Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Problema avvio Windows 7

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Problema avvio Windows 7

Postdi ShadowTS » 20/07/12 10:19

Buongiorno, sono nuovo di questo forum.
Ho un problema con un mio PC Windows 7 64bit. Funzionava tutto benissimo, avvio in un minuto scarso, ma da ieri ha problemi.
Lo accendo ieri pomeriggio, si avvia normalmente ma qualsiasi icona premo sul desktop i programmi non partono. Funziona solo la navigazione nelle cartelle (Esplora Risorse o cartelle sul desktop) e il menù Start si apre ma non funziona nulla (nemmeno lo spegnimento del pc).
Primo reset: non cambia nulla (Windows chiede modalità di avvio e scelgo normale).
Secondo reset: dopo una manciata di secondi dall'apertura del desktop il tutto diventa nero con solo il puntatore del mouse.

Faccio qualche ricerca e provo a far girare il Kaspersky Recovery Disk 10, tuttavia una volta avviato e selezionato la modalità "con interfaccia grafica" lo schermo diventa nero e il disco continua a girare, perciò dopo un 15 minuti buoni lo resetto di nuovo e non so se abbia funzionato (non penso in quanto le guide dicono che dovrebbe funzionare con delle finestre informative che dicono prima che scarica le definizioni virus etc e poi fa la scansione).

Riavvio ancora e magicamente ora funziona. O meglio: funziona più o meno. Mi spiego: il pc si avvia, la schermata di Windows azzurra ci mette più o meno lo stesso tempo di prima e così anche quando diventa per qualche secondo nero. Poi appare il desktop senza icone, con la barra in basso e le icone dei programmi che si stanno aprendo a destra, e sul desktop appare il logo di NOD32 5.0 che è il mio antivirus che si sta avviando, ma misteriosamente si blocca così per 50 secondi netti, dopodichè compaiono tutte le altre icone e finiscono di avviarsi i programmi e il pc funziona perfettamente. Il problema è che si "blocca" quei 50 secondi che prima non si bloccava.

Ho fatto una scansione con Malwarebytes (pulito) e un log di Hijackthis che allego. Informo inoltre che utilizzo appunto NOD32 5.0 come antivirus real time, Comodo Firewall + Defence come preservativi (e con il defence di solito è dura che qualcosa si insinui senza che tu gli dia l'ok), e Malwarebytes free come scansioni extra.

Ringrazio chiunque abbia esperienza per darmi qualche dritta.

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:55:35, on 20/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Steam\steam.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Ale\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111304&tt=020512_mntb_est&babsrc=HP_ss&mntrId=a8aabd43000000000000902b3433ed27
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKLM\..\RunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\UpdManager\PreRun.exe
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Windows\TEMP\E_SE233.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service:  Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13595 bytes
ShadowTS
Newbie
 
Post: 2
Iscritto il: 20/07/12 08:52

Sponsor
 

Re: Problema avvio Windows 7

Postdi FrancescoFDAC » 20/07/12 10:35

Scarica ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
● posiziona il file scaricato sul Desktop
disattiva l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattiva il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix con un doppio click
● una volta avviato clicca il pulsante Accetto: conferma cliccando Ok due volte
● segui le istruzioni che verranno rilasciate per eseguire la scansione:
"Tipicamente non impiega più di 10 minuti
Su pc molto infetti il tempo di scansione può raddoppiare facilmente"
● nel caso tu abbia Windows XP, verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare (clicca il pulsante No)
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● potrebbero comparire alcuni file sul Desktop, e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop: nulla di cui preoccuparsi
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo te
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo

Nota - riguardo al programma:
● per eseguire correttamente ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona del programma e, dal menù contestuale, scegli la voce Esegui come Amministratore
sUBs, la software house che distribuisce ComboFix, non è responsabile di qualsiasi danno causato dopo l'utilizzo del programma stesso.
Esso non dovrebbe essere utilizzato a meno che non venga espressamente richiesto da un esperto
ComboFix disabilita l'esecuzione automatica delle unità USB (Chiavette, Hard Disk Esterni, Lettori MP3...) per prevenire future minacce: quando inserisci una Pendrive, dovrai avviarla manualmente dalle Risorse del computer.
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53

Re: Problema avvio Windows 7

Postdi ShadowTS » 22/07/12 23:59

Ecco il log. Oltre ai file in "altre eliminazioni" ha cancellato altro?

