www.MegaLab.it

[Pancrazio]

Il problema mi è cominciato due giorni fa quando il mio antivirus 'Avira' mi rende noto che ho un virus nel drive 'Record master di avvio dell'Hard Disk 0' e nel 'In Record di avvio del drive C'. Nessun problema, clicco su 'Dettagli' ma non appare nulla. Bene, quindi provo a fare una scansione ed il virus(il cui nome è 'BOO/TDss.O')viene rilevato nuovamente ed al termine di essa, mi compare la voce 'Scarica strumento di riparazione' e le altre non comparivano. Ho provato a fare scansioni con Malwarebytes Anti-Malware e TDDskiller che non rilevano un'acca. Ho provato anche a scaricare il fantomatico strumento di riparazione. Ma una volta riavviato il computer, esso andava pianissimo e quando si è riacceso(dopo circa un paio d'ore), ho provato ad effettuare una scansione con Avira Profesional(che corrisponde allo strumento di riparazione)ma mi diceva che la mia licenza era scaduta. Quindi, ho dovuto disinstallare Avira e reinstallarlo ma la situazione non è cambiata. Una domanda: ma siamo proprio sicuri che esso sia un reale virus? E se fosse un falso positivo? Per favore, vi chiedo consigli su come 'tagliare la testa al toro' se sia reale oppure no o per rimuovere questo virus(nel caso fosse reale). Un grazie mille, per qualunque risposta.

[stevens]

facciamo una verifica se c'e' realmente un'infezione dovrebbe saltare fuori

scarica combofix sul desktop
(non installare la recovery console)
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[Pancrazio]

ComboFix 13-12-01.01 - xxx 02/12/2013 19:42:21.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1040.18.8158.5904 [GMT 1:00]
Eseguito da: C:\Users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\ntuser.dat
C:\Users\XXX\AppData\Roaming\inst.exe
C:\Users\XXX\AppData\Roaming\vso_ts_preview.xml
C:\Windows\SysWow64\FlashPlayerApp.exe


((((((((((((((((((((((((( Files Creati Da 2013-11-02 al 2013-12-02 )))))))))))))))))))))))))))))))))))


2013-12-02 18:46:49 . 2013-12-02 18:46:49 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-12-02 18:46:49 . 2013-12-02 18:46:49 -------- d-----w- C:\Users\Public\AppData\Local\temp
2013-12-02 18:46:49 . 2013-12-02 18:46:49 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-11-28 23:59:06 . 2013-11-28 23:59:06 -------- d-----w- C:\Users\XXX\AppData\Roaming\Avira
2013-11-28 23:57:02 . 2013-11-28 23:57:02 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-11-28 23:57:02 . 2013-11-28 23:57:02 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-11-28 23:56:22 . 2013-11-28 23:56:22 -------- d-----w- C:\ProgramData\APN
2013-11-28 23:55:37 . 2013-11-28 23:54:28 83160 ----a-w- C:\Windows\system32\drivers\avnetflt.sys
2013-11-28 23:55:37 . 2013-11-28 23:54:28 28600 ----a-w- C:\Windows\system32\drivers\avkmgr.sys
2013-11-28 23:55:37 . 2013-11-28 23:54:28 132600 ----a-w- C:\Windows\system32\drivers\avipbb.sys
2013-11-28 23:55:37 . 2013-11-28 23:54:28 106904 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2013-11-28 23:55:36 . 2013-11-28 23:55:36 -------- d-----w- C:\ProgramData\Avira
2013-11-28 23:55:36 . 2013-11-28 23:55:36 -------- d-----w- C:\Program Files (x86)\Avira
2013-11-18 11:05:35 . 2013-11-08 20:47:40 1064224 ----a-w- C:\Windows\system32\nvspcap64.dll
2013-11-18 11:05:35 . 2013-11-08 20:47:39 955168 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-11-18 11:04:24 . 2013-09-27 23:01:44 39200 ----a-w- C:\Windows\system32\drivers\nvvad64v.sys
2013-11-18 11:04:24 . 2013-09-27 23:01:38 28960 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-11-11 20:26:49 . 2013-11-11 20:26:49 -------- d-----w- C:\Users\XXX\AppData\Local\NVIDIA
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

