infezione e problema con avira

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
bruce
Livello: Chiavetta USB (8/15)
Livello: Chiavetta USB (8/15)
Messaggi: 478
Iscritto il: sab feb 08, 2014 11:41 am

infezione e problema con avira

Messaggio da bruce »

Tutto è iniziato con questo messaggio di errore che mi da' avira all'accensione del pc. L'ombrello è chiuso.
(vedi allegato).

Volevo tentare di disinstallare avira e reinstallarlo ma quando cerco di disinstallarlo me lo impedisce restituendomi sempre questo messaggio di errore. Ho pensato ci fosse qualche virus...

Poi ho navigato per cercare un rimedio e per rimuovere i virus e gli spyware...
Ad ogni click qualsiasi mi si aprono pop up e finestre con mille pubblicità e richieste di scansione varie.
Ho fatto vari tentativi di pulizia, di cui vi allego i report.

Ho fatto tutto ma l'errore di avira persiste (quindi sono senza antivirus) e i pop up proseguono..
Cosa debbo fare?

avira
doc1.docx


adwcleaner
# AdwCleaner v4.201 - Creato file registro eventi 18/04/2015 in 17:31:19
# Aggiornato 08/04/2015 da Xplode
# Database : 2015-04-18.3 [Server]
# Sistema operativo : Windows 7 Professional Service Pack 1 (x86)
# Nome utente : Sara - SARA-PC
# In esecuzione da : C:\Users\Sara\Desktop\adwcleaner_4.201.exe
# Opzione : Pulizia

***** [ Servizi ] *****

[#] Servizio Eliminato : ac0423ae

***** [ File / Cartelle ] *****

Cartella Eliminato : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Cartella Eliminato : C:\Program Files\EZDownloader
Cartella Eliminato : C:\Program Files\bestadblocker
Cartella Eliminato : C:\Program Files\SAAlePoluos
Cartella Eliminato : C:\Program Files\SalePluaso
Cartella Eliminato : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\optkjxy3.default-1419250726174\Extensions\G9uq@AY.edu
Cartella Eliminato : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\optkjxy3.default-1419250726174\Extensions\p@lOII0XxbM.org
Cartella Eliminato : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\optkjxy3.default-1419250726174\Extensions\RrFz8UElCO@t.net
File Eliminato : C:\Users\Public\Desktop\EZDownloader.lnk

***** [ Attività pianificate ] *****


***** [ Collegamenti ] *****


***** [ Registry ] *****

Chiave Eliminato : HKLM\SOFTWARE\Classes\P0d22bf99_7bb7_4e64_92c8_0a3b4c92c155_.P0d22bf99_7bb7_4e64_92c8_0a3b4c92c155_
Chiave Eliminato : HKLM\SOFTWARE\Classes\P0d22bf99_7bb7_4e64_92c8_0a3b4c92c155_.P0d22bf99_7bb7_4e64_92c8_0a3b4c92c155_.9
Chiave Eliminato : HKLM\SOFTWARE\Classes\P66ea57a7_3649_4b2d_ba2c_c70d3206caf4_.P66ea57a7_3649_4b2d_ba2c_c70d3206caf4_
Chiave Eliminato : HKLM\SOFTWARE\Classes\P66ea57a7_3649_4b2d_ba2c_c70d3206caf4_.P66ea57a7_3649_4b2d_ba2c_c70d3206caf4_.9
Chiave Eliminato : HKLM\SOFTWARE\554bd24b-c956-76b9-2178-9d0faf8d4f63
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ac0423ae}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{0d22bf99-7bb7-4e64-92c8-0a3b4c92c155}
Chiave Eliminato : HKLM\SOFTWARE\Classes\CLSID\{66ea57a7-3649-4b2d-ba2c-c70d3206caf4}
Chiave Eliminato : HKLM\SOFTWARE\Classes\TypeLib\{5D9FB48A-5CE2-4118-B19F-F88ADDB0F814}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d22bf99-7bb7-4e64-92c8-0a3b4c92c155}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66ea57a7-3649-4b2d-ba2c-c70d3206caf4}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0d22bf99-7bb7-4e64-92c8-0a3b4c92c155}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{66ea57a7-3649-4b2d-ba2c-c70d3206caf4}
Chiave Eliminato : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Chiave Eliminato : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chiave Eliminato : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Chiave Eliminato : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Chiave Eliminato : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B696F285-F54E-2524-58B1-E06A70ABE6BE}

