Siti che si aprono da soli

[ramset1978]

Ciao,
sia utilizzando Mozilla sia utilizzando I.E. mi si aprono pagine internet da sole.
Ho utilizzato AdwCleaner e Malwarebytes senza successo.
Ora ho provato HiJackThis ma a leggere i risultati proprio non ci riesco.
Qualcuno è disposto, gentilmente, a darmi una mano?
Grazie anticipato!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:54:13, on 15/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Paolo\AppData\Local\ContextFree\nvcmd.exe
C:\Users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GmailNotifierPro] C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [framei] C:\Users\Paolo\AppData\Local\ContextFree\framei.exe
O4 - HKCU\..\Run: [nvcmd] C:\Users\Paolo\AppData\Local\ContextFree\nvcmd.exe
O4 - HKCU\..\Run: [cntcmd] C:\Users\Paolo\AppData\Local\ContextFree\cntcmd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{736E11E9-D141-48B8-894C-0A3C9C0DBB2D}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{736E11E9-D141-48B8-894C-0A3C9C0DBB2D}: NameServer = 62.13.173.92 62.13.173.93
O17 - HKLM\System\CS2\Services\Tcpip\..\{736E11E9-D141-48B8-894C-0A3C9C0DBB2D}: NameServer = 62.13.173.92 62.13.173.93
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6144 bytes

[davide72]

apri gestione attivita>processi > e termina questo cntcmd.exe

poi vai qui C:\Users\Paolo\AppData\Local\ContextFree\cntcmd.exe ed elimina la cartella contextfree

apri Ccleaner >strumenti >avvio
C:\Users\Paolo\AppData\Local\ContextFree\framei.exe clic tasto destro e apri in regedit ed elimina
C:\Users\Paolo\AppData\Local\ContextFree\nvcmd.exe idem
C:\Users\Paolo\AppData\Local\ContextFree\cntcmd.exe idem

riavvia il pc

[ramset1978]

apri gestione attivita>processi > e termina questo cntcmd.exe

poi vai qui C:\Users\Paolo\AppData\Local\ContextFree\cntcmd.exe ed elimina la cartella contextfree

apri Ccleaner >strumenti >avvio
C:\Users\Paolo\AppData\Local\ContextFree\framei.exe clic tasto destro e apri in regedit ed elimina
C:\Users\Paolo\AppData\Local\ContextFree\nvcmd.exe idem
C:\Users\Paolo\AppData\Local\ContextFree\cntcmd.exe idem

riavvia il pc

Ciao davide72,
ho eseguito le tue istruzioni dettagliate ad eccezione del apri gestione attivita>processi > e termina questo cntcmd.exe perchè non processo non era attivo.
Spero che tutto si sia risolto (ti farò sapere più tardi) e ti ringrazio moltissimo, sei stato molto gentile.
Ciao

[davide72]

hai ragione , era questo nvcmd.exe da terminare

[ramset1978]

hai ragione , era questo nvcmd.exe da terminare

avevo dimenticato di scriverlo... si questo chiuso prima di fare il resto.
Ti ringrazio di nuovo, mi hai risolto un grande problema.

[ramset1978]

Siiiiiiiiiiiii! Risoltooooooooo! Grazie davide72!

[Luke57]

Ciao, scarica hijackthis 2.0.5 da qui:
http://goo.gl/woCKyP

esegui una scansione e posta il report

2) Infine apri ccleaner, clicca sulla icona STRUMENTI;
2) seleziona la sezione DISINSTALLAZIONE e, in basso a destra, clicca sul tasto SALVA COME TESTO.
3) salva il REPORT che verrà generato e postalo

[ramset1978]

Grazie Luke57 ma ho già risolto seguendo le dritte di davide72.
Ciao

[davide72]

per scrupolo posta cmq i 2 log richiesti da Luke57 almeno per vedere se ci sono altri programmi sospetti

[ramset1978]

Ok eccoli:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:33:51, on 16/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17207)

FIREFOX: 30.0 (it)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Paolo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GmailNotifierPro] C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5230 bytes


Adobe Flash Player 14 Plugin Adobe Systems Incorporated 07/07/2014 6,00MB 14.0.0.145
Adobe Reader XI (11.0.07) - Italiano Adobe Systems Incorporated 12/05/2014 183,9MB 11.0.07
Antivirus Pro Avira 13/07/2014 187,1MB 14.0.5.464
CCleaner Piriform 22/05/2012 3.19
Chiavetta Internet Huawei Technologies Co.,Ltd 21/12/2013 15.001.02.02.192
Dropbox Dropbox, Inc. 27/05/2014 2.8.2
eMule AdunanzA AduTeam 21/12/2013 16,0MB 3.18
Gmail Notifier Pro IntelliBreeze Software 20/12/2013 23,7MB 5.2.0.0
Hexonic ScanToPDF version 1.0 Hexonic Software 11/07/2014 5,16MB 1.0
Java 7 Update 55 Oracle 20/12/2013 118,4MB 7.0.550
MetaStock Professional 11.0 26/12/2013
Microsoft .NET Framework 4.5.1 Microsoft Corporation 21/12/2013 38,8MB 4.5.50938
Microsoft .NET Framework 4.5.1 (Italiano) Microsoft Corporation 22/12/2013 2,94MB 4.5.50938
Microsoft Office Professional Plus 2010 Microsoft Corporation 25/12/2013 14.0.7015.1000
Microsoft Silverlight Microsoft Corporation 11/03/2014 64,8MB 5.1.30214.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 20/12/2013 16,5MB 10.0.40219
Mozilla Firefox 30.0 (x86 it) Mozilla 14/07/2014 66,9MB 30.0
Mozilla Maintenance Service Mozilla 14/07/2014 0,22MB 30.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 27/12/2013 1,28MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 28/12/2013 1,33MB 4.20.9876.0
NVIDIA Drivers NVIDIA Corporation 21/12/2013 1.4
Pro Evolution Soccer 6 KONAMI 21/12/2013 1.458MB 1.00.0000
Skype™ 6.16 Skype Technologies S.A. 26/05/2014 26,1MB 6.16.105
Updater turbo 3.23 20/12/2013
Visual Trader in C:\VTrader Traderlink Srl 21/12/2013 Versione 5.5
WinRAR ZiCO ft. Dennyseven 20/12/2013 4,29MB 3.42
WinRAR gestione archivi 20/12/2013
Your Uninstaller! 7 URSoft, Inc. 22/12/2013 12,8MB 7.5.2013.2

[Luke57]

Ok

[ramset1978]

Ok

Grazie!

[ramset1978]

HELP ME.... IL PROBLEMA SI è RIPRESENTATO.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:00:03, on 31/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.3 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paolo\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GmailNotifierPro] C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5622 bytes

[davide72]

fai una pulizia con adwclear http://www.bleepingcomputer.com/download/adwcleaner/

[ramset1978]

fai una pulizia con adwclear http://www.bleepingcomputer.com/download/adwcleaner/

Davide ho segutio il tuo consiglio ma non è stato sufficiente, continuano ad aprirsi pagine internet da sole.

# AdwCleaner v3.311 - Rapporto creato 01/11/2014 in 10:25:58
# Aggiornato 30/09/2014 di Xplode
# Sistema operativo : Windows 7 Ultimate Service Pack 1 (32 bits)
# Nome utente : Paolo - PAOLO-PC
# In esecuzione da : C:\Users\Paolo\Downloads\AdwCleaner.exe
# Opzione : Pulisci

***** [ Servizi ] *****


***** [ File / Cartelle ] *****

Cartella Eliminato : C:\Program Files\PC Speed Maximizer
Cartella Eliminato : C:\Users\Paolo\AppData\Local\Genesis_07121002
Cartella Eliminato : C:\Users\Paolo\AppData\Roaming\WebExtend
Cartella Eliminato : C:\Users\Paolo\Documents\PC Speed Maximizer

***** [ Compiti ] *****

Compito Eliminati : LaunchSignup

***** [ Collegamenti ] *****


***** [ Registro ] *****

Chiave Eliminati : HKCU\Software\ContextFree
Chiave Eliminati : HKCU\Software\InstallCore

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344






Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:32:41, on 01/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)

FIREFOX: 32.0.3 (x86 it)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Paolo\Desktop\Pulizia conservare\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [GmailNotifierPro] C:\Program Files\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Dropbox.lnk = Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/f ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Pianificatore (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5435 bytes