2013-11-20 16:53:44 . 2012-10-21 14:40:38 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-20 16:53:43 . 2012-10-21 14:40:32 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-11-20 10:20:20 . 2011-05-17 15:50:45 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-18 12:04:53 . 2012-10-21 14:44:49 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-10-18 11:34:03 . 2012-10-21 14:40:38 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-08 05:50:37 . 2013-10-21 23:47:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-03 17:26:20 . 2011-01-25 19:19:39 122904 ----a-w- C:\Windows\system32\OpenAL32.dll
2013-10-03 17:26:20 . 2011-01-25 19:19:39 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-09-27 23:01:38 . 2013-10-01 19:04:32 29984 ----a-w- C:\Windows\system32\nvaudcap64v.dll
2013-09-12 08:58:10 . 2013-10-01 19:04:26 13628208 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:23 13628208 ----a-w- C:\Windows\SysWow64\SETD9FF.tmp
2013-09-12 08:58:10 . 2013-10-01 18:17:22 29337376 ----a-w- C:\Windows\system32\nvoglv64.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:22 22102304 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:22 11274528 ----a-w- C:\Windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:58:10 . 2013-10-01 18:17:13 15703688 ----a-w- C:\Windows\system32\nvd3dumx.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:12 2970400 ----a-w- C:\Windows\system32\nvcuvid.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:12 2789152 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:12 2367264 ----a-w- C:\Windows\system32\nvcuvenc.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:12 2007328 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:11 9281032 ----a-w- C:\Windows\system32\nvcuda.dll
2013-09-12 08:58:10 . 2013-10-01 18:17:11 7720576 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2013-09-12 08:58:10 . 2013-10-01 18:16:43 25256224 ----a-w- C:\Windows\system32\nvcompiler.dll
2013-09-12 08:58:10 . 2013-10-01 18:16:41 2630304 ----a-w- C:\Windows\SysWow64\nvapi.dll
2013-09-12 08:58:10 . 2013-10-01 18:16:41 17560352 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 7648000 ----a-w- C:\Windows\system32\nvopencl.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 681760 ----a-w- C:\Windows\system32\NvFBC64.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 6329552 ----a-w- C:\Windows\SysWow64\nvopencl.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 603424 ----a-w- C:\Windows\system32\NvIFR64.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 586016 ----a-w- C:\Windows\SysWow64\NvFBC.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 515360 ----a-w- C:\Windows\SysWow64\NvIFR.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 317472 ----a-w- C:\Windows\system32\nvoglshim64.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 266984 ----a-w- C:\Windows\SysWow64\nvoglshim32.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 1884448 ----a-w- C:\Windows\system32\nvdispco6432723.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 168616 ----a-w- C:\Windows\system32\nvinitx.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 15901448 ----a-w- C:\Windows\system32\nvwgf2umx.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 1511712 ----a-w- C:\Windows\system32\nvdispgenco6432723.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 141336 ----a-w- C:\Windows\SysWow64\nvinit.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 12947360 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-09-12 08:58:10 . 2013-10-01 17:28:23 1222824 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
2013-09-12 08:58:10 . 2012-09-15 11:30:43 1412832 ----a-w- C:\Windows\system32\nvumdshimx.dll
2013-09-12 08:58:10 . 2011-01-25 00:33:18 2986672 ----a-w- C:\Windows\system32\nvapi64.dll
2013-09-12 07:25:43 . 2010-10-19 01:25:40 6599968 ----a-w- C:\Windows\system32\nvcpl.dll
2013-09-12 07:25:43 . 2010-10-19 01:25:28 3452192 ----a-w- C:\Windows\system32\nvsvc64.dll
2013-09-12 07:25:40 . 2010-10-19 01:25:28 920864 ----a-w- C:\Windows\system32\nvvsvc.exe
2013-09-12 07:25:40 . 2010-10-19 01:25:28 63776 ----a-w- C:\Windows\system32\nvshext.dll
2013-09-12 07:25:40 . 2010-10-19 01:25:28 2559776 ----a-w- C:\Windows\system32\nvsvcr.dll
2013-09-12 07:25:40 . 2010-10-19 01:25:28 219424 ----a-w- C:\Windows\system32\nvmctray.dll
2013-09-11 23:17:50 . 2013-09-11 23:17:50 571168 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-09-11 22:06:31 . 2012-09-15 11:34:26 3361114 ----a-w- C:\Windows\system32\nvcoproc.bin