Codice: Seleziona tutto
ComboFix 12-07-21.01 - Ale 23/07/2012   0:47.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.39.1040.18.8154.6207 [GMT 2:00]
Eseguito da: c:\users\Ale\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp9C.tmp
c:\windows\SysWow64\tmpAD.tmp
.
.
(((((((((((((((((((((((((   Files Creati Da 2012-06-22 al 2012-07-22  )))))))))))))))))))))))))))))))))))
.
.
2012-07-22 22:53 . 2012-07-22 22:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-07-22 22:38 . 2012-06-12 03:08   3148800   ----a-w-   c:\windows\system32\win32k.sys
2012-07-22 22:37 . 2010-02-23 08:16   294912   ----a-w-   c:\windows\system32\browserchoice.exe
2012-07-22 22:36 . 2012-06-29 10:04   9133488   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3C027D32-2F58-45EC-9D10-A6C001CE3436}\mpengine.dll
2012-07-22 22:31 . 2012-06-06 06:05   495616   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2012-07-22 22:31 . 2012-06-06 06:05   61440   ----a-w-   c:\program files\Common Files\System\ado\msador15.dll
2012-07-22 22:31 . 2012-06-06 06:05   466944   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2012-07-22 22:31 . 2012-06-06 06:05   1499136   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2012-07-22 22:31 . 2012-06-06 06:05   258048   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2012-07-22 22:31 . 2012-06-06 06:02   1133568   ----a-w-   c:\windows\system32\cdosys.dll
2012-07-22 22:31 . 2012-06-06 05:05   143360   ----a-w-   c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-22 22:31 . 2012-06-06 05:05   372736   ----a-w-   c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-22 22:31 . 2012-06-06 05:05   57344   ----a-w-   c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-22 22:31 . 2012-06-06 05:05   352256   ----a-w-   c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-22 22:31 . 2012-06-06 05:05   212992   ----a-w-   c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-22 22:31 . 2012-06-06 05:05   1019904   ----a-w-   c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-22 22:31 . 2012-06-06 05:03   805376   ----a-w-   c:\windows\SysWow64\cdosys.dll
2012-07-19 21:51 . 2012-07-19 21:52   --------   d---a-w-   C:\Kaspersky Rescue Disk 10.0
2012-07-19 21:27 . 2012-07-19 21:27   --------   d-----w-   c:\users\Ale\AppData\Roaming\LaCie
2012-07-16 21:53 . 2012-07-16 21:53   --------   d-----w-   c:\users\Ale\AppData\Roaming\Creative
2012-07-11 22:26 . 2012-07-11 22:26   9822920   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-10 21:24 . 2012-07-10 21:25   --------   d-----w-   c:\users\Ale\AppData\Local\Skyrim
2012-07-10 21:10 . 2012-07-10 21:24   --------   d-----w-   c:\program files (x86)\The Elder Scrolls V Skyrim
2012-07-09 21:33 . 2012-07-09 21:33   --------   d-----w-   c:\users\Public\CyberLink
2012-07-09 21:33 . 2012-07-09 21:33   --------   d-----w-   c:\users\Ale\Cyberlink
2012-07-09 21:33 . 2012-07-09 21:33   --------   d-----w-   c:\users\Ale\AppData\Roaming\CyberLink
2012-07-09 21:33 . 2012-07-09 22:12   --------   d-----w-   c:\programdata\CyberLink
2012-07-06 10:18 . 2012-07-06 10:18   --------   d-----w-   c:\program files (x86)\MSXML 4.0
2012-07-06 10:15 . 2012-05-04 11:06   5559664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-07-06 10:15 . 2012-05-04 10:03   3913072   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2012-07-06 10:15 . 2012-05-04 10:03   3968368   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2012-07-06 10:15 . 2012-04-28 05:32   1112064   ----a-w-   c:\windows\system32\rdpcorets.dll
2012-07-06 10:15 . 2012-04-28 03:55   210944   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-06 10:15 . 2012-04-26 05:41   77312   ----a-w-   c:\windows\system32\rdpwsx.dll
2012-07-06 10:15 . 2012-04-26 05:41   149504   ----a-w-   c:\windows\system32\rdpcorekmts.dll
2012-07-06 10:15 . 2012-04-26 05:34   9216   ----a-w-   c:\windows\system32\rdrmemptylst.exe
2012-07-05 16:45 . 2012-07-05 16:45   5030088   ----a-w-   c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-05 16:31 . 2012-07-09 22:25   --------   d-----w-   c:\users\Ale\AppData\Roaming\TS3Client
2012-07-05 16:30 . 2012-07-05 16:30   --------   d-----w-   c:\program files\TeamSpeak 3 Client