***** [ Browser web ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v37.0.1 (x86 it)

[optkjxy3.default-1419250726174\prefs.js] - Linea Eliminato : user_pref("extensions.wRz7DyeJwns51IqX.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHkFpdwFrTUGqjw7pdwFrTn7\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\[...]
[optkjxy3.default-1419250726174\prefs.js] - Linea Eliminato : user_pref("extensions.zThDuz4C1oXxCTIP.scode", "(function(){try{if(window.self.location.href.indexOf(\"qHkFpdwFrTUGqjw7pdwFrTn7\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\[...]

-\\ Pale Moon v


-\\ Google Chrome v42.0.2311.90


-\\ Chromium v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [19045 byte] - [12/04/2015 19:50:23]
AdwCleaner[R1].txt - [1005 byte] - [12/04/2015 19:57:36]
AdwCleaner[R2].txt - [4653 byte] - [18/04/2015 17:28:34]
AdwCleaner[S0].txt - [11628 byte] - [12/04/2015 19:52:22]
AdwCleaner[S1].txt - [4549 byte] - [18/04/2015 17:31:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4607 byte] ##########
combo
ComboFix 15-04-14.01 - Sara 14/04/2015 20:37:06.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.39.1040.18.3062.2309 [GMT 2:00]
Eseguito da: c:\users\Sara\Desktop\abc.exe.exe
Opzioni usate :: c:\users\Sara\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
FILE ::
"c:\users\Sara\AppData\Local\Facebook\Update\FacebookUpdate.exe"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416608333-1399883476-1472442956-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3416608333-1399883476-1472442956-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Bamboo Dock
c:\program files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Bamboo_128.png
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Bamboo_16.png
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Bamboo_32.png
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Bamboo_48.png
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Bamboo_64.png
c:\program files\Bamboo Dock\Bamboo Dock\bin\appicon\Thumbs.db
c:\program files\Bamboo Dock\Bamboo Dock\bin\main.swf
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\countryStaticInfo.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\defaultItems.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\globalSettings.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\locale\locale.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\membersReferencesTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\socketsConfigurationTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\tabletItems.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\unitDescriptorTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\userItemsTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\usersSettingsTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\bin\xml\widgetsRepositoryTemplate.xml
c:\program files\Bamboo Dock\Bamboo Dock\default\bamboo_dock.db
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\animator.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\artrage.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\bamboo_calculator.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\bamboo_link.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\bamboo_scribe.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\bamboo_space.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\bird.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\generic.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\HWR.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\HWR64.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_animator.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_bamboopaper.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_blockfactory.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_bloked.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_cutter.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_dimlicious.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_doodleblast.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_doodler.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_drawtweet.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_evernote_new.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_fingerforest.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_fpo.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_freethebird.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_fruitfinder.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_intouch.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_inudge.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_kickIt.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_landmarker.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_livebrush.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_mahjongg.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_monnalisa.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_montmartre.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_moof.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_op5.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_papercakes.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_penfight.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_radio.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_sandysigns.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_skinink.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_sumopaint.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_uniboard.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_zzing.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\icon_zznare.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\inTouch_dock.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\iNudge.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\landmarker.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\livebrush.PNG
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\mahjongg.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\mona_lisa.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\PaperCakesIcon.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\pe4.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\pen_settings.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\penfight.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\pse5.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\pse6.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\pse7.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\sandysigns.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\Thumbs.db
