Windows Update Bloccato

-Snake- · 25-09-2013, 20:39

Salve a tutti, spero di postare sulla sezione giusta.

Questito difficile (almeno per me).

Sistema win 7 professional, probema con windows update. In pratica quando faccio la ricerca aggiornamenti mi restituisce l'errore 0x8008005, che da quanto ho capito è un errore generico. Altre volte mi rimane bloccato sulla ricerca. Inoltre se guardo la cronologia degli aggiornamenti mi dice che il pc non è mai stato aggiornato

Dapprima ho provato con la risoluzione automatica (anche conmicrosoft FixIt). Nulla.
Ho provato a fare il ripristino dei componenti di windows seguendo questa guida. Nulla.
Ho provato a rinominare la cartella SoftwareDistribution. Nulla.

Con la risoluzione automatica è saltato fuori anche l'errore 0x8007005 che dovrebbe essere legato ai privilegi di amministratore (di cui però dispongo). Inoltre esaminando il file C:\Windows\SoftwareDistribution\ReportingEvents.log (lo incollo sotto) ho trovato l'errore 0x8024a005

Ho fatto tutte le scansioni di rito: avast, avg, eset online, mbam, spybot. Ho pulito il registro e i file temporanei. Ho eseguito combofix e hijackthis (incollo i log di seguito).

Che altro fare???

Io alzo le mani

spero che qualche anima pia possa darmi una mano

-------------------------------------------------------------------------
ReportingEvents.log

Spoiler:

Codice:

{AE1B5BF3-4CEF-479F-B8FB-7AAB17BE0ED9}	2013-09-24 19:14:34:747+0200	1	202	102	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Content Install	Reboot completed.
{4C2D7B7A-C669-4F85-977A-7480B1F343D3}	2013-09-24 19:14:40:942+0200	1	148	101	{00000000-0000-0000-0000-000000000000}	0	8024a005	AutomaticUpdates	Failure	Software Synchronization	Windows Update Client failed to detect with error 0x8024a005.
{DAF6367B-20F1-48E8-99E5-7FD2A545ABF0}	2013-09-24 19:15:13:050+0200	1	148	101	{61CA813A-7585-442E-A66B-B0D15CE6BDC0}	1	80080005	SelfUpdate	Failure	Software Synchronization	Windows Update Client failed to detect with error 0x80080005.
{14F0F156-DC42-4222-A506-6B5EE353571E}	2013-09-24 19:17:02:745+0200	1	202	102	{00000000-0000-0000-0000-000000000000}	0	0	AutomaticUpdates	Success	Content Install	Reboot completed.

ComboFix.txt

Spoiler:

Codice:

ComboFix 13-09-24.02 - User 24/09/2013  18:36:39.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.39.1040.18.7884.5330 [GMT 2:00]
Eseguito da: c:\users\User\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings.bin
c:\programdata\AMMYY\settings3.bin
c:\users\User\AppData\Local\lollipop
c:\users\User\AppData\Local\omesuperv.exe
c:\windows\IsUn0410.exe
c:\windows\SysWow64\~GLH0024.TMP
c:\windows\SysWow64\~GLH0025.TMP
c:\windows\SysWow64\bit4ipki.dll.conf
.
.
(((((((((((((((((((((((((   Files Creati Da 2013-08-24 al 2013-09-24  )))))))))))))))))))))))))))))))))))
.
.
2013-09-24 16:40 . 2013-09-24 16:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-24 13:17 . 2013-09-24 13:17	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{716FAB71-61A4-4065-B039-865396552FD8}\offreg.dll
2013-09-17 18:03 . 2013-09-17 18:39	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-09-17 17:57 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
2013-09-17 17:57 . 2013-09-17 18:43	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-09-17 17:43 . 2013-09-17 17:43	--------	d-----w-	c:\program files (x86)\ESET
2013-09-17 17:29 . 2013-09-17 17:33	--------	d-----w-	c:\windows\system32\catroot2
2013-09-13 13:31 . 2000-07-26 12:15	12288	----a-w-	c:\windows\SysWow64\msdaad10.rra
2013-09-06 07:49 . 2013-09-06 07:49	--------	d-----w-	c:\program files (x86)\WKI
2013-09-06 07:49 . 2012-11-09 13:53	139264	------w-	c:\windows\SysWow64\Criptagrafici.dll
2013-09-06 07:48 . 2007-07-13 04:21	207928	----a-w-	c:\windows\SysWow64\rtfexpt.dll
2013-09-06 07:48 . 2007-07-13 04:21	375864	----a-w-	c:\windows\SysWow64\pdfexpt.dll
2013-09-06 07:48 . 2000-07-14 23:00	299008	----a-w-	c:\windows\SysWow64\MSDBRPTR.DLL
2013-09-06 07:48 . 2000-07-14 21:00	508928	----a-w-	c:\windows\SysWow64\MSDE.DLL
2013-09-06 07:48 . 2000-05-21 23:00	232640	----a-w-	c:\windows\SysWow64\MSDATLST.OCX
2013-09-06 07:48 . 2000-07-26 12:15	12288	----a-w-	c:\windows\SysWow64\msda2c8c.rra
2013-09-04 17:30 . 2013-09-04 18:12	--------	d-----w-	C:\dd172689e42ef3344f65a59125f9
2013-09-04 17:07 . 2013-09-04 18:11	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2013-09-04 17:06 . 2013-09-04 18:11	--------	d-----w-	c:\programdata\Malwarebytes
2013-09-04 17:06 . 2013-09-04 18:11	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-04 17:06 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-04 17:06 . 2013-09-04 17:06	--------	d-----w-	c:\users\User\AppData\Local\Programs
2013-09-03 08:20 . 2013-09-03 08:20	--------	d-----w-	c:\program files (x86)\wrapper_inst
2013-09-03 08:20 . 2013-09-04 18:11	--------	d-----w-	c:\program files\wrapper_inst
2013-09-02 16:31 . 2013-09-02 16:31	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-02 06:44 . 2013-09-02 06:44	--------	d-----w-	c:\users\User\AppData\Roaming\SSync
2013-09-02 06:44 . 2013-09-02 06:44	--------	d-----w-	c:\users\User\AppData\Roaming\Snz
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-16 07:12 . 2012-10-18 06:40	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-16 07:12 . 2012-10-18 06:40	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-02 16:31 . 2012-10-02 08:51	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-09-02 16:31 . 2012-10-02 08:51	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-08-30 07:48 . 2013-03-14 14:16	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-14 14:16	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-10-01 15:05	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-10-01 15:05	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-10-01 15:05	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-10-01 15:05	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-10-01 15:05	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-10-01 15:05	131232	----a-w-	c:\windows\system32\drivers\aswFW.sys
2013-08-30 07:48 . 2012-10-01 15:05	270824	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2013-08-30 07:48 . 2012-10-01 15:05	22600	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-08-30 07:48 . 2012-10-01 15:05	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-10-01 15:05	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2012-10-01 15:05	287840	----a-w-	c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-24 10:02	220632	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-24 10:02	220632	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-24 10:02	220632	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	130736	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2013-03-10 2598496]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-05-16 3642312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"IDProtect Monitor"="c:\program files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe" [2010-12-02 323664]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-12-05 4407808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Datev.IT.Indexing.Service;Datev.IT.Indexing.Service;c:\program files (x86)\DATEV KOINOS\Server\Datev.IT.Indexing.Service.exe;c:\program files (x86)\DATEV KOINOS\Server\Datev.IT.Indexing.Service.exe [x]
R2 KeyP;KeyP;c:\windows\SYSTEM32\DRIVERS\KeyP.sys;c:\windows\SYSNATIVE\DRIVERS\KeyP.sys [x]
R2 ServUpdater;Serv Updater;c:\users\User\AppData\Local\ServUpdater\ServiceUpd.exe;c:\users\User\AppData\Local\ServUpdater\ServiceUpd.exe [x]
R2 SoftwareUpd;Software Upd;c:\users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe;c:\users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 cligrafsrv;cligrafsrv;c:\program files (x86)\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe;c:\program files (x86)\WKICOSIMI\ClientGrafico\bin\cligrafsrv.exe [x]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 cbVSCService11;Cobian Backup 11 Servizio Volume Shadow Copy;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 Datev.IT.Client.Service.UtilityService;Datev Client Utility Services;c:\program files (x86)\DATEV KOINOS\Client\Datev.IT.Client.Service.UtilityService.exe;c:\program files (x86)\DATEV KOINOS\Client\Datev.IT.Client.Service.UtilityService.exe [x]
S2 Datev.IT.Host.Service.8087;Datev Application Server Service 8087;c:\program files (x86)\DATEV KOINOS\Server\Datev.IT.Host.Service.exe;c:\program files (x86)\DATEV KOINOS\Server\Datev.IT.Host.Service.exe [x]
S2 MSSQL$DATEVIT01;SQL Server (DATEVIT01);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NewSrvProt;Servizio di protezione applicativi WKI;c:\namirial\Softsand\PRG\COM\COSIMI\BIN\newsrvprot.exe;c:\namirial\Softsand\PRG\COM\COSIMI\BIN\newsrvprot.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SrvAgg;Servizio di aggiornamento applicativi WKI;c:\namirial\Softsand\prg\com\cosimi\bin\agfprogsrv.exe;c:\namirial\Softsand\prg\com\cosimi\bin\agfprogsrv.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 wgpsrv;Servizio di attivazione applicativi WKI;c:\namirial\Softsand\prg\com\cosimi\bin\wgpsrv.exe;c:\namirial\Softsand\prg\com\cosimi\bin\wgpsrv.exe [x]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbx64.sys;c:\windows\SYSNATIVE\DRIVERS\a38usbx64.sys [x]
S3 eusk3usb;SmartKey USB;c:\windows\system32\Drivers\eusk3usb-amd64.sys;c:\windows\SYSNATIVE\Drivers\eusk3usb-amd64.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-23 13:37	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-18 07:12]
.
2013-09-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2013-09-17 08:58]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23 14:06]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-23 14:06]
.
2013-09-17 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2013-09-17 08:57]
.
2013-09-17 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-09-17 08:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-24 10:02	244696	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-24 10:02	244696	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-24 10:02	244696	----a-w-	c:\users\User\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8***"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8***]
2013-05-25 00:36	164016	----a-w-	c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/?gws_rd=cr&ei=zqskUu3oEIyo0wWbo4GIBA
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearchAssistant = 
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{FAB5372B-BC4E-4A77-BACB-C808C957E176}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Anagrafico - Attribuzione P.IVA Ditta 2.2.2 - c:\anagraficopf\Disinstalla_Attribuzione P.IVA Ditta 2.2.2\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico - Attribuzione P.IVA Ditta 2.2.3 - c:\anagraficopf\Disinstalla_Attribuzione P.IVA Ditta 2.2.3\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico - Attribuzione P.IVA Società 1.9.3 - c:\anagraficopnf\Disinstalla_Attribuzione P.IVA Società 1.9.3\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico - Attribuzione P.IVA Società 1.9.4 - c:\anagraficopnf\Disinstalla_Attribuzione P.IVA Società 1.9.4\Uninstall Anagrafico - Attribuzione P.IVA
AddRemove-Anagrafico -Variazione P.IVA Ditta 2.0.1 - c:\variazionepf\Disinstalla_Variazione P.IVA Ditta 2.0.1\Uninstall Anagrafico -Variazione P.IVA
AddRemove-Anagrafico -Variazione P.IVA Ditta 2.0.2 - c:\variazionepf\Disinstalla_Variazione P.IVA Ditta 2.0.2\Uninstall Anagrafico -Variazione P.IVA
AddRemove-Anagrafico -Variazione P.IVA Ditta 2.0.3 - c:\variazionepf\Disinstalla_Variazione P.IVA Ditta 2.0.3\Uninstall Anagrafico -Variazione P.IVA
AddRemove-AvvTel2012 - c:\windows\system32\javaws.exe
AddRemove-Comunicazione IVA nei paesi di Black List 2010 - c:\windows\system32\javaws.exe
AddRemove-Stampa 730-4 2013 - c:\windows\system32\javaws.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2013-09-24  18:41:50
ComboFix-quarantined-files.txt  2013-09-24 16:41
.
Pre-Run: 888.411.693.056 byte disponibili
Post-Run: 887.871.500.288 byte disponibili
.
- - End Of File - - 5EC7D750A91E545A74375E39ED7EA813

hijackthis.log

Spoiler:

Codice:

Logfile of HijackThis v1.99.1
Scan saved at 18:50:14, on 24/09/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)

Running processes:
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/?gws_rd=cr&ei=zqskUu3oEIyo0wWbo4GIBA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Guida per l'accesso all'account Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [IDProtect Monitor] "C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe"
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - Startup: Dropbox.lnk = User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAB5372B-BC4E-4A77-BACB-C808C957E176}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Cobian Backup 11 Servizio Volume Shadow Copy (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 11\cbService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Datev Client Utility Services (Datev.IT.Client.Service.UtilityService) - Unknown owner - C:\Program Files (x86)\DATEV KOINOS\Client\Datev.IT.Client.Service.UtilityService.exe
O23 - Service: Datev Application Server Service 8087 (Datev.IT.Host.Service.8087) - Unknown owner - C:\Program Files (x86)\DATEV KOINOS\Server\Datev.IT.Host.Service.exe
O23 - Service: Datev.IT.Indexing.Service - DATEV.it - C:\Program Files (x86)\DATEV KOINOS\Server\Datev.IT.Indexing.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (DATEVIT01) (MSSQL$DATEVIT01) - Unknown owner - c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sDATEVIT01 (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Servizio di protezione applicativi WKI (NewSrvProt) - Wolters Kluwer Italia  - C:\namirial\Softsand\PRG\COM\COSIMI\BIN\newsrvprot.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\User\AppData\Local\ServUpdater\ServiceUpd.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\User\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Servizio di aggiornamento applicativi WKI (SrvAgg) - Wolters Kluwer Italia S.r.l. - C:\namirial\Softsand\prg\com\cosimi\bin\agfprogsrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Servizio di attivazione applicativi WKI (wgpsrv) - Wolters Kluwer Italia Srl - C:\namirial\Softsand\prg\com\cosimi\bin\wgpsrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Eress · 25-09-2013, 21:23

Intanto elimina dal pc Sybot, quindi prova con questo tool

http://www.tweaking.com/content/page...ll_in_one.html

tallines · 25-09-2013, 22:46

I file report se li caricassi su wikisend o dropbox o.........sarebbe meglio

Gli scan li hai fatti disattivando i punti di ripristino ?

Combofix lanciato da che modalità ?

-Snake- · 27-09-2013, 00:09

Salve a tutti, scusate per la risposta tardiva. Grazie per l'aiuto

Quote:

Originariamente inviato da Eress

Intanto elimina dal pc Sybot, quindi prova con questo tool

http://www.tweaking.com/content/page...ll_in_one.html

Proverò appena possibile, domani pomeriggio se ce la faccio (il pc non è il mio)

Quote:

I file report se li caricassi su wikisend o dropbox o.........sarebbe meglio.

Gli scan li hai fatti disattivando i punti di ripristino ?

Combofix lanciato da che modalità ?

I report vedo di caricarli domani (non riuscite a vederli?), adesso è un po' tardi e mi sa che me ne vado a letto

In ogni caso i punti di ripristino li ho disattivati, invece mi viene in mente solo adesso che non ho pensato a lanciare combofix in provvisoria, un errore grossolano lo so

provvederò a rifarle.

Nel frattempo vi viene in mente altro?
grazie ancora ragazzi

tallines · 27-09-2013, 12:11

Quote:

Originariamente inviato da -Snake-

I report vedo di caricarli domani (non riuscite a vederli?)

Si vedono i report

, il fatto di caricarli........ è per far si di postarli in modo leggero anche per la discussione stessa

(guarda le misure della discussione in orizzontale scorrendola)

Quote:

Originariamente inviato da -Snake-

In ogni caso i punti di ripristino li ho disattivati, invece mi viene in mente solo adesso che non ho pensato a lanciare combofix in provvisoria, un errore grossolano lo so

provvederò a rifarle.

Prova a rifare lo scan con Combofix da provvisoria e poi anche con AdwCleaner (sempre lanciato da provvisoria e scaricato da BleepingComputer) a punti di ripristino azzerati .
Per AdwCleaner click su Scan e poi su Clean .

Posta come detto

, i 3 file .txt che escono =

1 - Combofix che è in C
2 - Combofix-quarantined-files che è in C/Qoobox (Qoobox è la cartella che crea Combofix)
3 - AdwCleaner (S) che è in C/AdwCleaner

Oltre a SpyBot potresti anche cambiare antivirus mettendo Avira antivir freeware .

L'antivirus riesci ad aggiornarlo ?

Pulisci i file temporanei di internet & C con Atf Cleaner, che è uno standalone

Clicca alla prima voce di Download@MajorGeeks.

L'icona è un bidone delle immondizione blu .

Una volta avviato, click su Select All + Empty Selected .

-Snake- · 28-09-2013, 14:26

Ok, in settimana avrò modo di accedere al pc in questione per qualche ora. Vi farò sapere come è andata.

Se vi vengono im mente altre prove da fare non esitate.

Blue_screen_of_death · 29-09-2013, 00:52

Reinstalla l'agente di Windows Update.
Poi, prova a lanciare gli aggiornamenti in modalità provvisoria. Dovrebbe darti un errore diversi perché non riesce ad avviare servizi che la modalità provvisoria blocca.

25-09-2013, 21:23	#2
Eress Senior Member Iscritto dal: Jan 2010 Messaggi: 37091	Intanto elimina dal pc Sybot, quindi prova con questo tool http://www.tweaking.com/content/page...ll_in_one.html __________________ Analemma - Slowdive - Facebook Motto Microsoft: "If it's broken, and I'm the one who broke it, don't fix it!"

25-09-2013, 22:46	#3
tallines Senior Member Iscritto dal: Feb 2009 Messaggi: 50674	I file report se li caricassi su wikisend o dropbox o.........sarebbe meglio Gli scan li hai fatti disattivando i punti di ripristino ? Combofix lanciato da che modalità ? __________________ Aomei in Prog. & Utility - Lic OEM - Q di Merc Ott '22 - W10 Spot Images Seasons from '20 to Summer 2022 - DailyPic dalle Eccezioni alle Unique Images + Rec > DailyPic Unique Images Novembre 2022

28-09-2013, 14:26	#6
-Snake- Member Iscritto dal: Jan 2008 Città: provincia di Viterbo Messaggi: 166	Ok, in settimana avrò modo di accedere al pc in questione per qualche ora. Vi farò sapere come è andata. Se vi vengono im mente altre prove da fare non esitate. __________________ Notebook: GX660-262IT

29-09-2013, 00:52	#7
Blue_screen_of_death Senior Member Iscritto dal: Jul 2010 Messaggi: 9326	Reinstalla l'agente di Windows Update. Poi, prova a lanciare gli aggiornamenti in modalità provvisoria. Dovrebbe darti un errore diversi perché non riesce ad avviare servizi che la modalità provvisoria blocca. __________________ [CASE Cooler Master Silencio 550]-[MOBO Asrock Z68 Pro3]-[CPU Intel Core i7-2600K]-[RAM 8GB G.Skill]-[HDD 1TB Samsung + 320GB Samsung + 500GB Maxtor]-[VGA Zotac Geforce GTX 560 Ti]-[MASTERIZZATORE Samsung SH-S222AB][S.O. Windows 7 64 bit]

Strumenti
Mostra una versione stampabile Invia questa pagina per email