2012-06-27 08:41 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-27 08:41 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-27 08:41 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-06-27 08:41 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-06-27 08:41 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-06-27 08:41 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-27 08:41 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-06-27 08:41 . 2012-06-02 13:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-06-27 08:41 . 2012-06-02 13:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-06-25 12:17 . 2012-06-25 12:17   --------   d-----w-   c:\windows\tessdata
2012-06-25 12:17 . 2012-06-25 12:17   --------   d-----w-   c:\program files (x86)\Softi Software
2012-06-25 12:17 . 2012-06-25 12:17   --------   d-----w-   c:\users\Ale\AppData\Roaming\Softi Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 22:36 . 2012-05-16 17:55   59701280   ----a-w-   c:\windows\system32\MRT.exe
2012-07-12 08:00 . 2012-05-16 17:00   70344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:00 . 2012-05-16 17:00   426184   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 11:46 . 2012-05-16 18:51   24904   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-05-31 10:25 . 2010-11-21 03:27   279656   ------w-   c:\windows\system32\MpSigStub.exe
2012-05-21 21:46 . 2012-05-16 16:51   25640   ----a-w-   c:\windows\gdrv.sys
2012-05-18 13:17 . 2012-05-18 13:17   86528   ----a-w-   c:\windows\SysWow64\iesysprep.dll
2012-05-18 13:17 . 2012-05-18 13:17   76800   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-18 13:17 . 2012-05-18 13:17   74752   ----a-w-   c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-18 13:17 . 2012-05-18 13:17   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2012-05-18 13:17 . 2012-05-18 13:17   161792   ----a-w-   c:\windows\SysWow64\msls31.dll
2012-05-18 13:17 . 2012-05-18 13:17   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2012-05-18 13:17 . 2012-05-18 13:17   91648   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2012-05-18 13:17 . 2012-05-18 13:17   89088   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2012-05-18 13:17 . 2012-05-18 13:17   89088   ----a-w-   c:\windows\system32\ie4uinit.exe
2012-05-18 13:17 . 2012-05-18 13:17   85504   ----a-w-   c:\windows\system32\iesetup.dll
2012-05-18 13:17 . 2012-05-18 13:17   82432   ----a-w-   c:\windows\system32\icardie.dll
2012-05-18 13:17 . 2012-05-18 13:17   76800   ----a-w-   c:\windows\system32\tdc.ocx
2012-05-18 13:17 . 2012-05-18 13:17   74752   ----a-w-   c:\windows\SysWow64\iesetup.dll
2012-05-18 13:17 . 2012-05-18 13:17   697344   ----a-w-   c:\windows\system32\msfeeds.dll
2012-05-18 13:17 . 2012-05-18 13:17   65024   ----a-w-   c:\windows\system32\pngfilt.dll
2012-05-18 13:17 . 2012-05-18 13:17   63488   ----a-w-   c:\windows\SysWow64\tdc.ocx
2012-05-18 13:17 . 2012-05-18 13:17   603648   ----a-w-   c:\windows\system32\vbscript.dll
2012-05-18 13:17 . 2012-05-18 13:17   55296   ----a-w-   c:\windows\system32\msfeedsbs.dll
2012-05-18 13:17 . 2012-05-18 13:17   534528   ----a-w-   c:\windows\system32\ieapfltr.dll
2012-05-18 13:17 . 2012-05-18 13:17   49664   ----a-w-   c:\windows\system32\imgutil.dll
2012-05-18 13:17 . 2012-05-18 13:17   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2012-05-18 13:17 . 2012-05-18 13:17   452608   ----a-w-   c:\windows\system32\dxtmsft.dll
2012-05-18 13:17 . 2012-05-18 13:17   448512   ----a-w-   c:\windows\system32\html.iec
2012-05-18 13:17 . 2012-05-18 13:17   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-05-18 13:17 . 2012-05-18 13:17   403248   ----a-w-   c:\windows\system32\iedkcs32.dll
2012-05-18 13:17 . 2012-05-18 13:17   39936   ----a-w-   c:\windows\system32\iernonce.dll
2012-05-18 13:17 . 2012-05-18 13:17   3695416   ----a-w-   c:\windows\system32\ieapfltr.dat
2012-05-18 13:17 . 2012-05-18 13:17   367104   ----a-w-   c:\windows\SysWow64\html.iec
2012-05-18 13:17 . 2012-05-18 13:17   35840   ----a-w-   c:\windows\SysWow64\imgutil.dll
2012-05-18 13:17 . 2012-05-18 13:17   30720   ----a-w-   c:\windows\system32\licmgr10.dll
2012-05-18 13:17 . 2012-05-18 13:17   282112   ----a-w-   c:\windows\system32\dxtrans.dll
2012-05-18 13:17 . 2012-05-18 13:17   267776   ----a-w-   c:\windows\system32\ieaksie.dll
2012-05-18 13:17 . 2012-05-18 13:17   249344   ----a-w-   c:\windows\system32\webcheck.dll
2012-05-18 13:17 . 2012-05-18 13:17   23552   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2012-05-18 13:17 . 2012-05-18 13:17   222208   ----a-w-   c:\windows\system32\msls31.dll
2012-05-18 13:17 . 2012-05-18 13:17   197120   ----a-w-   c:\windows\system32\msrating.dll