((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))


*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 18:43:19 12240 ----a-w- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-10-23 18:43:19 12240]

[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:39:41 1475072]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 09:20:12 1305408]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2013-10-30 19:25:54 1820584]
"ISUSPM Startup"="c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 14:30:30 249856]
"HW_OPENEYE_OUC_Hi Suite"="C:\Program Files (x86)\Hi Suite\UpdateDog\ouc.exe" [2011-09-02 13:54:42 206688]
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 02:38:14 908160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 08:40:16 180224]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 07:16:26 254336]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-28 23:53:06 683576]
"ApnTBMon"="C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-10-23 18:43:19 1673680]

C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Adolfo\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\fxxandroidusb.sys;C:\Windows\SYSNATIVE\Drivers\fxxandroidusb.sys [x]
R3 hid7906;MAP2A10K;C:\Windows\system32\drivers\hid7906.sys;C:\Windows\SYSNATIVE\drivers\hid7906.sys [x]
R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys;C:\Windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 qcusbser;USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\FXX\qcusbser.sys;C:\Windows\SYSNATIVE\DRIVERS\FXX\qcusbser.sys [x]
R4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R4 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys;C:\Windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys;C:\Windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys;C:\Windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 AntiVirSchedulerService;Avira Pianificatore;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 APNMCP;Servizio di aggiornamento Ask;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avnetflt;avnetflt;C:\Windows\system32\DRIVERS\avnetflt.sys;C:\Windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys;C:\Windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys;C:\Windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\system32\drivers\nvvad64v.sys;C:\Windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]


Contenuto della cartella 'Scheduled Tasks'

2013-12-02 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 10:37:49 . 2013-11-20 10:20:20]

2013-12-02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 16:45:54 . 2011-03-24 16:45:51]

2013-12-02 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 16:45:54 . 2011-03-24 16:45:51]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-10-23 18:43:19 13776 ----a-w- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" [2013-10-23 18:43:19 13776]

[HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 07:00:00 10038304]
"Linksys Wireless Manager"="C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 05:19:22 1366064]
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 20:46:18 1028384]
"ShadowPlay"="C:\Windows\system32\nvspcap64.dll" [2013-11-08 20:47:40 1064224]

------- Scansione supplementare -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 91.80.37.100 91.80.36.136
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB

- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll
BHO-{c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
Toolbar-{48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - (valore non impostato)
AddRemove-Call of Duty: Black Ops_is1 - D:\Videogiochi\Call of Duty - Black Ops\unins000.exe
AddRemove-PunkBusterSvc - C:\Windows\system32\pbsvc.exe
AddRemove-VideoDownloadConverter - C:\Program Files (x86)\VideoDownloadConverter\uninstall.exe
AddRemove-{AD3E68F5-D141-49C0-B002-28B48030B902}_is1 - D:\Videogiochi\Rome Total War\[First select your RTW where EB1.1 is

[stevens]

combofix non evidenzia infezioni particolarmente dannose , prova ad aggiornare avira e vedi se lo rileva ancora
fai anche questa scansione

scarica aswMBR sul desktop.

Fare doppio clic sull'icona aswMBR.exe per eseguirlo
Fare clic sul pulsante Scan per avviare la ricerca
Al termine della scansione, fare clic sul pulsante di salvataggio log, salvalo sul desktop e post-it nella sua risposta successiva.