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\tutorial.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\zzing.png
c:\program files\Bamboo Dock\Bamboo Dock\default\icons\zznare.png
c:\program files\Bamboo Dock\Bamboo Dock\default\widgets\BambooPaper.wcm
c:\program files\Bamboo Dock\Bamboo Dock\default\widgets\FreeTheBird.wcm
c:\program files\Bamboo Dock\Bamboo Dock\default\widgets\Landmarker.wcm
c:\program files\Bamboo Dock\Bamboo Dock\default\widgets\MonaLisa.wcm
c:\program files\Bamboo Dock\Bamboo Dock\default\xml\members.xml
c:\program files\Bamboo Dock\Bamboo Dock\default\xml\members_new_060609.xml
c:\program files\Bamboo Dock\Bamboo Dock\default\xml\settings.xml
c:\program files\Bamboo Dock\Bamboo Dock\META-INF\AIR\application.xml
c:\program files\Bamboo Dock\Bamboo Dock\META-INF\AIR\hash
c:\program files\Bamboo Dock\Bamboo Dock\META-INF\signatures.xml
c:\program files\Bamboo Dock\Bamboo Dock\mimetype
c:\program files\Bamboo Dock\BambooCore.exe
c:\program files\Bamboo Dock\BambooWinTab.dll
c:\program files\Bamboo Dock\uninst.exe
c:\users\Sara\AppData\Local\Facebook\Update
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Sara\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2015-03-14 al 2015-04-14 )))))))))))))))))))))))))))))))))))
.
.
2015-04-14 18:51 . 2015-04-14 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-12 20:27 . 2015-04-12 20:27 17344 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-04-12 20:27 . 2015-04-12 20:27 -------- d-----w- c:\users\Sara\AppData\Roaming\GlarySoft
2015-04-12 20:27 . 2015-04-12 20:27 -------- d-----w- c:\users\Sara\AppData\Roaming\DiskDefrag
2015-04-12 20:27 . 2015-04-14 18:53 -------- d-----w- c:\program files\Glary Utilities 5
2015-04-12 19:25 . 2015-04-12 19:25 35992 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2015-04-12 18:40 . 2015-04-12 18:40 -------- d-----w- c:\program files\HitmanPro
2015-04-12 18:37 . 2015-04-12 19:24 -------- d-----w- c:\programdata\HitmanPro
2015-04-12 18:06 . 2015-04-12 18:08 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-12 18:06 . 2014-11-21 04:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-12 18:06 . 2014-11-21 04:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-12 17:50 . 2015-04-12 17:59 -------- d-----w- C:\AdwCleaner
2015-04-05 15:27 . 2015-04-05 15:28 -------- d-s---w- c:\windows\system32\GWX
2015-03-24 18:35 . 2015-03-11 03:29 818176 ----a-w- c:\windows\system32\appraiser.dll
2015-03-24 18:35 . 2015-03-11 03:30 534528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-24 18:35 . 2015-03-11 03:30 623616 ----a-w- c:\windows\system32\invagent.dll
2015-03-24 18:35 . 2015-03-11 03:29 327168 ----a-w- c:\windows\system32\devinv.dll
2015-03-24 18:35 . 2015-03-11 03:29 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-24 18:35 . 2015-03-11 03:29 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-24 18:35 . 2015-03-11 03:29 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-24 18:35 . 2015-03-11 03:26 892928 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-13 18:08 . 2014-08-03 15:56 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2015-03-28 18:37 . 2012-10-30 16:01 778928 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-03-28 18:37 . 2012-10-30 16:01 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-06 05:15 . 2015-03-10 19:31 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:15 . 2015-03-10 19:31 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:10 . 2015-03-10 19:31 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-06 05:10 . 2015-03-10 19:31 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-06 05:10 . 2015-03-10 19:31 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-06 05:10 . 2015-03-10 19:31 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-06 05:10 . 2015-03-10 19:31 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-06 05:10 . 2015-03-10 19:31 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-06 05:10 . 2015-03-10 19:31 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-06 05:10 . 2015-03-10 19:31 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-06 05:10 . 2015-03-10 19:31 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-06 05:10 . 2015-03-10 19:31 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-06 05:10 . 2015-03-10 19:31 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-06 05:09 . 2015-03-10 19:31 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-06 05:09 . 2015-03-10 19:31 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-06 05:07 . 2015-03-10 19:31 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-06 05:07 . 2015-03-10 19:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-06 05:06 . 2015-03-10 19:31 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-02-26 03:11 . 2015-03-10 19:33 2381312 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:13 . 2015-03-10 19:31 26624 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:13 . 2015-03-10 19:31 70656 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:13 . 2015-03-10 19:31 10240 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:13 . 2015-03-10 19:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 03:09 . 2015-03-10 19:31 299008 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 02:22 . 2015-03-10 19:33 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-02-20 02:22 . 2015-03-10 19:33 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:09 . 2015-03-10 19:33 503296 ----a-w- c:\windows\system32\vbscript.dll
2015-02-20 02:08 . 2015-03-10 19:33 62464 ----a-w- c:\windows\system32\iesetup.dll
2015-02-20 02:08 . 2015-03-10 19:33 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-10 19:33 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-02-20 01:56 . 2015-03-10 19:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2015-02-20 01:56 . 2015-03-10 19:33 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-02-20 01:56 . 2015-03-10 19:33 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-20 01:50 . 2015-03-10 19:33 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 01:41 . 2015-03-10 19:33 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-10 19:33 4300288 ----a-w- c:\windows\system32\jscript9.dll
2015-02-20 01:24 . 2015-03-10 19:33 2052608 ----a-w- c:\windows\system32\inetcpl.cpl
2015-02-20 01:23 . 2015-03-10 19:33 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:01 . 2015-03-10 19:33 1888256 ----a-w- c:\windows\system32\wininet.dll
2015-02-17 14:26 . 2015-02-17 14:26 1217184 ----a-w- c:\windows\system32\FM20.DLL