[davide72]

allora con malwarebite free http://it.malwarebytes.org/downloads/

[ramset1978]

allora con malwarebite free http://it.malwarebytes.org/downloads/

David72 ti ringrazio per il tuo aiuto, però nemmeno questo software ha risolto il problema.
Temo ci vorrà un intervento manuale come nella precedente occasione, ma io non so dove mettere le mani. Help me!
Ciao

[davide72]

fai start > clic destro su computer > proprietà > protezione sistema > configura > metti la spunta su "disattiva protezione sistema"
premi WIN + R digita msconfig e invia >servizi >metti prima la spunta su "nascondi servizi microsoft" quindi togli la spunta dai servizi avira, applica ok e riavvia il pc

salva combofix obbligatoriamente sul desktop http://www.bleepingcomputer.com/download/combofix/
quindi disconnettiti da internet ed esegui combofix , clicca su NO all' eventuale messaggio d' installazione consolle di ripristino
quindi lascia fare la scansione , al termine posta il log che trovi in C /combofix.txt

[ramset1978]

Fatto... grazie per l'aiuto.

ComboFix 14-10-29.01 - Paolo 01/11/2014 12:51:13.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3071.1527 [GMT 1:00]
Eseguito da: c:\users\Paolo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Files Creati Da 2014-10-01 al 2014-11-01 )))))))))))))))))))))))))))))))))))
.
.
2014-11-01 11:59 . 2014-11-01 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-01 10:11 . 2014-11-01 11:45 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-01 10:11 . 2014-11-01 10:11 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-11-01 10:11 . 2014-10-01 10:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-01 10:11 . 2014-10-01 10:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-01 10:11 . 2014-10-01 10:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-17 17:16 . 2014-10-17 17:16 -------- d-----w- c:\program files\Common Files\Java
2014-10-15 18:20 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-15 18:20 . 2014-06-18 22:23 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 18:20 . 2014-06-18 22:23 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 18:20 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 18:18 . 2014-07-17 01:40 157696 ----a-w- c:\windows\system32\winsta.dll
2014-10-15 18:14 . 2014-07-07 01:40 988160 ----a-w- c:\windows\system32\drmv2clt.dll
2014-10-06 15:51 . 2014-10-06 15:51 -------- d-----w- C:\Imiweb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-27 16:42 . 2013-12-22 09:18 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-27 16:42 . 2013-12-22 09:18 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-10-17 17:15 . 2014-08-08 13:17 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-14 16:16 . 2013-12-27 17:13 37384 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-14 16:16 . 2013-12-27 17:13 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-14 16:16 . 2013-12-27 17:13 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-25 01:40 . 2014-10-01 16:11 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-09 21:47 . 2014-09-24 16:47 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:46 . 2014-08-28 20:00 305152 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GmailNotifierPro"="c:\program files\Gmail Notifier Pro\GmailNotifierPro.exe" [2013-10-12 2827072]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-02 13789728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-10-14 703736]
.
c:\users\Paolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paolo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-09-04 180736]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV32.sys [2009-10-27 105984]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-09-19 108032]
R3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2013-12-21 1343400]
R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-12-13 37352]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2013-05-07 35064]
S1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\DRIVERS\hmd.sys [2013-10-07 15400]
S2 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2014-10-14 806704]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-10-14 431920]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2014-10-14 994096]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2014-10-14 37384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-01 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-01 968504]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-10-18 971752]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-01 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-01 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-10-01 51928]
S3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-11-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-22 16:42]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 62.101.93.101 83.103.25.250
FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\nvtqmpl1.default\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-NPSStartup - (no file)
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]
"value"="?\0a\01\06\0f1\03?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2014-11-01 13:02:57
ComboFix-quarantined-files.txt 2014-11-01 12:02
.
Pre-Run: 71.334.903.808 byte disponibili
Post-Run: 73.636.474.880 byte disponibili
.
- - End Of File - - FE8B92413102E2782CC36CC551755A2D
A36C5E4F47E84449FF07ED3517B43A31

[ramset1978]

Per fatto ovviamente intendo ciò che mi hai chiesto di fare... grazie!!!