[Pancrazio]

[MEMO]aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-03 09:59:06
-----------------------------
09:59:06.214 OS Version: Windows x64 6.1.7600
09:59:06.214 Number of processors: 4 586 0x1E05
09:59:06.214 ComputerName: XXX UserName: XXX
09:59:07.369 Initialize success
09:59:14.745 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
09:59:14.745 Disk 0 Vendor: ST3250318AS HP11 Size: 238475MB BusType: 3
09:59:14.745 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
09:59:14.745 Disk 1 Vendor: WDC_WD5001AALS-00E3A0 05.01D05 Size: 476940MB BusType: 3
09:59:14.776 Disk 0 MBR read successfully
09:59:14.776 Disk 0 MBR scan
09:59:14.776 Disk 0 Windows 7 default MBR code
09:59:14.776 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238456 MB offset 63
09:59:14.807 Disk 0 Partition 2 00 17 Hidd HPFS/NTFS NTFS 10 MB offset 488359936
09:59:14.854 Disk 0 scanning C:\Windows\system32\drivers
09:59:27.428 Service scanning
09:59:42.419 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
09:59:46.710 Modules scanning
09:59:46.710 Disk 0 trace - called modules:
09:59:46.741 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80074302c0]<<spqa.sys ataport.SYS pciide.sys
09:59:46.741 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007877060]
09:59:46.756 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa80075509b0]
09:59:46.756 5 ACPI.sys[fffff8800100b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8007596060]
09:59:46.756 \Driver\atapi[0xfffffa800754f920] -> IRP_MJ_CREATE -> 0xfffffa80074302c0
09:59:46.772 Scan finished successfully
10:00:17.067 Disk 0 MBR has been saved successfully to "C:\Users\XXX\Desktop\MBR.dat"
10:00:17.067 The log file has been saved successfully to "C:\Users\XXX\Desktop\aswMBR.txt"[/MEMO]

[stevens]

mi serve un altro controllo per maggior sicurezza

Scarica MBRCheck, e e salvalo sul desktop

http://ad13.geekstogo.com/MBRCheck.exe

Chiudi tutti i programmi.
Doppio click su MBRCheck, che hai scaricato sul desktop, ed eseguilo.
Attendi la fine della scansione.
Finita la scansione (dura pochissimo) ti appare nella finestra questa scritta:

Found non-standard or infected MBR.
Oppure:
Windows xp MBR code detected.

Dimmi quale delle due ti compare.

[Pancrazio]

Mi compare questo messaggio 'Windows 7 MBR code detected' su entrambi i dischi rigidi. Ti devo postare anche il log?

[stevens]

Mi compare questo messaggio 'Windows 7 MBR code detected' su entrambi i dischi rigidi. Ti devo postare anche il log?

mi fido se e' scritto cosi' dovrebbe essere a posto

ma hai sempre la segnalazione da avira?

[Pancrazio]

Quei due messaggi mi appaiono solamente quando mi si accende il computer e quando effettuo una scansione con Avira(che è aggiornato giornalmente).

[stevens]

vediamo se c'e' qualche altro dettaglio

scarica Farbar Recovery Scan Tool sul desktop
Devi scaricare la versione(32 o 64 bit compatibile con il tuo sistema)
•Doppio click per avviarlo.
•Quando ti chiede di accettare le condizioni clicca su yes.
•Clicca sul pulsante SCAN
•Quando finito il tool creerà nella stessa directory di dove è posizionato FRST un log chiamato FRST.txt.
Allegalo nel forum

[Pancrazio]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013
Ran by Adolfo (administrator) on XXX on 03-12-2013 10:35:56
Running from C:\Users\XXX\Downloads
Windows 7 Ultimate (X64) OS Language: Italian Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [Linksys Wireless Manager] - C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [1366064 2009-07-09] (Cisco Systems, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [ISUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKCU\...\Run: [HW_OPENEYE_OUC_Hi Suite] - C:\Program Files (x86)\Hi Suite\UpdateDog\ouc.exe [206688 2011-09-02] ()
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [908160 2010-03-16] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [180224 2010-04-12] (PowerISO Computing, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-29] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1673680 2013-10-23] (APN)
Startup: C:\Users\Adolfo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Adolfo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Adolfo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\old ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA71982E1E580CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Before = http://search.b1.org/?bsrc=hmior&chid=c167991
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page Before = http://search.b1.org/?bsrc=hmior&chid=c167991
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatche ... tp=bs&qkw={searchTerms}&tbid=60446
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DEDAF650-12B8-48f5-A843-BBA100716106} - No File
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll No File
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll No File
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/stati ... 0.80.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 91.80.37.100 91.80.36.136

