Problema virus. Reindirizzamento pagine e altro

[Warlorco]

Salve a tutti.
SU un pc in ufficio c'è qualche problema sicuramente ricollegabile a virus. Il problema è limitato alla navigazione in internet: si aprono pagine random, la pagina iniziale viene continuamente modificata, etc.
Inoltre risultava disabilitato l'antivirus. Antivirus che ho per il momento rimosso per le operazioni di disinfezione e che reinstallerò a pc (spero) pulito.

Ho fatto una scansione con Combofix che ha rimosso un paio di cose, e successivamente fatto una scansione con HiJackThis.
Allego i due file delle scansioni.

Nel frattempo sto facendo fare un controllo anche con ADWCleaner.

Log Combofix:

Codice:

ComboFix 16-09-28.01 - User 13/10/2016  15.54.54.12.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.7868.6088 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Creato nuovo punto di ripristino
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FireFox\plugin-container.exe
c:\program files (x86)\FireFox\uninstall\helper.exe
.
.
(((((((((((((((((((((((((   Files Creati Da 2016-09-13 al 2016-10-13  )))))))))))))))))))))))))))))))))))
.
.
2016-10-13 14:01 . 2016-10-13 14:01	--------	d-----w-	c:\users\Public\AppData\Local\temp
2016-10-13 14:01 . 2016-10-13 14:01	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2016-10-13 14:01 . 2016-10-13 14:01	--------	d-----w-	c:\users\Default\AppData\Local\temp
2016-10-13 14:01 . 2016-10-13 14:01	--------	d-----w-	c:\users\arch\AppData\Local\temp
2016-10-12 06:33 . 2016-10-12 06:33	--------	d-----w-	c:\windows\SysWow64\extensions
2016-10-12 06:33 . 2016-10-13 14:01	--------	d---a-w-	c:\program files (x86)\Firefox
2016-10-11 10:04 . 2016-05-19 06:42	52392	----a-w-	c:\windows\system32\drivers\iSafeNetFilter.sys
2016-10-11 10:04 . 2016-05-23 02:41	55056	----a-w-	c:\windows\system32\drivers\iSafeKrnlBoot.sys
2016-10-11 10:04 . 2016-10-11 10:04	--------	d-----w-	c:\windows\system32\log
2016-10-11 10:04 . 2016-10-11 10:04	--------	d-----w-	c:\users\User\AppData\Roaming\Elex-tech
2016-10-11 10:04 . 2016-10-11 10:04	--------	d-----w-	c:\program files (x86)\Elex-tech
2016-10-11 10:03 . 2016-10-11 10:03	--------	d-----w-	c:\users\User\AppData\Local\Firefox
2016-10-11 10:02 . 2016-10-11 10:02	--------	d-----w-	c:\users\User\AppData\Roaming\Firefox
2016-10-11 10:01 . 2016-10-11 10:01	--------	d-----w-	c:\program files (x86)\UvConverter
2016-10-11 10:01 . 2016-10-11 10:01	--------	d-----w-	c:\program files (x86)\amuleC
2016-09-23 08:02 . 2016-10-11 10:01	--------	d-----w-	c:\programdata\UvConverter
2016-09-23 08:02 . 2016-10-11 10:01	--------	d-----w-	c:\users\User\AppData\Roaming\aMule
2016-09-23 08:01 . 2016-09-23 08:01	--------	d-----w-	c:\program files (x86)\walalala co
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-07-15 15:53 . 2012-07-17 12:37	24800	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-01 8722136]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2015-09-02 721504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-02-10 5015040]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"ScanSnap WIA Service Checker"="c:\program files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"ScanSnap OnlineUpdate Watcher"="c:\program files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" [2014-04-13 45568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-10-13 60688]
"SCX4623_Scan2Pc"="c:\windows\Twain_32\Samsung\SCX4623\Scan2pc.exe" [2012-03-13 2043392]
"4623 Scan2PC"="c:\windows\twain_32\Samsung\SCX4623\Scan2Pc.exe" [2012-03-13 2043392]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2013-3-24 77824]
Conversione a PDF con ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2013-3-24 15360]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-3-24 4169728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 VimotyanisosesrvService;Vimotyanisose Server;c:\program files (x86)\Vimotyanisose\VimotyanisosesrvService.html5 {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83};c:\program files (x86)\Vimotyanisose\VimotyanisosesrvService.html5 {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [x]
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;YAC Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 workfolderssvc;Cartelle di lavoro;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WSDScan;Supporto digitalizzazione WSD tramite UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 cktSvc;cktSvc;c:\program files (x86)\Uncheckit\cktSvc.exe {92E162D7-70FD-48F7-A779-91154F8FD518};c:\program files (x86)\Uncheckit\cktSvc.exe {92E162D7-70FD-48F7-A779-91154F8FD518} [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 iSafeKrnl;YAC Mini-Filter Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;YAC Kit Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [x]
S1 iSafeKrnlMon;YAC Monitor Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [x]
S1 iSafeKrnlR3;YAC Ring3 Driver;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys;c:\program files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;YAC NDIS Driver;c:\windows\system32\DRIVERS\iSafeNetFilter.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeNetFilter.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ed2kidle;ed2k idle service;c:\program files (x86)\walalala co\aMuleCustom\ed2k.exe;c:\program files (x86)\walalala co\aMuleCustom\ed2k.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iSafeService;YAC Service;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe;c:\program files (x86)\Elex-tech\YAC\iSafeSvc.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UvConverter;UvConverter;c:\programdata\UvConverter\UvConverter.exe {2C8E8C85-942B-451C-8243-97A089265577};c:\programdata\UvConverter\UvConverter.exe {2C8E8C85-942B-451C-8243-97A089265577} [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 IntcDAud;Audio Intel(R) per schermi;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-04 05:58	1266792	----a-w-	c:\program files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55	322232	----a-w-	c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2016-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 11:06]
.
2016-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 17:28]
.
2016-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1e8a5acb185e7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 17:28]
.
2016-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 17:28]
.
2016-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d1e8a5ad131e52.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-29 17:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-07 170304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-07 440640]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-03-19 176952]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.avira.net
uDefault_Page_URL = https://search.avira.net
uDefault_Search_URL = https://search.avira.net
mDefault_Search_URL = https://search.avira.net
mDefault_Page_URL = https://search.avira.net
mStart Page = https://search.avira.net
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.avira.net
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: amazon.it
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g2tuwgsv.default\
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1476180500&from=3a211011&uid=st500dm002-1bd142_z3tbpw8lxxxxz3tbpw8l&z=22c847a018c4b42c2f70a9bgfz5mdqbg7b8e7z4t1t
# Mozilla User Preferences
.
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */
.
FF - user.js: browser.newtab.url - hxxp://www.nicesearches.com?type=hp&ts=1476180500&from=3a211011&uid=st500dm002-1bd142_z3tbpw8lxxxxz3tbpw8l&z=22c847a018c4b42c2f70a9bgfz5mdqbg7b8e7z4t1t
FF - user.js: browser.search.defaultenginename - nice
FF - user.js: browser.search.order.1 - nice
FF - user.js: browser.search.searchengine.alias - 
FF - user.js: browser.search.searchengine.iconURL - hxxp://www.nicesearches.com/favicon.ico?t=1
FF - user.js: browser.search.searchengine.name - nice
FF - user.js: browser.search.searchengine.ref - 
FF - user.js: browser.search.searchengine.ts - 1476180500
FF - user.js: browser.search.searchengine.type - 
FF - user.js: browser.search.searchengine.uid - st500dm002-1bd142_z3tbpw8lxxxxz3tbpw8l
FF - user.js: browser.search.searchengine.url - hxxp://www.nicesearches.com/search.php?type=ds&ts=1476180500&from=3a211011&uid=st500dm002-1bd142_z3tbpw8lxxxxz3tbpw8l&z=22c847a018c4b42c2f70a9bgfz5mdqbg7b8e7z4t1t&q={searchTerms}
FF - user.js: browser.search.selectedEngine - nice
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.sessionstore.max_tabs_undo - 0
FF - user.js: browser.sessionstore.max_windows_undo - 0
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.sessionstore.resume_session_once - false
FF - user.js: browser.startup.homepage - hxxp://www.nicesearches.com?type=hp&ts=1476180500&from=3a211011&uid=st500dm002-1bd142_z3tbpw8lxxxxz3tbpw8l&z=22c847a018c4b42c2f70a9bgfz5mdqbg7b8e7z4t1t
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VimotyanisosesrvService]
"ImagePath"="\"c:\program files (x86)\Vimotyanisose\VimotyanisosesrvService.html5\" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83}"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2016-10-13  16:03:59
ComboFix-quarantined-files.txt  2016-10-13 14:03
ComboFix2.txt  2016-06-03 18:10
.
Pre-Run: 325.444.706.304 byte disponibili
Post-Run: 325.311.143.936 byte disponibili
.
- - End Of File - - 2CCABCEB6B5D7411E7352495FF51A493
A36C5E4F47E84449FF07ED3517B43A31

Log HijackThis

Codice:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16.13.51, on 13/10/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18315)

FIREFOX: 49.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe
C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
C:\Users\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [ScanSnap WIA Service Checker] C:\Program Files (x86)\PFU\ScanSnap\Driver\SSDriver\fi5110\SsWiaChecker.exe
O4 - HKLM\..\Run: [ScanSnap OnlineUpdate Watcher] "C:\Program Files (x86)\PFU\ScanSnap\Update\SsUWatcher.exe" -StartOS
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SCX4623_Scan2Pc] C:\Windows\Twain_32\Samsung\SCX4623\Scan2pc.exe
O4 - HKLM\..\Run: [4623 Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623\Scan2Pc.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CardMinder Viewer.lnk = C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
O4 - Global Startup: Conversione a PDF con ScanSnap Organizer.lnk = C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files (x86)\walalala co\aMuleCustom\ed2k.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: YAC Service (iSafeService) - Elex do Brasil Participações Ltda - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UvConverter - Unknown owner - C:\ProgramData\UvConverter\UvConverter.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: Vimotyanisose Server (VimotyanisosesrvService) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11772 bytes

Dal log di HijackThis mi pare che alcune cose siano evidentemente da fixare (vari 023 mi sembra). Ma aspetto qualche parere prima.

Grazie

[supremo.a]

Buonasera.Se hai possibilità penso sia meglio ripristinare il Computer da 0.
Ciao

[Eress]

Il log di Hijackthis è a posto a parte le voci relative a questo, che anche se relative ad avira, non so cosa siano

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net

Dai anche una passata con ADWCleaner

[Bygepp]

Stesso problema, è un malware che si sta diffondendo ultimamente e che non si riesce a scovare in nessun modo, o almeno io non ci sono riuscito.
Aprendo Chrome, di tanto in tanto si aprono autonomamente delle pagine, action.metaffiliation.com che poi reindirizzano a delle offerte di Alibaba.

Fatto scansione con AdwCleaner, MalwareBytes, scansione approfondita con ESET Smart Security, disinstallato e reinstallato Chrome, resettato i dati sincronizzati, ma niente da fare, il problema persiste.
L'unica soluzione è formattare? E se poi riprendo lo stesso malware?

[Eress]

In questi casi meglio una formattazione da zero. Poi bisogna che fai attenzione a quello che fai al pc.

[ericmarone]

Quote:

Originariamente inviato da Eress

In questi casi meglio una formattazione da zero.

Addirittura? Sarò una mosca bianca, ma formatto in media... mai per tutta la vita del computer