mandalai

ok, eseguo e ti faccio sapere!

mi chiede se la deve sostituire: io dico SI e comunque se provo ad eliminarla nisba

Eseguito CHKDSK come amministratore e da quello che ho capito non ha rilevato nulla di che, mi dice che non ci sono file o settori danneggiati (per quello che ho potuto leggere al volo mentre la scrittura appariva veloce sullo schermo...)... resto in attesa di eventuali altre mosse e ringrazio sempre tanto per la disponibilità...

Pike ci provo ora ! outsider 09 ma dove sarebbe questo link in alto della cartella Download? io non lo vedo mica...

Pike ho eseguito il nuovo comando ma mi dice che l'accesso è negao perchè deve essere eseguito da un account con più privilegi ... io sono l'amministratore ed ho il controllo su tutto, mah... comunque ho fatto partire lo scandisk da Utilità di sistema e alla fine non mi ha rilevato alcun errore, non so se serve come notizia... grazie e intanto buona giornata!

mi dice parametro non valido e l'operazione non parte...

Ciao Pike ci ritroviamo ! provo ad eseguire come mi hai detto. la cartella in effetti è in C...

allora, ho fatto ma mi ha detto che è impossibile rovare il file specificato premetto che ho eseguito tutto alla lettera...

grazie mille ci provo subito !

Ti ringrazio per l'aiuto e sto leggendo il topioc ma ho dei dubbi. La mia cartella contiene una sottocartella che a sua vola ha un file a 0 bite. Nulla di ciò viene eliminato e l'estensione del file è definita solo FILE. Quale meodo può essere più utile? Unlocker? o al modalità provvisoria? non so dove mettere le mani grazie ancora

Buongiorno a tutti! ho bisogno, nei limiti dell'umano possibile, di una consulenza per il problema che provo ad esporre qui sotto. Prima di tutto, premeto che ho Windows 7 Ultimate ed Internet Explorer 9. Ordunque, prima di questo SO (arrivato dopo che ho dovuto rifarmi il pc nuovo seguito di una Caporetto di quello vecchio che girava su XP Professional) non avevo MAI avuto sto problema. Adesso è la prassi Dunque, quando apro il browser per la prima volta dopo l'accensione del PC mi impiega un sacco di tempo per caricare la pagina iniziale, nel mio caso è libero. Ho provato a disabilitare alcuni componenti aggiuntivi: tipo la google bar (che però mi manca assai! , il Download and Record Plug-in per IE di Real Player, Adobe PDF link helper. Sono già disattivati per conto loro: Groove GFS Browser Helper, Guida accesso Windows Live, office Document Cache Handler, Groove Folder. Restano attivati: Invia a onenote, note collegate a One Note, shockwave flash object. Secondo voi devo disattivare anche questi? che cdosa d'altro posso fare per capire come velocizzare sta situazione? grazie in anticipo di cuore

chiedo scusa il report di combofix è questo ComboFix.txt

Ecco i report. quello di malwarebytes è freschissimo mbam-log-2011-08-25 (01-02-08).txt hijackthis.log ComboFix-quarantined-files.txt

lo faccio subito e scusami se ho fatto copia incolla credevo di facilitare... che testa che ho...

aiuto! non so per quale ragione l'unico post che avevo scritto stasera recante il report di combofix è stato caricato per ben 3 volte! !!!! dall'ora potete notare che io non c'entro!! scusate lo stesso ma a quanto pare ci deve essere stato un disguido tecnico! che imbarazzo

posto report di combofix se può aiutare. Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo. Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza. ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00] Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 ))))))))))))))))))))))))))))))))))) . . 2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer 2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner 2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes 2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll 2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital 2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner 2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys 2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x] . . Contenuto della cartella 'Scheduled Tasks' . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.libero.it/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl" . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\sched.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe . ************************************************************************** . Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-08-24 21:47 . Pre-Run: 58.063.458.304 byte disponibili Post-Run: 67.590.123.520 byte disponibili . - - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

posto report di combofix se può aiutare. Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo. Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza. ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00] Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 ))))))))))))))))))))))))))))))))))) . . 2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer 2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner 2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes 2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll 2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital 2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner 2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys 2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x] . . Contenuto della cartella 'Scheduled Tasks' . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.libero.it/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl" . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\sched.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe . ************************************************************************** . Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-08-24 21:47 . Pre-Run: 58.063.458.304 byte disponibili Post-Run: 67.590.123.520 byte disponibili . - - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

posto report di combofix se può aiutare. Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo. Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza. ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00] Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 ))))))))))))))))))))))))))))))))))) . . 2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer 2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner 2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes 2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes 2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll 2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital 2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner 2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys 2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll . . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304] "RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496] "LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072] "Domino"="c:\windows\Domino.exe" [2006-08-18 49152] "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328] S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256] S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x] S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x] S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x] . . Contenuto della cartella 'Scheduled Tasks' . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . 2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Scansione supplementare ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.libero.it/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl" . --------------------- CHIAVI DI REGISTRO BLOCCATE --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Altri processi in esecuzione ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\sched.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe . ************************************************************************** . Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2011-08-24 21:47 . Pre-Run: 58.063.458.304 byte disponibili Post-Run: 67.590.123.520 byte disponibili . - - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

Vorrei un parere su questi report. Premetto che da quando Malwarebyte mi ha chiesto di rimuovere i file infetti ho il seguente messaggio di errore ad ogni accensione del PC: StartX failed to run the program error 2. impossibile trovare il file sspecificato. E il browser (che sia IE9 o Chrome) è sempre lentissimo alla prima apertura. Ringrazio in anticipo chi potrà e vorrà aiutarmi. un abbraccio Malwarebytes' Anti-Malware 1.51.1.1800 http://www.malwarebytes.org Versione database: 7544 Windows 6.1.7600 Service Pack 1 Internet Explorer 9.0.8112.16421 23/08/2011 18:11:09 mbam-log-2011-08-23 (18-11-09).txt Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|) Elementi esaminati: 393984 Tempo impiegato: 50 minuti, 12 secondi Processi infetti in memoria: 1 Moduli di memoria infetti: 0 Chiavi di registro infette: 0 Valori di registro infetti: 0 Voci infette nei dati di registro: 0 Cartelle infette: 0 File infetti: 3 Processi infetti in memoria: c:\Windows\SysWOW64\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> 4368 -> Unloaded process successfully. Moduli di memoria infetti: (Non sono stati rilevati elementi nocivi) Chiavi di registro infette: (Non sono stati rilevati elementi nocivi) Valori di registro infetti: (Non sono stati rilevati elementi nocivi) Voci infette nei dati di registro: (Non sono stati rilevati elementi nocivi) Cartelle infette: (Non sono stati rilevati elementi nocivi) File infetti: c:\Windows\SysWOW64\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Windows\System32\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully. c:\Users\Public\Desktop\mp3 downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully. Aggiungo anche report da Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:50:39, on 24/08/2011 Platform: Windows 7 SP1 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Windows\Domino.exe C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Windows\ZSSnp211.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [bigDogPath] C:\Windows\ZSSnp211.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Activator_Office_14] C:\Windows\system32\Activator_Office_14\KMSStart.exe O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10297 bytes

provato con hotmail ma non è cambiato nulla provo con quello che mi hai suggerito .. grazie:)

Ah si? tipo? ok ci provo e poi ti farò sapere! grazie intanto! ^______^

Ciao! spero sia la sezione giusta! è appena successa una tragedia! è mancata la corrente per un nano secondo e il mio pc fisso Windows XP in rete e con emule connesso si è spento! ho provato a riavviare ma mi esce una schermata azzurra che dice: Si eè verrificato un problema e Windows è stato arrestato per impedire danni al pc. UNMOUNTABLE-BOOT_VOLUME Se è la prima volta che appare la schermata trelativa all'arresto, riavviare il pc (MA NON VA LO STESSO!! ) Se la schermata riappare procedee come segue: Verificare che tutto il nuovo hardware o software sia installato correttamente- S il problema persiste, disattivare o rimuovere il software o l'hardware di nuova installazione. Disattivare nel BIOS le opzioni relative alla memoria quali cache o shadowing. per utilizzare la modalità provvisoria allo scopo di rimuovere o disattivare componenti, riavviare il pc, premere F8 per selezionare le opzioni di avvio avanzate, quindi selezionare al modalità provvisoria. (HO anche provato ad avviare con l'ultima configuarzione funzionante ma nulla! sto scrivendo dal portatile! qualcuno mi aiuta!!!! grazie in anticipo!)

Ciao a tutti! da qualche giorno avast mi fa vedere una schermata inquietante in cui mi dice che ha bloccato un attacco potenzialmente dannoso ad parte di DCOM Exploit e poi mi mostra una serie di numeri. Ho letto un pò di cose ion giro per la rete e mi pare di capire che ci siano varie scuole di pensiero. Chi dice di non preoccuparsi e ignorare il messaggio tanto ci pensa avast, chi dice addirittura di formattare! voi che ne pensate? cosa posso fare? mi devo preoccupare??? grazie in anticipo!

Ciao a tutti! ho bisogno di aiuto per questo problema: allora poche settimane fa ho perso tutti i dati del mio pc ed adesso mi sono convinta a comprare un HD esterno. E' un My passport essential della Western Digital da 500 giga.. ho fatto il backup iniziale ma adesso non riesco a rimuovere la periferica perchè mi dice continuamente che è impossibile perchè devo chiudere prima i programmi che al stanno usando ma non c'è nulla di aperto, è tutto chiuso, sono sicura.. non so come fare e mi sto innervosendo perchè doveva essere una cosa facile, lo infili nella USB e fa tutto da solo... uff... qualcuno mi dà un suggerimento? grazie in anticipo! il mio pc ha vista

Ciao! e buona domenica! sono la "famigerata" mandalai, dico "famigerata" perchè ho già chiesto aiuto recentemente per un problema che voi mitici purtroppo non avete potuto aiutarmi a risolvere perchè necessitavo di un miracolo, mi si era rotto l'hard disk con conseguente perdita di tutti i dati... mi devo ancora riprendere dallo shock... al momento sono alle prese con l'amara scoperta che gli attacchi usb frontali non funzionano! motivo x cui non mi leggono nè una chiavetta, nè la webcam, nè è stato possibile mettere in carica il lettore mp3. Gli stessi citati dispositivi fungono benissimo sul portatile... c'è un sistema per sistemarlo da sola o devo staccare tutto e riportare domani al negozio?... comincio ad andare in stress... grazie per qualunque dritta che possa eseguire io da qua... vi posto una screencap che mostra il risultato della procedura di controllo della gestione periferiche compreso Visualizza periferiche nascoste..... se guardate in fondo è uscita una cosina gialla con punto esclamativo, sotto DRIVER NO PLUGGER AND PLAY di nome serial che genera un albero di cose dove poi c'è questo serial con cerchio giallo ... non so se c'era già prima che me ne accorgessi, io stavo solo provando a installare la webcam ma anche se il programma è installato la web non si vede, come non si vede nulla che abbia un'uscita usb... il sistema operativo è xp professional e la scheda madre una ASUS NODUSM3 ... grazie a tutti in anticipo...