4 - Global Startup: SpyderUtility.lnk = C:\Program Files (x86)\Datacolor\Spyder4Pro\Utility\SpyderUtility.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @[URL="http://www.tomshw.it/forum/member.php?u=102397"]Key[/URL]iso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: softOSD - EnTech Taiwan - C:\Program Files (x86)\softOSD\softOSD.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpower - Acresso - C:\PROGRA~2\VIEWPO~1\TOMCAT~1.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10460 bytes

sembra tutto ok
posso disinstallare combofix ora? (come si fa?)
 
Ultima modifica:
F

FDAC

Utente Attivo
1,335
194
Scarica TFC by OldTimer: http://oldtimer.geekstogo.com/TFC.exe
● posiziona il tool sul Desktop
termina tutti i programmi attivi, comprese le pagine Internet
● avvia il tool con un doppio click
● clicca, in basso a sinistra, sul pulsante Start
scomparirà, per qualche istante, il Desktop: nulla di cui preoccuparsi
● attendi pazientemente il termine delle operazioni
● clicca, in basso a destra, sul pulsante Exit
● una volta terminate le operazioni, chiudi il programma

Nota - riguardo al programma:
TFC by OldTimer serve ad eliminare i file temporeanei di tutti gli utenti, con facilità e velocemente

Scarica OTC by OldTimer: http://oldtimer.geekstogo.com/OTC.exe
● posiziona il tool sul Desktop
● chiudi tutti i programmi attivi
● avvia il tool con un doppio click
● clicca sul pulsante CleanUp!
● il programma chiede di riavviare il sistema: consenti, cliccando su Yes per due volte

Nota - riguardo al programma:
OTC by OldTimer serve ad eliminare i programmi che abbiamo utilizzato per la pulizia (ComboFix in particolare) in modo automatico e preciso: al riavvio non noterai più l'icona di ComboFix, è del tutto normale

Abbiamo finito.
Ciao e alla prossima, Francesco.
 
Nordavind

Nordavind

Utente Attivo
153
8
CPU
Intel i5 quad core 3450 3.1 GHz 6MB Socket 1155 Ivy Bridge
Scheda Madre
AsRock H77 Pro4/MVP
HDD
HDD int. WD Caviar Blue 500GB + HDD est. WD 1TB & Lacie 1TB
RAM
16GB DDR3 Corsair Vengeance LP 1600MHz
GPU
Sapphire Radeon HD6450 1GB DDR3 fanless
Audio
[sistema audio] Scythe Kro Craft Rev. B
Monitor
Dell U2412M 24'' 16:10 1920x1200px
PSU
XFX Pro Series 550W (RMA) --> sostituito con Seasonic S12II 520 W
Case
Corsair Carbide 300R
OS
Windows 7 Home Premium 64bit
aspettavo il tuo messaggio :) grazie infinite, ora procedo!
fortuna che esistono i forum ma soprattutto gente come te (e gli altri che aiutano) che danno una mano


ps oltre all'antivirus e al firewall di windows mi consgli qualcos'altro per evitare questi virus? tipo un qualche altro firewall?
 
Devi accedere o registrarti per rispondere qui.

Entra

Hai dimenticato la password?
oppure Accedi utilizzando
Discord Ufficiale Entra ora!