2012-05-18 13:17 . 2012-05-18 13:17   165888   ----a-w-   c:\windows\system32\iexpress.exe
2012-05-18 13:17 . 2012-05-18 13:17   163840   ----a-w-   c:\windows\system32\ieakui.dll
2012-05-18 13:17 . 2012-05-18 13:17   160256   ----a-w-   c:\windows\system32\wextract.exe
2012-05-18 13:17 . 2012-05-18 13:17   160256   ----a-w-   c:\windows\system32\ieakeng.dll
2012-05-18 13:17 . 2012-05-18 13:17   152064   ----a-w-   c:\windows\SysWow64\wextract.exe
2012-05-18 13:17 . 2012-05-18 13:17   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2012-05-18 13:17 . 2012-05-18 13:17   149504   ----a-w-   c:\windows\system32\occache.dll
2012-05-18 13:17 . 2012-05-18 13:17   145920   ----a-w-   c:\windows\system32\iepeers.dll
2012-05-18 13:17 . 2012-05-18 13:17   135168   ----a-w-   c:\windows\system32\IEAdvpack.dll
2012-05-18 13:17 . 2012-05-18 13:17   12288   ----a-w-   c:\windows\system32\mshta.exe
2012-05-18 13:17 . 2012-05-18 13:17   11776   ----a-w-   c:\windows\SysWow64\mshta.exe
2012-05-18 13:17 . 2012-05-18 13:17   114176   ----a-w-   c:\windows\system32\admparse.dll
2012-05-18 13:17 . 2012-05-18 13:17   111616   ----a-w-   c:\windows\system32\iesysprep.dll
2012-05-18 13:17 . 2012-05-18 13:17   10752   ----a-w-   c:\windows\system32\msfeedssync.exe
2012-05-18 13:17 . 2012-05-18 13:17   103936   ----a-w-   c:\windows\system32\inseng.dll
2012-05-18 13:17 . 2012-05-18 13:17   101888   ----a-w-   c:\windows\SysWow64\admparse.dll
2012-05-17 21:58 . 2012-05-17 21:58   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2012-05-17 21:58 . 2012-05-17 21:58   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2012-05-17 21:58 . 2012-05-17 21:58   444952   ----a-w-   c:\windows\SysWow64\wrap_oal.dll
2012-05-17 21:58 . 2012-05-17 21:58   109080   ----a-w-   c:\windows\SysWow64\OpenAL32.dll
2012-05-17 12:35 . 2012-05-17 12:35   178800   ----a-w-   c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-17 11:48 . 2011-03-28 16:36   19736   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-16 22:20 . 2012-05-16 22:20   272448   ----a-w-   c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-16 22:05 . 2012-05-16 20:52   25640   ----a-w-   c:\windows\etdrv.sys
2012-05-16 21:55 . 2012-05-16 16:13   30528   ----a-w-   c:\windows\GVTDrv64.sys
2012-05-16 20:16 . 2012-05-16 20:16   81920   ----a-r-   c:\users\Ale\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut2_6DD9963C271A4A1482B04DC148C52E58_2.exe
2012-05-16 20:16 . 2012-05-16 20:16   81920   ----a-r-   c:\users\Ale\AppData\Roaming\Microsoft\Installer\{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}\NewShortcut1_6DD9963C271A4A1482B04DC148C52E58_2.exe
2012-05-16 19:57 . 2012-05-16 19:56   605552   ----a-w-   c:\windows\system32\xOsLoad.exe
2012-05-16 19:57 . 2012-05-16 19:56   5559664   ----a-w-   c:\windows\system32\xNtKrnl.exe
2012-05-16 19:57 . 2012-05-16 19:56   14336   ----a-w-   c:\windows\system32\drivers\oem-drv64.sys
2012-05-16 17:17 . 2012-05-16 17:17   772552   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2012-05-15 10:48 . 2012-05-22 21:55   818496   ----a-w-   c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-22 21:55   8139072   ----a-w-   c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 21:55   5982528   ----a-w-   c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-22 21:55   364352   ----a-w-   c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 21:55   301376   ----a-w-   c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-22 21:55   2881856   ----a-w-   c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 21:55   2681664   ----a-w-   c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 21:55   25743168   ----a-w-   c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-22 21:55   2524992   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-22 21:55   25248064   ----a-w-   c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 21:55   246592   ----a-w-   c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-22 21:55   2445120   ----a-w-   c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-22 21:55   202048   ----a-w-   c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-22 21:55   19607872   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-22 21:55   18044224   ----a-w-   c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-22 21:55   17551680   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-22 21:55   14298944   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-05-16 17:24   949056   ----a-w-   c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-05-16 17:24   8105280   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-05-16 17:24   68928   ----a-w-   c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-05-16 17:24   61248   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-05-16 17:24   10194752   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-05-16 16:19   2741568   ----a-w-   c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-05-16 16:19   2368832   ----a-w-   c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-05-16 16:19   1738048   ----a-w-   c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-05-16 16:19   15322432   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-05-16 16:19   1468224   ----a-w-   c:\windows\system32\nvgenco64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-16 1242448]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2012-06-05 222496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\UpdManager\PreRun.exe" [2008-04-03 297480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-05-16 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-05-16 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-16 1255736]
S0 iusb3hcs;Driver dello switch Controller Host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [2012-05-16 14336]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-16 272448]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-11-23 296808]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S3 iusb3hub;Driver hub Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Driver Controller Host estendibile Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Mcx2Svc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272275117-3134228947-643984190-1000Core.job
- c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 18:16]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3272275117-3134228947-643984190-1000UA.job
- c:\users\Ale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 18:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=111304&tt=020512_mntb_est&babsrc=HP_ss&mntrId=a8aabd43000000000000902b3433ed27
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ale\AppData\Roaming\Mozilla\Firefox\Profiles\4308grux.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&q=
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-3272275117-3134228947-643984190-1000\Software\SecuROM\License information*]
"datasecu"=hex:53,8d,11,ba,ab,bc,56,99,14,b6,9c,02,d5,5d,87,ee,a1,9d,00,66,57,
   1e,23,f8,9f,54,2d,37,f1,51,8a,53,b5,3f,df,f2,65,da,40,d0,15,df,80,12,e0,45,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Program Files (x86)\\GIGABYTE\\ET6\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\GIGABYTE\UpdManager\RunUpd.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\GIGABYTE\UpdManager\GBTUpd.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-23  00:58:44 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2012-07-22 22:58
.
Pre-Run: 585.748.619.264 byte disponibili
Post-Run: 585.414.393.856 byte disponibili
.
- - End Of File - - 5728382D5FD0895F4D32FFD17C3CE0C7
ShadowTS
Newbie
 
Post: 2
Iscritto il: 20/07/12 08:52

Re: Problema avvio Windows 7

Postdi FrancescoFDAC » 23/07/12 09:42

No.

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/ ... killer.exe
● posiziona il file scaricato sul Desktop
● clicca due volte sul file TDSSKiller.exe per avviare l'applicazione
● successivamente premi il pulsante Start scan

Nota - riguardo al programma:
● non cliccare sul pulsante Stop scan per nessun motivo, la scansione si interromperebbe

Giunti a questo punto, inizia la scansione del sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure: clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip: clicca quindi su Continua
● se non viene rilevato nulla, chiudi semplicemente il programma al termine della scansione

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: allega il Report situato nel Disco Locale C:\, di nome TDSSKiller.[Version]_[Date]_[Time]_log.txt
● è necessario riavviare il sistema: clicca su Riavvia ora, infine allega il risultato della scansione (si trova nello stesso percorso menzionato poco fa')
FrancescoFDAC
Utente Senior
 
Post: 1048
Iscritto il: 13/08/11 09:53


Torna a Sicurezza e Privacy


Topic correlati a "Problema avvio Windows 7":

Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron