RISOLTO Ricerca google virus reindirizzamento

Pubblicità
N

nightFox

Nuovo Utente
Messaggi
27
Reazioni
0
Punteggio
25
Ciao a tutti,

è un po' di giorni che ho questo problema: apro chrome, vado su google e quando cerco qualcosa (ho notato specialmente se digito direttamente su google e non dalla barra ricerca di chrome) i link da lui proposti, mi reindirizzano a strane pagine come 766c99fb.filesonthe.net, 7search.com, ecc..
Solo dopo vari tentativi mi fa accedere alla pagina richiesta.
Ho fatto molte ricerche a riguardo, anche in questo forum, e ho trovato problemi simili, ma ogni procedura seguita non è servita.
Ho provato a utilizzare parecchi anti-spyware, anti-malware o utility consigliate nelle discussioni come TDSSKiller, sophos, SUPERAntyspyware, Malwarebytes, msert ecc..
Alcuni hanno trovato qualcosa ma il problema si è sempre riproposto.
Ho pure provato a togliere avira e mettere kaspersky, ma niente. (ora ho di nuovo avira)

Non sono praticissimo in materia, e se qualcuno può darmi qualche consiglio..gliene sarei molto grato.
 
Ciao:)
prova a fare uno scan con HijackThis e posta il log qui....

Controlla inoltre che non sia installato qualche add-on per chrome strano....visualizza i programmi installati e vedi che non ci sia qualche programma strano

HijackThis - Download





 
Ultima modifica da un moderatore:
ciao! grazie per aver risposto

questo è il log:

Codice: 
C:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe


--
End of file - 6274 bytes


Per quanto riguarda chrome, l'unica estensione che ho è Speed Dial 2.. che non mi ha mai dato problemi..
 
ecco qui il log di combofix

Codice: 
ComboFix 12-09-23.02 - User 23/09/2012  17:04:40.1.2 - x86Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2047.1294 [GMT 2:00]
Eseguito da: c:\users\User\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\User\AppData\Roaming\cacaoweb
c:\users\User\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\User\AppData\Roaming\cacaoweb\replicating052B40A560D150623DFDD206D0DE7298.cacao
c:\users\User\AppData\Roaming\cacaoweb\replicating2D35885C8FA642721032830ECDDB955F.cacao
c:\users\User\AppData\Roaming\cacaoweb\replicatingD356D6FF3C7CACE4BBC36F300F1AD14A.cacao
c:\users\User\AppData\Roaming\cacaoweb\replicatingDA91C5DA8F0790745AAEEBA9D9D1C4AA.cacao
c:\users\User\AppData\Roaming\cacaoweb\storage.db
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-08-23 al 2012-09-23  )))))))))))))))))))))))))))))))))))
.
.
2012-09-23 15:10 . 2012-09-23 15:10    --------    d-----w-    c:\users\User\AppData\Local\temp
2012-09-23 15:10 . 2012-09-23 15:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2012-09-23 14:10 . 2012-09-23 14:10    --------    d-----w-    c:\users\User\AppData\Local\PosService
2012-09-23 14:10 . 2012-09-23 14:10    --------    d-----w-    c:\users\User\AppData\Local\ServUpdater
2012-09-23 14:10 . 2012-09-23 14:10    --------    d-----w-    c:\users\User\AppData\Local\PowerOffer
2012-09-23 14:09 . 2012-09-23 14:12    --------    d-----w-    c:\program files\DriverPlus
2012-09-16 11:29 . 2012-09-16 11:29    388096    ----a-r-    c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-16 11:29 . 2012-09-16 11:29    --------    d-----w-    c:\program files\Trend Micro
2012-09-15 15:50 . 2012-08-21 11:01    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 15:50 . 2012-09-15 15:50    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 15:50 . 2012-09-15 15:50    --------    d-----w-    c:\program files\iPod
2012-09-15 14:27 . 2012-07-10 07:14    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2012-09-15 14:27 . 2012-07-10 07:14    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2012-09-15 14:27 . 2012-07-10 07:14    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2012-09-15 14:27 . 2012-09-15 15:57    --------    d-----w-    c:\windows\system32\WNLT
2012-09-15 14:27 . 2012-09-15 14:27    --------    d-----w-    c:\windows\system32\ARFC
2012-09-15 14:27 . 2012-08-16 11:44    362104    ----a-w-    c:\windows\system32\dmwu.exe
2012-09-15 14:27 . 2012-08-16 11:43    28160    ----a-w-    c:\windows\system32\ImHttpComm.dll
2012-09-13 10:33 . 2012-09-13 10:54    --------    d-----w-    c:\program files\POP Peeper
2012-09-12 17:34 . 2012-09-12 17:34    --------    d-----w-    c:\program files\Wise
2012-09-12 17:28 . 2012-09-12 17:28    --------    d-----w-    c:\users\User\AppData\Roaming\Avira
2012-09-12 17:11 . 2012-06-05 22:40    83392    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2012-09-12 17:11 . 2012-06-05 22:40    36000    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2012-09-12 17:11 . 2012-06-05 22:40    137928    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2012-09-12 17:11 . 2012-09-12 17:11    --------    d-----w-    c:\programdata\Avira
2012-09-12 17:11 . 2012-09-12 17:11    --------    d-----w-    c:\program files\Avira
2012-09-12 16:54 . 2012-09-12 16:54    --------    d-----w-    c:\program files\VS Revo Group
2012-09-12 11:04 . 2012-09-12 11:04    --------    d-----w-    c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-09-12 11:03 . 2012-09-12 11:03    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2012-09-12 11:02 . 2012-09-12 11:02    --------    d-----w-    c:\users\User\AppData\Roaming\Malwarebytes
2012-09-12 11:02 . 2012-09-12 11:02    --------    d-----w-    c:\programdata\Malwarebytes
2012-09-12 08:33 . 2012-09-12 08:33    --------    d-sh--w-    c:\programdata\DSS
2012-09-11 00:22 . 2012-09-11 00:22    --------    d-----w-    c:\programdata\Sophos
2012-09-09 23:58 . 2012-09-10 00:01    --------    d-----w-    C:\TDSSKiller_Quarantine
2012-09-09 21:29 . 2012-09-09 23:30    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2012-09-09 21:29 . 2012-09-09 23:30    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2012-09-09 21:04 . 2011-06-21 09:24    32768    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-09 11:23 . 2012-09-09 11:23    159744    --sha-r-    c:\windows\system32\aeinvb.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 21:16 . 2012-04-05 18:07    696240    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-09-20 21:16 . 2011-11-21 02:09    73136    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-06-27 11:09    477168    ----a-w-    c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-11-28 20:05    473072    ----a-w-    c:\windows\system32\deployJava1.dll
2012-08-21 11:01 . 2011-11-22 10:16    106928    ----a-w-    c:\windows\system32\GEARAspi.dll
2012-07-28 04:09 . 2012-07-28 04:09    5538984    ----a-w-    c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06    8758784    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43    58880    ----a-w-    c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2012-07-28 02:50    20546560    ----a-w-    c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15    163840    ----a-w-    c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-10-12 20:14    931328    ----a-w-    c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10    442368    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10    469504    ----a-w-    c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09    217600    ----a-w-    c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08    163840    ----a-w-    c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08    20992    ----a-w-    c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2011-10-12 20:04    6430208    ----a-w-    c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35    46080    ----a-w-    c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35    44032    ----a-w-    c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32    4751872    ----a-w-    c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30    13605888    ----a-w-    c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2012-07-28 01:15    368640    ----a-w-    c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15    14848    ----a-w-    c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2012-07-28 01:14    33280    ----a-w-    c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14    296448    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-10-12 19:29    109568    ----a-w-    c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13    83456    ----a-w-    c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08    56832    ----a-w-    c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08    56832    ----a-w-    c:\windows\system32\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47    159232    ----a-w-    c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47    65024    ----a-w-    c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47    56320    ----a-w-    c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46    13013504    ----a-w-    c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"PosService"="c:\users\Public\Documents\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51    919008    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-09-06 11:09    3341464    ----a-w-    c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-20 19:33    136176    ----atw-    c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47    31016    ----a-w-    c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06    1840424    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30    421776    ----a-w-    c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31    2221352    ----a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02    254696    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 PowerOffer Service;Pos Service;c:\users\User\AppData\Local\PosService\Pos.exe [x]
R2 ServUpdater;Serv Updater;c:\users\User\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:17]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
2012-09-23 c:\windows\Tasks\sdxqgow.job
- c:\windows\system32\aeinvb.dll [2012-09-09 11:23]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.findeer.com
mStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BF53A056-375F-412E-A7B7-FF019D1970B6}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-24540433.sys
MSConfigStartUp-cacaoweb - c:\users\User\AppData\Roaming\cacaoweb\cacaoweb.exe
AddRemove-UnityWebPlayer - c:\users\User\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=97929]DenieD[/MENTION]: (Full) (Everyone)
.
Ora fine scansione: 2012-09-23  17:11:26
ComboFix-quarantined-files.txt  2012-09-23 15:11
.
Pre-Run: 90.758.356.992 byte disponibili
Post-Run: 90.957.156.352 byte disponibili
.
- - End Of File - - A4708B38E98E96395775E5255CDCC33E
 
Molto bene.


Adesso scarica il file qua in basso che ti ho allegato (CFScript.txt) e salvalo sul desktop.
A questo punto trascina il file CFScript.txt sull'icona di combofix a forma di leone colorata di rosso posizionata sul desktop.
Attendi le operazioni e al riavvio allega il nuovo log di combofix delle eliminazioni effettuate.
 

Allegati

ok faccio subito (grazie mille per la disponibilità)

- - - Updated - - -

ecco il nuovo log

Codice: 
ComboFix 12-09-23.02 - User 23/09/2012  17:38:00.2.2 - x86Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2047.1231 [GMT 2:00]
Eseguito da: c:\users\User\Downloads\ComboFix.exe
Opzioni usate :: c:\users\User\Downloads\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\sdxqgow.job"
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\Documents\AppData\PoApp
c:\users\Public\Documents\AppData\PoApp\7z.dll
c:\users\Public\Documents\AppData\PoApp\AppLib.Zip.dll
c:\users\Public\Documents\AppData\PoApp\kw.sdb
c:\users\Public\Documents\AppData\PoApp\PLauncher.exe
c:\users\Public\Documents\AppData\PoApp\PService.exe
c:\users\Public\Documents\AppData\PoApp\RegHandlerDll.dll
c:\users\Public\Documents\AppData\PoApp\settings\settings.ini
c:\users\User\AppData\Local\PosService
c:\users\User\AppData\Local\PosService\7z.dll
c:\users\User\AppData\Local\PosService\AppLib.Zip.dll
c:\users\User\AppData\Local\PosService\Pos.exe
c:\users\User\AppData\Local\PosService\Pos.InstallLog
c:\users\User\AppData\Local\PosService\Pos.InstallState
c:\users\User\AppData\Local\PowerOffer
c:\users\User\AppData\Local\PowerOffer\InstallHelper.exe
c:\users\User\AppData\Local\PowerOffer\System.Data.SQLite.dll
c:\users\User\AppData\Local\PowerOffer\unins000.dat
c:\users\User\AppData\Local\PowerOffer\unins000.exe
c:\users\User\AppData\Local\ServUpdater
c:\users\User\AppData\Local\ServUpdater\7z.dll
c:\users\User\AppData\Local\ServUpdater\AppLib.Zip.dll
c:\users\User\AppData\Local\ServUpdater\ServiceUpd.exe
c:\users\User\AppData\Local\ServUpdater\ServiceUpd.InstallLog
c:\users\User\AppData\Local\ServUpdater\ServiceUpd.InstallState
c:\windows\Tasks\sdxqgow.job
.
.
(((((((((((((((((((((((((((((((((((((((   Driver/Servizi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PowerOffer Service
-------\Service_ServUpdater
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-08-23 al 2012-09-23  )))))))))))))))))))))))))))))))))))
.
.
2012-09-23 15:42 . 2012-09-23 15:44	--------	d-----w-	c:\users\User\AppData\Local\temp
2012-09-23 14:09 . 2012-09-23 14:12	--------	d-----w-	c:\program files\DriverPlus
2012-09-16 11:29 . 2012-09-16 11:29	388096	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-16 11:29 . 2012-09-16 11:29	--------	d-----w-	c:\program files\Trend Micro
2012-09-15 15:50 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 15:50 . 2012-09-15 15:50	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 15:50 . 2012-09-15 15:50	--------	d-----w-	c:\program files\iPod
2012-09-15 14:27 . 2012-07-10 07:14	632656	----a-w-	c:\windows\system32\msvcr80.dll
2012-09-15 14:27 . 2012-07-10 07:14	554832	----a-w-	c:\windows\system32\msvcp80.dll
2012-09-15 14:27 . 2012-07-10 07:14	479232	----a-w-	c:\windows\system32\msvcm80.dll
2012-09-15 14:27 . 2012-09-15 15:57	--------	d-----w-	c:\windows\system32\WNLT
2012-09-15 14:27 . 2012-09-15 14:27	--------	d-----w-	c:\windows\system32\ARFC
2012-09-15 14:27 . 2012-08-16 11:44	362104	----a-w-	c:\windows\system32\dmwu.exe
2012-09-15 14:27 . 2012-08-16 11:43	28160	----a-w-	c:\windows\system32\ImHttpComm.dll
2012-09-13 10:33 . 2012-09-13 10:54	--------	d-----w-	c:\program files\POP Peeper
2012-09-12 17:34 . 2012-09-12 17:34	--------	d-----w-	c:\program files\Wise
2012-09-12 17:28 . 2012-09-12 17:28	--------	d-----w-	c:\users\User\AppData\Roaming\Avira
2012-09-12 17:11 . 2012-06-05 22:40	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-12 17:11 . 2012-06-05 22:40	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-12 17:11 . 2012-06-05 22:40	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-12 17:11 . 2012-09-12 17:11	--------	d-----w-	c:\programdata\Avira
2012-09-12 17:11 . 2012-09-12 17:11	--------	d-----w-	c:\program files\Avira
2012-09-12 16:54 . 2012-09-12 16:54	--------	d-----w-	c:\program files\VS Revo Group
2012-09-12 11:04 . 2012-09-12 11:04	--------	d-----w-	c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-09-12 11:03 . 2012-09-12 11:03	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-09-12 11:02 . 2012-09-12 11:02	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2012-09-12 11:02 . 2012-09-12 11:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-12 08:33 . 2012-09-12 08:33	--------	d-sh--w-	c:\programdata\DSS
2012-09-11 00:22 . 2012-09-11 00:22	--------	d-----w-	c:\programdata\Sophos
2012-09-09 23:58 . 2012-09-10 00:01	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-09 21:29 . 2012-09-09 23:30	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-09-09 21:29 . 2012-09-09 23:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-09-09 21:04 . 2011-06-21 09:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-09 11:23 . 2012-09-09 11:23	159744	--sha-r-	c:\windows\system32\aeinvb.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 21:16 . 2012-04-05 18:07	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-20 21:16 . 2011-11-21 02:09	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-06-27 11:09	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-11-28 20:05	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-21 11:01 . 2011-11-22 10:16	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06	8758784	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	58880	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-10-12 20:14	931328	----a-w-	c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	469504	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	217600	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	163840	----a-w-	c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08	20992	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2011-10-12 20:04	6430208	----a-w-	c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	296448	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-10-12 19:29	109568	----a-w-	c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\system32\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	159232	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-09-06 11:09	3341464	----a-w-	c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-20 19:33	136176	----atw-	c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06	1840424	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31	2221352	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:17]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BF53A056-375F-412E-A7B7-FF019D1970B6}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1 - c:\users\User\AppData\Local\PowerOffer\unins000.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=97929]DenieD[/MENTION]: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Ora fine scansione: 2012-09-23  17:46:17 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-09-23 15:46
ComboFix2.txt  2012-09-23 15:11
.
Pre-Run: 91.020.181.504 byte disponibili
Post-Run: 90.702.147.584 byte disponibili
.
- - End Of File - - B212971FAD19255DCA140782FD677A54
 
Adesso va decisamente meglio , anzi direi quasi perfetto.

Darei una passata con Adw Cleaner
Installalo
Clicca su Search
quando ha finito su Delete:
attendi il riavvio del pc e ti mostrerà il log delle operazioni , allegalo.

Poi scarica OTC OldTimer
Estrai ed avvia OTC.exe
Clicca su Cleanup e attendi il riavvio.

Abbiamo finito.
 
fatto come mi hai detto

ecco il log:

Codice: 
# AdwCleaner v2.003 - Logfile created 09/25/2012 at 12:31:56# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : User - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\User\Downloads\adwcleaner.exe
# Option [Delete]




***** [Services] *****


Stopped & Deleted : Web Assistant Updater


***** [Files / Folders] *****


File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Web Assistant


***** [Registry] *****


Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]


***** [Internet Browsers] *****


-\\ Internet Explorer v8.0.7601.17514


Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]


-\\ Google Chrome v21.0.1180.89


*************************


AdwCleaner[R1].txt - [1592 octets] - [25/09/2012 12:31:22]
AdwCleaner[R2].txt - [1652 octets] - [25/09/2012 12:31:40]
AdwCleaner[R3].txt - [1712 octets] - [25/09/2012 12:31:48]
AdwCleaner[S1].txt - [1934 octets] - [25/09/2012 12:31:56]


########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########

Ora dovrei essere a posto? :D Di nuovo grazie mille per essere stato così gentile!
 
per ora il problema sembra essere risolto.. vedo come va nei prossimi giorni e scriverò qui per conferma. :)

EDIT

come non detto.. lo ha appena rifatto.
 
log HijackThis:

Codice: 
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:28:14, on 25/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal


Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF53A056-375F-412E-A7B7-FF019D1970B6}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: WebOptimizer - Unknown owner - C:\Windows\system32\dmwu.exe


--
End of file - 5854 bytes


log combofix:

Codice: 
ComboFix 12-09-24.03 - User 25/09/2012  13:35:54.3.2 - x86Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.2047.1386 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-08-25 al 2012-09-25  )))))))))))))))))))))))))))))))))))
.
.
2012-09-25 11:41 . 2012-09-25 11:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-23 15:42 . 2012-09-25 11:41	--------	d-----w-	c:\users\User\AppData\Local\temp
2012-09-23 14:09 . 2012-09-23 14:12	--------	d-----w-	c:\program files\DriverPlus
2012-09-16 11:29 . 2012-09-16 11:29	388096	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-16 11:29 . 2012-09-16 11:29	--------	d-----w-	c:\program files\Trend Micro
2012-09-15 15:50 . 2012-08-21 11:01	26840	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 15:50 . 2012-09-15 15:50	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-15 15:50 . 2012-09-15 15:50	--------	d-----w-	c:\program files\iPod
2012-09-15 14:27 . 2012-07-10 07:14	632656	----a-w-	c:\windows\system32\msvcr80.dll
2012-09-15 14:27 . 2012-07-10 07:14	554832	----a-w-	c:\windows\system32\msvcp80.dll
2012-09-15 14:27 . 2012-07-10 07:14	479232	----a-w-	c:\windows\system32\msvcm80.dll
2012-09-15 14:27 . 2012-09-15 15:57	--------	d-----w-	c:\windows\system32\WNLT
2012-09-15 14:27 . 2012-09-15 14:27	--------	d-----w-	c:\windows\system32\ARFC
2012-09-15 14:27 . 2012-08-16 11:44	362104	----a-w-	c:\windows\system32\dmwu.exe
2012-09-15 14:27 . 2012-08-16 11:43	28160	----a-w-	c:\windows\system32\ImHttpComm.dll
2012-09-13 10:33 . 2012-09-13 10:54	--------	d-----w-	c:\program files\POP Peeper
2012-09-12 17:34 . 2012-09-12 17:34	--------	d-----w-	c:\program files\Wise
2012-09-12 17:28 . 2012-09-12 17:28	--------	d-----w-	c:\users\User\AppData\Roaming\Avira
2012-09-12 17:11 . 2012-06-05 22:40	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-09-12 17:11 . 2012-06-05 22:40	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-12 17:11 . 2012-06-05 22:40	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-12 17:11 . 2012-09-12 17:11	--------	d-----w-	c:\programdata\Avira
2012-09-12 17:11 . 2012-09-12 17:11	--------	d-----w-	c:\program files\Avira
2012-09-12 16:54 . 2012-09-12 16:54	--------	d-----w-	c:\program files\VS Revo Group
2012-09-12 11:04 . 2012-09-12 11:04	--------	d-----w-	c:\users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-09-12 11:03 . 2012-09-12 11:03	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-09-12 11:02 . 2012-09-12 11:02	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2012-09-12 11:02 . 2012-09-12 11:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-09-12 08:33 . 2012-09-12 08:33	--------	d-sh--w-	c:\programdata\DSS
2012-09-11 00:22 . 2012-09-11 00:22	--------	d-----w-	c:\programdata\Sophos
2012-09-09 23:58 . 2012-09-10 00:01	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-09-09 21:29 . 2012-09-09 23:30	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-09-09 21:29 . 2012-09-09 23:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-09-09 21:04 . 2011-06-21 09:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2012-09-09 11:23 . 2012-09-09 11:23	159744	--sha-r-	c:\windows\system32\aeinvb.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 21:16 . 2012-04-05 18:07	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-20 21:16 . 2011-11-21 02:09	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-06-27 11:09	477168	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-08-28 18:24 . 2011-11-28 20:05	473072	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-21 11:01 . 2011-11-22 10:16	106928	----a-w-	c:\windows\system32\GEARAspi.dll
2012-07-28 04:09 . 2012-07-28 04:09	5538984	----a-w-	c:\windows\system32\atiumdag.dll
2012-07-28 04:06 . 2012-07-28 04:06	8758784	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43	58880	----a-w-	c:\windows\system32\coinst_8.982.dll
2012-07-28 02:50 . 2012-07-28 02:50	20546560	----a-w-	c:\windows\system32\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15	163840	----a-w-	c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2011-10-12 20:14	931328	----a-w-	c:\windows\system32\aticfx32.dll
2012-07-28 02:10 . 2012-07-28 02:10	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10	469504	----a-w-	c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09	217600	----a-w-	c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08	163840	----a-w-	c:\windows\system32\atitmmxx.dll
2012-07-28 02:08 . 2012-07-28 02:08	20992	----a-w-	c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2012-07-28 02:07 . 2011-10-12 20:04	6430208	----a-w-	c:\windows\system32\atidxx32.dll
2012-07-28 01:35 . 2012-07-28 01:35	46080	----a-w-	c:\windows\system32\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35	44032	----a-w-	c:\windows\system32\aticalcl.dll
2012-07-28 01:32 . 2012-07-28 01:32	4751872	----a-w-	c:\windows\system32\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30	13605888	----a-w-	c:\windows\system32\aticaldd.dll
2012-07-28 01:15 . 2012-07-28 01:15	368640	----a-w-	c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	33280	----a-w-	c:\windows\system32\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14	296448	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2011-10-12 19:29	109568	----a-w-	c:\windows\system32\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13	83456	----a-w-	c:\windows\system32\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\system32\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08	56832	----a-w-	c:\windows\system32\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47	159232	----a-w-	c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47	65024	----a-w-	c:\windows\system32\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47	56320	----a-w-	c:\windows\system32\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46	13013504	----a-w-	c:\windows\system32\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2011-10-12 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-02 348664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
backup=c:\windows\pss\AML Device Install.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51	919008	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-09-06 11:09	3341464	----a-w-	c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-20 19:33	136176	----atw-	c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47	31016	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 15:06	1840424	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 21:30	421776	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 08:31	2221352	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:17]
.
2012-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170183853-3407646872-2907131391-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 19:33]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
TCP: Interfaces\{39180E6B-1B57-452D-B700-61408F4D9078}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{BF53A056-375F-412E-A7B7-FF019D1970B6}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [MENTION=97929]DenieD[/MENTION]: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] [MENTION=97929]DenieD[/MENTION]: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(2436)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
c:\windows\system32\NetworkExplorer.dll
.
Ora fine scansione: 2012-09-25  13:43:13
ComboFix-quarantined-files.txt  2012-09-25 11:43
.
Pre-Run: 90.649.223.168 byte disponibili
Post-Run: 90.464.886.784 byte disponibili
.
- - End Of File - - 4D51228BA28517E074F2617C09E7A501
 
Ultima modifica:
Pubblicità
Pubblicità
Indietro
Top