2015-02-04 02:54 . 2015-03-10 19:31 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-03 03:16 . 2015-03-10 19:33 3973048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-02-03 03:16 . 2015-03-10 19:33 3917760 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-03 03:16 . 2015-03-10 19:33 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:12 . 2015-03-10 19:33 617984 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-10 19:33 179200 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:12 . 2015-03-10 19:33 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-10 19:31 171520 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:12 . 2015-03-10 19:33 400896 ----a-w- c:\windows\system32\srcore.dll
2015-02-03 03:12 . 2015-03-10 19:33 43008 ----a-w- c:\windows\system32\srclient.dll
2015-02-03 03:12 . 2015-03-10 19:33 4096 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:12 . 2015-03-10 19:33 4096 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:12 . 2015-03-10 19:33 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:12 . 2015-03-10 19:33 1329664 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:12 . 2015-03-10 19:33 519680 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:12 . 2015-03-10 19:33 442880 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-10 19:33 157184 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:12 . 2015-03-10 19:33 28160 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:12 . 2015-03-10 19:33 8192 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:12 . 2015-03-10 19:33 504320 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:12 . 2015-03-10 19:33 265216 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:12 . 2015-03-10 19:33 10752 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:12 . 2015-03-10 19:33 3209728 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:12 . 2015-03-10 19:33 354816 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:12 . 2015-03-10 19:33 103424 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:12 . 2015-03-10 19:33 489984 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:12 . 2015-03-10 19:33 275968 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:12 . 2015-03-10 19:33 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:12 . 2015-03-10 19:33 406016 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-10 19:33 1174528 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:12 . 2015-03-10 19:33 81408 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:12 . 2015-03-10 19:33 1005056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:12 . 2015-03-10 19:33 143872 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:12 . 2015-03-10 19:33 103936 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:12 . 2015-03-10 19:33 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-02-03 03:12 . 2015-03-10 19:33 744960 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:12 . 2015-03-10 19:33 475136 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:12 . 2015-03-10 19:33 27648 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:12 . 2015-03-10 19:33 50688 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:12 . 2015-03-10 19:33 374784 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:12 . 2015-03-10 19:33 195584 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:12 . 2015-03-10 19:33 69632 ----a-w- c:\windows\system32\smss.exe
2015-02-03 03:11 . 2015-03-10 19:33 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-02-03 03:11 . 2015-03-10 19:33 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:11 . 2015-03-10 19:33 9728 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:11 . 2015-03-10 19:33 8192 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:11 . 2015-03-10 19:33 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:11 . 2015-03-10 19:33 96768 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:11 . 2015-03-10 19:33 100864 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:11 . 2015-03-10 19:33 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:11 . 2015-03-10 19:33 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:10 . 2015-03-10 19:33 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:09 . 2015-03-10 19:33 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:08 . 2015-03-10 19:33 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-02-03 03:00 . 2015-03-10 19:33 593920 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 02:26 . 2015-03-10 19:33 50176 ----a-w- c:\windows\system32\drivers\appid.sys
2015-01-30 23:56 . 2015-03-10 19:33 370488 ----a-w- c:\windows\system32\drivers\cng.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2015-03-30 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^Sara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Sara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 06:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 15:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2014-12-16 20:24 702768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2011-01-13 02:01 6129496 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 13:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2014-10-02 12:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-10-01 09:43 22065760 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2015-04-12 35992]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-02-20 102912]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-27 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2015-04-12 17344]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-12-16 431920]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-03 18:46 1061704 ----a-w- c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2015-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 18:37]
.
2015-04-14 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2015-03-30 06:06]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-26 17:52]
.
2015-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-26 17:52]
.
.
------- Scansione supplementare -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\optkjxy3.default-1419250726174\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-Facebook Update - c:\users\Sara\AppData\Local\Facebook\Update\FacebookUpdate.exe
AddRemove-Bamboo Dock - c:\program files\Bamboo Dock\uninst.exe
.
.
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Glary Utilities 5\Integrator.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2015-04-14 20:59:26 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2015-04-14 18:59
ComboFix2.txt 2015-04-12 19:58
.
Pre-Run: 205.970.288.640 byte disponibili
Post-Run: 206.090.641.408 byte disponibili
.
- - End Of File - - E6F5C6AD50A90DB63533033F3053D524
A36C5E4F47E84449FF07ED3517B43A31
malwarebytes
Malwarebytes Anti-Malware
www.malwarebytes.org

Data scansione: 13/04/2015
Ora scansione: 20:08:46
File di log:
Amministratore: Si

Versione: 2.00.4.1028
Database malware: v2015.04.13.06
Database rootkit: v2015.03.31.01
Licenza: Free
Protezione da malware: Disattivata
Protezione da siti web nocivi: Disattivata
Autoprotezione: Disattivata

SO: Windows 7 Service Pack 1
CPU: x86
File system: NTFS
Utente: Sara

Tipo di scansione: Scansione elementi nocivi
Risultati: Completata
Elementi analizzati: 350038
Tempo impiegato: 23 min, 1 sec

Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Euristica: Attivata
PUP: Avviso
PUM: Attivata

Processi: 0
(Nessun elemento malevolo rilevato)

Moduli: 0
(Nessun elemento malevolo rilevato)

Chiavi di registro: 1
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Spostato in quarantena, [3ae0ff6d454588ae92afd56bed166a96],

Valori di registro: 0
(Nessun elemento malevolo rilevato)

Dati di registro: 0
(Nessun elemento malevolo rilevato)

Cartelle: 0
(Nessun elemento malevolo rilevato)

File: 4
PUP.Optional.AZLyrics.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, Spostato in quarantena, [3bdf6507c6c46acca186efe47e8506fa],
PUP.Optional.AZLyrics.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Spostato in quarantena, [aa70e983e5a589ad2601ede61ae94fb1],
PUP.Optional.SelectNGo.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Spostato in quarantena, [7aa06a02fa9093a379297580c63dbf41],
PUP.Optional.SelectNGo.A, C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Spostato in quarantena, [e733f17bd5b596a0990934c124df0bf5],

Settori fisici: 0
(Nessun elemento malevolo rilevato)


(end)
hijack
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:00:46, on 15/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)

FIREFOX: 37.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Glary Utilities 5\Integrator.exe
C:\Users\Sara\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

--
End of file - 5186 bytes

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: infezione e problema con avira

Messaggio da System » sab apr 18, 2015 6:50 pm


Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 8695
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:

Re: infezione e problema con avira

Messaggio da crazy.cat »

Prova intanto questo per avira http://www.avira.com/it/support-for-hom ... l/kbid/902
Poi fai una scansione con kaspersky removal tool.

Controlla tra le applicazioni installate se trovi qualche voce strana che non riconosci e disinstallala
“La vita è come andare in bicicletta. Per mantenere l’equilibrio devi muoverti.”

Avatar utente
bruce
Livello: Chiavetta USB (8/15)
Livello: Chiavetta USB (8/15)
Messaggi: 478
Iscritto il: sab feb 08, 2014 11:41 am

Re: infezione e problema con avira

Messaggio da bruce »

ho risolto con avira registry cleaner e JRT...

grazie

Avatar utente
Christian
Livello: CD-ROM (4/15)
Livello: CD-ROM (4/15)
Messaggi: 57
Iscritto il: mar apr 28, 2015 9:19 pm

Re: infezione e problema con avira

Messaggio da Christian »

Ciao Bruce, ti consiglio anche come alternativa Avast Antivirus, un buon antivirus ( occupa un pò di memoria ) ma ha parecchie impostazioni da personalizzare, tra cui tra l'altro la protezione per le mail.
:ciao

System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: infezione e problema con avira

Messaggio da System » mer mag 06, 2015 8:41 pm


Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio