mandalai

Avvio Lento Di Ie Su W7

Iniziato da mandalai,

15 messaggi in questa discussione

Inviato (modificato)

Buongiorno a tutti! ho bisogno, nei limiti dell'umano possibile, di una consulenza per il problema che provo ad esporre qui sotto. Prima di tutto, premeto che ho Windows 7 Ultimate ed Internet Explorer 9. Ordunque, prima di questo SO (arrivato dopo che ho dovuto rifarmi il pc nuovo seguito di una Caporetto di quello vecchio icon_sad.gif che girava su XP Professional) non avevo MAI avuto sto problema. Adesso è la prassi icon_evil.gif

Dunque, quando apro il browser per la prima volta dopo l'accensione del PC mi impiega un sacco di tempo per caricare la pagina iniziale, nel mio caso è libero.

Ho provato a disabilitare alcuni componenti aggiuntivi:

tipo la google bar (che però mi manca assai! icon_confused.gif ,

il Download and Record Plug-in per IE di Real Player,

Adobe PDF link helper.

Sono già disattivati per conto loro:

Groove GFS Browser Helper, Guida accesso Windows Live, office Document Cache Handler, Groove Folder.

Restano attivati: Invia a onenote, note collegate a One Note, shockwave flash object.

Secondo voi devo disattivare anche questi? che cdosa d'altro posso fare per capire come velocizzare sta situazione?

grazie in anticipo di cuore :thumbsup5:

Modificato da mandalai

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Prova a cambiare Homepage. Magari inserendo qualcosa di Ipersemplice.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ah si? tipo? ok ci provo e poi ti farò sapere! grazie intanto! ^______^

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

provato con hotmail ma non è cambiato nulla :( provo con quello che mi hai suggerito .. grazie:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Vorrei un parere su questi report. Premetto che da quando Malwarebyte mi ha chiesto di rimuovere i file infetti ho il seguente messaggio di errore ad ogni accensione del PC: StartX failed to run the program error 2. impossibile trovare il file sspecificato. E il browser (che sia IE9 o Chrome) è sempre lentissimo alla prima apertura.

Ringrazio in anticipo chi potrà e vorrà aiutarmi.

un abbraccio

Malwarebytes' Anti-Malware 1.51.1.1800

http://www.malwarebytes.org

Versione database: 7544

Windows 6.1.7600 Service Pack 1

Internet Explorer 9.0.8112.16421

23/08/2011 18:11:09

mbam-log-2011-08-23 (18-11-09).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|G:\|)

Elementi esaminati: 393984

Tempo impiegato: 50 minuti, 12 secondi

Processi infetti in memoria: 1

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 3

Processi infetti in memoria:

c:\Windows\SysWOW64\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> 4368 -> Unloaded process successfully.

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

c:\Windows\SysWOW64\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Windows\System32\activator_office_14\KMS.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Users\Public\Desktop\mp3 downloader.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Aggiungo anche report da Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:50:39, on 24/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Windows\Domino.exe

C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

C:\Windows\ZSSnp211.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

O4 - HKLM\..\Run: [bigDogPath] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Activator_Office_14] C:\Windows\system32\Activator_Office_14\KMSStart.exe

O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe

O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe

O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10297 bytes

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

posto report di combofix se può aiutare.

Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo.

Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza.

ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00]

Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 )))))))))))))))))))))))))))))))))))

.

.

2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer

2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner

2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes

2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro

2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll

2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital

2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner

2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys

2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]

S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]

S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x]

S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.libero.it/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

.

**************************************************************************

.

Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2011-08-24 21:47

.

Pre-Run: 58.063.458.304 byte disponibili

Post-Run: 67.590.123.520 byte disponibili

.

- - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

posto report di combofix se può aiutare.

Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo.

Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza.

ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00]

Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 )))))))))))))))))))))))))))))))))))

.

.

2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer

2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner

2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes

2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro

2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll

2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital

2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner

2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys

2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]

S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]

S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x]

S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.libero.it/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

.

**************************************************************************

.

Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2011-08-24 21:47

.

Pre-Run: 58.063.458.304 byte disponibili

Post-Run: 67.590.123.520 byte disponibili

.

- - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

posto report di combofix se può aiutare.

Il messaggio StartX: failed to run the program Error 2. Impossibile trovare il file specificato continua ad uscire subito dopo l'accensione (appare sul desktop per capirci) ed il browser alla PRIMA apertura dopo l'accensione è lentissimo.

Attendo fiduciosa e mi scuso ancora per l'abuso di pazienza.

ComboFix 11-08-24.05 - Antonella 24/08/2011 23:37:51.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.1.1252.39.1040.18.4094.2502 [GMT 2:00]

Eseguito da: c:\users\Antonella\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Creati Da 2011-07-24 al 2011-08-24 )))))))))))))))))))))))))))))))))))

.

.

2011-08-24 21:40 . 2011-08-24 21:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-24 16:28 . 2011-08-24 16:28 -------- d-----w- c:\users\Antonella\AppData\Roaming\TeamViewer

2011-08-24 15:28 . 2011-08-24 15:33 -------- d-----w- c:\users\Antonella\AppData\Roaming\Wise Registry Cleaner

2011-08-24 10:25 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-24 10:25 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-23 16:12 . 2011-08-23 16:12 -------- d-----w- C:\Western Digital

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\users\Antonella\AppData\Roaming\Malwarebytes

2011-08-23 15:10 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\programdata\Malwarebytes

2011-08-23 15:10 . 2011-08-23 15:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-23 15:10 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-23 14:56 . 2011-08-23 14:56 388096 ----a-r- c:\users\Antonella\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-23 14:56 . 2011-08-23 14:56 -------- d-----w- c:\program files (x86)\Trend Micro

2011-08-23 10:38 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BF089B9-948F-41F2-B56B-3E594E6DA5F1}\mpengine.dll

2011-08-09 10:14 . 2011-08-09 10:14 -------- d-----w- c:\program files\Western Digital

2011-08-01 13:08 . 2011-08-01 13:08 -------- d-----w- c:\program files\CCleaner

2011-08-01 11:03 . 2011-08-04 11:14 -------- d-----w- c:\windows\system32\appmgmt

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-24 21:41 . 2011-06-23 08:21 42496 ----a-w- c:\windows\system32\drivers\oem-drv64.sys

2011-08-17 09:04 . 2011-06-24 11:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-07-16 04:26 . 2011-08-10 07:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-06-26 00:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-06-26 00:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-24 15:21 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-06-24 12:01 . 2011-06-23 08:05 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-23 10:05 . 2011-06-23 10:05 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-23 10:05 . 2011-06-23 10:05 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-23 10:05 . 2011-06-23 10:05 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-23 10:05 . 2011-06-23 10:05 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-23 10:05 . 2011-06-23 10:05 448512 ----a-w- c:\windows\system32\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-23 10:05 . 2011-06-23 10:05 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-23 10:05 . 2011-06-23 10:05 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-23 10:05 . 2011-06-23 10:05 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-23 10:05 . 2011-06-23 10:05 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-23 10:05 . 2011-06-23 10:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-23 10:05 . 2011-06-23 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-23 10:05 . 2011-06-23 10:05 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-23 10:05 . 2011-06-23 10:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-23 10:05 . 2011-06-23 10:05 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-23 10:05 . 2011-06-23 10:05 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-23 10:05 . 2011-06-23 10:05 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-23 10:05 . 2011-06-23 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-23 10:05 . 2011-06-23 10:05 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-21 281768]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-06-24 273544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]

"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]

"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]

"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]

"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Activator_Office_14"="c:\windows\system32\Activator_Office_14\KMSStart.exe" [2011-06-23 299008]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-6-29 4221840]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-06-29 317328]

S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-06-29 1978256]

S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-06-29 1338256]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [x]

S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [x]

.

.

Contenuto della cartella 'Scheduled Tasks'

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-24 11:56]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scansione supplementare -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.libero.it/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"

.

--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\sched.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe

.

**************************************************************************

.

Ora fine scansione: 2011-08-24 23:47:46 - Il pc è stato riavviato

ComboFix-quarantined-files.txt 2011-08-24 21:47

.

Pre-Run: 58.063.458.304 byte disponibili

Post-Run: 67.590.123.520 byte disponibili

.

- - End Of File - - 8105DE88B09A4699C6E1038ECF43D5B4

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

aiuto! non so per quale ragione l'unico post che avevo scritto stasera recante il report di combofix è stato caricato per ben 3 volte! !!!! dall'ora potete notare che io non c'entro!! scusate lo stesso ma a quanto pare ci deve essere stato un disguido tecnico! :(

che imbarazzo :(:sorry1:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Evidentemente è rimasto in Cache....

MalwareBytes AntiMalware non è aggiornato. Aggiornalo e ri-esegui la scansione, per piacere.

Allega i report (i veri e propri file), non incollarli dentro al testo del topic, per cortesia.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

lo faccio subito e scusami se ho fatto copia incolla credevo di facilitare... che testa che ho...:sorry1:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Mandalai, allega i nuovi log d'ora in poi per cortesia. Per questi ormai è già fatta :D

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Vai alla lista Discussioni Browser di Navigazione, Client di Posta e Software per il Networking