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
FF Plugin-x32: @VideoDownloadConverter_ScriptHelper.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: No Name - C:\Users\Adolfo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions
FF Extension: No Name - C:\Users\Adolfo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\prefs.js
FF Extension: trtv3 - C:\Users\Adolfo\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-10-23] (APN LLC.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-20] ()
S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 VideoDownloadConverter_4zService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\fxxandroidusb.sys [31744 2011-03-22] (Google Inc)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2011-01-28] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-03-06] (DT Soft Ltd)
S3 hid7906; C:\Windows\SysWow64\drivers\hid7906.sys [34793 2007-05-23] (Compuware Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2011-01-28] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\FXX\qcusbser.sys [364288 2011-03-22] (QUALCOMM Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2011-03-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 aswMBR; \??\C:\Users\XXX\AppData\Local\Temp\aswMBR.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 10:35 - 2013-12-03 10:36 - 00016477 _____ C:\Users\XXX\Downloads\FRST.txt
2013-12-03 10:35 - 2013-12-03 10:35 - 00000000 ____D C:\FRST
2013-12-03 10:34 - 2013-12-03 10:35 - 01959434 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-12-03 10:22 - 2013-12-03 10:22 - 00013311 _____ C:\Users\XXX\Desktop\MBRCheck_12.03.13_10.22.22.txt
2013-12-03 10:21 - 2013-12-03 10:21 - 00080384 _____ C:\Users\XXX\Desktop\MBRCheck.exe
2013-12-03 10:21 - 2013-12-03 10:21 - 00013859 _____ C:\Users\XXX\Desktop\MBRCheck_12.03.13_10.21.40.txt
2013-12-03 10:00 - 2013-12-03 10:04 - 00001966 _____ C:\Users\XXX\Desktop\aswMBR.txt
2013-12-03 10:00 - 2013-12-03 10:00 - 00000512 _____ C:\Users\XXX\Desktop\MBR.dat
2013-12-03 09:58 - 2013-12-03 09:58 - 04745728 _____ (AVAST Software) C:\Users\Adolfo\Desktop\aswMBR.exe
2013-12-02 14:08 - 2013-12-02 14:13 - 00000222 _____ C:\Users\XXX\Desktop\Lego Il Signore degli Anelli.url
2013-12-01 12:19 - 2013-12-01 12:19 - 00000222 _____ C:\Users\XXX\Desktop\Euro Truck Simulator 2.url
2013-11-29 00:59 - 2013-11-29 00:59 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Avira
2013-11-29 00:57 - 2013-11-29 00:57 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-29 00:57 - 2013-11-29 00:57 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-29 00:56 - 2013-11-29 00:56 - 00000000 ____D C:\ProgramData\APN
2013-11-29 00:55 - 2013-11-29 00:55 - 00002077 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-29 00:55 - 2013-11-29 00:55 - 00000000 ____D C:\ProgramData\Avira
2013-11-29 00:55 - 2013-11-29 00:55 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-29 00:55 - 2013-11-29 00:54 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-29 00:55 - 2013-11-29 00:54 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-29 00:55 - 2013-11-29 00:54 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-29 00:55 - 2013-11-29 00:54 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 00:47 - 2013-11-29 00:47 - 02294160 _____ C:\Users\XXX\Downloads\avira_free_antivirus.exe
2013-11-28 22:04 - 2013-11-28 22:04 - 00262144 _____ C:\Windows\Minidump\112813-216404-01.dmp
2013-11-20 21:39 - 2013-11-20 21:39 - 00000000 ____D C:\Users\XXX\Documents\Assassin's Creed IV Black Flag
2013-11-20 17:53 - 2013-11-20 17:53 - 00000125 _____ C:\Users\XXX\Desktop\Assassin's Creed IV Black Flag.url
2013-11-20 11:08 - 2013-11-28 22:02 - 528694381 _____ C:\Windows\MEMORY.DMP
2013-11-20 11:08 - 2013-11-20 11:09 - 00381872 _____ C:\Windows\Minidump\112013-15802-01.dmp
2013-11-18 12:05 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-18 12:05 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-18 12:04 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-11-18 12:04 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-11-17 11:53 - 2013-11-17 11:53 - 00262144 _____ C:\Windows\Minidump\111713-14274-01.dmp
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-13 16:57 - 2013-11-13 22:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ
2013-11-11 21:26 - 2013-11-11 21:26 - 00000000 ____D C:\Users\XXX\AppData\Local\NVIDIA
2013-11-06 20:43 - 2013-11-06 20:43 - 00002049 _____ C:\Users\XXX\Desktop\Call of Duty Ghosts-Multiplayer.lnk
2013-11-06 20:43 - 2013-11-06 20:43 - 00002049 _____ C:\Users\XXX\Desktop\Call of Duty Ghosts.lnk

==================== One Month Modified Files and Folders =======

2013-12-03 10:36 - 2013-12-03 10:35 - 00016477 _____ C:\Users\XXX\Downloads\FRST.txt
2013-12-03 10:35 - 2013-12-03 10:35 - 00000000 ____D C:\FRST
2013-12-03 10:35 - 2013-12-03 10:34 - 01959434 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2013-12-03 10:31 - 2012-08-27 14:15 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-03 10:25 - 2012-04-01 11:37 - 00000978 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 10:22 - 2013-12-03 10:22 - 00013311 _____ C:\Users\XXX\Desktop\MBRCheck_12.03.13_10.22.22.txt
2013-12-03 10:21 - 2013-12-03 10:21 - 00080384 _____ C:\Users\XXX\Desktop\MBRCheck.exe
2013-12-03 10:21 - 2013-12-03 10:21 - 00013859 _____ C:\Users\XXX\Desktop\MBRCheck_12.03.13_10.21.40.txt
2013-12-03 10:14 - 2011-03-24 17:45 - 00001150 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 10:04 - 2013-12-03 10:00 - 00001966 _____ C:\Users\XXX\Desktop\aswMBR.txt
2013-12-03 10:01 - 2009-07-14 05:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 10:01 - 2009-07-14 05:45 - 00022544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 10:00 - 2013-12-03 10:00 - 00000512 _____ C:\Users\Adolfo\Desktop\MBR.dat
2013-12-03 09:59 - 2011-01-25 01:17 - 01125503 _____ C:\Windows\WindowsUpdate.log
2013-12-03 09:58 - 2013-12-03 09:58 - 04745728 _____ (AVAST Software) C:\Users\XXX\Desktop\aswMBR.exe
2013-12-03 09:56 - 2011-02-07 22:03 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98D5731B-3811-46A6-A4C7-DD36BAAAC8E3}
2013-12-03 09:54 - 2012-10-27 14:44 - 00000000 ___RD C:\Users\XXX\Dropbox
2013-12-03 09:54 - 2012-10-27 14:32 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Dropbox
2013-12-03 09:53 - 2013-07-15 17:54 - 00108120 _____ C:\Windows\PFRO.log
2013-12-03 09:53 - 2013-07-15 17:54 - 00025478 _____ C:\Windows\setupact.log
2013-12-03 09:53 - 2011-03-24 17:45 - 00001146 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 09:53 - 2011-01-25 01:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-12-03 09:53 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 21:10 - 2013-03-20 17:11 - 00000000 ____D C:\Qoobox
2013-12-02 21:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-02 19:59 - 2011-02-07 00:29 - 00000000 ____D C:\Users\XXX\Documents\File di Outlook
2013-12-02 19:54 - 2012-10-20 12:38 - 00000000 ____D C:\Program Files (x86)\Origin
2013-12-02 19:47 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-02 14:13 - 2013-12-02 14:08 - 00000222 _____ C:\Users\XXX\Desktop\Lego Il Signore degli Anelli.url
2013-12-02 01:28 - 2011-02-26 23:04 - 00000000 ____D C:\Games
2013-12-01 12:20 - 2012-10-20 13:44 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-12-01 12:19 - 2013-12-01 12:19 - 00000222 _____ C:\Users\XXX\Desktop\Euro Truck Simulator 2.url
2013-12-01 11:41 - 2011-06-04 11:35 - 00000000 ____D C:\Users\XXX\Documents\Dichiarazioni dei redditi
2013-11-29 00:59 - 2013-11-29 00:59 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Avira
2013-11-29 00:57 - 2013-11-29 00:57 - 00000000 ____D C:\ProgramData\AskPartnerNetwork
2013-11-29 00:57 - 2013-11-29 00:57 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
2013-11-29 00:56 - 2013-11-29 00:56 - 00000000 ____D C:\ProgramData\APN
2013-11-29 00:55 - 2013-11-29 00:55 - 00002077 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-29 00:55 - 2013-11-29 00:55 - 00000000 ____D C:\ProgramData\Avira
2013-11-29 00:55 - 2013-11-29 00:55 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-29 00:54 - 2013-11-29 00:55 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-29 00:54 - 2013-11-29 00:55 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-29 00:54 - 2013-11-29 00:55 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-29 00:54 - 2013-11-29 00:55 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-29 00:47 - 2013-11-29 00:47 - 02294160 _____ C:\Users\XXX\Downloads\avira_free_antivirus.exe
2013-11-28 22:04 - 2013-11-28 22:04 - 00262144 _____ C:\Windows\Minidump\112813-216404-01.dmp
2013-11-28 22:04 - 2011-01-29 12:09 - 00000000 ____D C:\Windows\Minidump
2013-11-28 22:02 - 2013-11-20 11:08 - 528694381 _____ C:\Windows\MEMORY.DMP
2013-11-26 22:25 - 2011-01-26 19:50 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-22 11:28 - 2011-01-25 20:20 - 00000000 ____D C:\Users\XXX\Documents\My Games
2013-11-22 00:51 - 2011-04-16 12:20 - 00000000 ____D C:\Users\XXX\Documents\ConvertXtoDVD
2013-11-22 00:51 - 2011-04-10 18:24 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Vso
2013-11-20 21:39 - 2013-11-20 21:39 - 00000000 ____D C:\Users\XXX\Documents\Assassin's Creed IV Black Flag
2013-11-20 17:59 - 2013-07-20 14:39 - 00295178 _____ C:\Windows\DirectX.log
2013-11-20 17:55 - 2009-07-14 11:53 - 00742026 _____ C:\Windows\system32\perfh010.dat
2013-11-20 17:55 - 2009-07-14 11:53 - 00147218 _____ C:\Windows\system32\perfc010.dat
2013-11-20 17:55 - 2009-07-14 06:13 - 01683292 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-20 17:53 - 2013-11-20 17:53 - 00000125 _____ C:\Users\XXX\Desktop\Assassin's Creed IV Black Flag.url
2013-11-20 17:53 - 2012-10-21 15:40 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-20 17:53 - 2012-10-21 15:40 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-11-20 17:53 - 2011-01-25 01:22 - 00000000 ____D C:\Users\XXX
2013-11-20 11:20 - 2013-03-20 18:39 - 00000000 ____D C:\Users\XXX\AppData\Local\Adobe
2013-11-20 11:20 - 2012-04-01 11:37 - 00003916 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-20 11:20 - 2011-05-17 16:50 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-20 11:09 - 2013-11-20 11:08 - 00381872 _____ C:\Windows\Minidump\112013-15802-01.dmp
2013-11-18 12:05 - 2011-01-25 01:35 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-11-18 12:05 - 2011-01-25 01:34 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-11-18 12:05 - 2011-01-25 01:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-17 16:17 - 2009-07-14 06:08 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-17 11:53 - 2013-11-17 11:53 - 00262144 _____ C:\Windows\Minidump\111713-14274-01.dmp
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-15 01:33 - 2011-04-23 23:56 - 00000000 ____D C:\Users\XXX\AppData\Local\Nero
2013-11-13 22:57 - 2013-11-13 16:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ
2013-11-11 21:26 - 2013-11-11 21:26 - 00000000 ____D C:\Users\XXX\AppData\Local\NVIDIA
2013-11-08 21:47 - 2013-11-18 12:05 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-11-18 12:05 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-06 20:43 - 2013-11-06 20:43 - 00002049 _____ C:\Users\XXX\Desktop\Call of Duty Ghosts-Multiplayer.lnk
2013-11-06 20:43 - 2013-11-06 20:43 - 00002049 _____ C:\Users\XXX\Desktop\Call of Duty Ghosts.lnk
2013-11-05 23:58 - 2013-07-11 19:20 - 00000000 ____D C:\Program Files (x86)\Punkbuster
2013-11-05 23:56 - 2013-07-20 14:45 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Ubisoft
2013-11-05 23:56 - 2012-08-11 12:33 - 00000000 ____D C:\Users\XXX\AppData\Roaming\Milestone
2013-11-05 00:15 - 2012-12-17 18:24 - 01638580 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-05 00:09 - 2013-09-30 17:34 - 00000000 ____D C:\ProgramData\Package Cache

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 01:06

==================== End Of Log ===========================

[stevens]

mentre controllo una domanda: lo hai eseguito e messo sul desktop??

[Pancrazio]

[quote="stevens"]mentre controllo una domanda: lo hai eseguito e messo sul desktop??[/quote]

Questo qui no, tutti gli altri si. perché dovevo?

[stevens]

Questo qui no, tutti gli altri si. perché dovevo?

scusa ma l'ho anche scritto in grassetto

elimina quello , ri- scaricalo e mettilo SUL DESKTOP

[stevens]

ora segui attentamente questo passaggio

apri blocco note e copia al suo interno questo codice

Codice: Seleziona tutto

start
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-13 16:57 - 2013-11-13 22:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-13 22:57 - 2013-11-13 16:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ
end

chiamalo fixlist.txt e salvalo sul desktop, dove hai messo FRST.
Apri FRST e premi fix.
Al termine copia e incolla il log generato fixlog.txt

[Pancrazio]

Scusami ma non lo avevo letto . Ti chiedo scusa per questa mia 'sbadattagine':

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013
Ran by XXX at 2013-12-03 11:11:45 Run:1
Running from C:\Users\XXX\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-13 16:57 - 2013-11-13 22:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ
2013-11-17 11:28 - 2013-11-17 11:28 - 104641146 _____ C:\Windows\SysWOW64\愕°
2013-11-13 22:57 - 2013-11-13 16:57 - 104165720 _____ C:\Windows\SysWOW64\뺷딤œ

*****************

C:\Windows\SysWOW64\愕° => Moved successfully.
C:\Windows\SysWOW64\뺷딤œ => Moved successfully.
"C:\Windows\SysWOW64\愕°" => File/Directory not found.
"C:\Windows\SysWOW64\뺷딤œ" => File/Directory not found.

==== End of Fixlog ====

[stevens]

riavvia e controlla se avira ha sempre quella segnalazione

[Pancrazio]

Niente. Ho riavviato il computer ed Avira continua a darmi quelle segnalazioni...

[stevens]

mi scrivi di preciso cosa ti segnala? per filo e per segno devi scriverlo

una cosa: da dove hai scaricato avira?

[Pancrazio]

[quote="stevens"]mi scrivi di preciso cosa ti segnala? per filo e per segno devi scriverlo

una cosa: da dove hai scaricato avira?[/quote]

'In Record di avvio del drive 'C:' è stato rilevato un virus o
un programma indesiderato 'BOO/TDss.O' [virus].
Operazione eseguita: Nega accesso'.

'In Record master di avvio del drive 'Record master di avvio dell'Hard Disk 0' è stato rilevato un virus o
un programma indesiderato 'BOO/TDss.O' [virus].
Operazione eseguita: Nega accesso'.

'Trovato un virus o un programma indesiderato 'BOO/TDss.O'[virus] nel file 'Record di avvio 'HDD0(C:)''. Azione eseguita: Contiene il codice del virus del settore di avvio BOO/TDss.O'.

Sinceramente, non ricorda il sito da cui ho scaricato Avira.