Cpu a gogo dopo aver disinstallato office manualmente

Pubblicità
R

Reticolare77

Nuovo Utente
Messaggi
15
Reazioni
0
Punteggio
25
Buona sera
5 giorni fa (maledico il giorno) ho provato a installare office 2010 ma era una versione farlocca e quindi non mi si installava o mi si installava parzialmente..ho provato per ore a disinstallarlo anche perché mi rallentava tutto ma non riuscivo a eliminare il programma definitivamente..allora ho trovato su un forum un percorso manuale che andava a toccare le HKEY del regedit...l'ho disintallato e ho rimesso office 2007..ho fatto una scansione con avast che mi ha trovato una decina di virus che ha eliminato..da qualche giorno la cpu è al massimo e anche le normali attività sul pc rallentano e si blocca per qualche minuto..ho provato con HijackThis v2.0.4



ora io non so più che fare..il mio pc è un hp con 4 gb di ram AMD Athlon X2 Dual Core QL-65 2.10 GH...e prima del fattaccio riuscivo ad aprire più programmi contemporaneamente..adesso anche per inviare una mail devo aspettare che si sblocchi...qualcuno può aiutarmi? potete farmi delle ipotesi? grazie anticipatamente
 
  • Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\WerFault.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN
 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Cinzia\AppData\Local\Google\Update\Googl eUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Policies\Explorer\Run: [Logman] C:\Windows\System32\drivers\logman.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_e2247046\aestsrv.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Users\Cinzia\Desktop\xampplite-win32-1.7.3\xampplite\apache\bin\httpd.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (file missing)
O23 - Service: MySQL - Unknown owner - C:\Users\Cinzia\Desktop\xampplite-win32-1.7.3\xampplite\mysql\bin\mysqld.exe (file missing)
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\Windows\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: Office Software Protection Platform (osppsvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_e2247046\STacSV.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

spero che qualcuno mi aiuti..grazie
 
Ciao.

Scarica, preferibilmente con Internet Explorer, ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Posiziona ComboFix sul Desktop ed esegui queste operazioni preliminari:
disconnettiti da Internet
● sconnetti, fisicamente, il modem/router dal Computer

E' assolutamente necessario, se attivo:
disattivare l'Antivirus in uso, dall'icona presente sulla Traybar (accanto all'orologio di Windows)
disattivare il Firewall eventualmente installato, dall'icona presente sulla Traybar (accanto all'orologio di Windows)

Eseguiti i passaggi indicati sopra:
● lancia ComboFix: per lanciare ComboFix su Windows Vista e Windows Seven, clicca con il tasto destro del mouse sull'icona di ComboFix e, dal menù contestuale, scegli la voce Esegui come Amministratore
● segui le istruzioni che verranno rilasciate per eseguire la scansione
● verrà richiesta l'installazione della Console di ripristino di emergenza: non la installare
senza eseguire nessuna altra operazione, lascia che il tool completi il suo lavoro

Note - durante la scansione:
● verranno creati alcuni file sul Desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all'Antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso circa la rimozione di alcuni driver: consenti
● potrebbe apparire sul Desktop l'icona di Internet Explorer, qualora già non fosse presente

Quando ComboFix avrà concluso l'operazione di scansione:
● il sistema verrà riavviato automaticamente: in caso contrario, riavvialo tu
● ricollega, fisicamente, il modem/router al Computer
connettiti a Internet
● vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
 
in effetti Combofix ha ripulito il pc ma se spengo il wireless del pc, disattivo tutti i programmi e rimango col desktop senza muovere il puntatore mi dà la clessidra e il cpu si impenna fino al 90%...non capisco che ***** c'ha sto pc..prima non era così...altri consigli ragazzi? pleaseeeeee
 
Se avesso letto bene, a quest'ora avresti postato il log di ComboFix (e, probabilmente, risolto i tuoi problemi).

:)
 
ha ragione FDA..

Foglio1
Pagina 1
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
2011-03-03 10:40 . 2011-03-03 10:40
2011-03-03 10:38 . 2010-12-20 17:09
2011-03-03 10:38 . 2011-03-03 10:38
2011-03-03 10:38 . 2011-03-03 10:39
2011-03-03 10:38 . 2010-12-20 17:08
2011-03-02 08:36 . 2011-02-23 08:35
2011-03-01 12:33 . 2011-03-01 12:33
2011-03-01 12:33 . 2011-03-01 12:33
2011-03-01 00:25 . 2011-03-01 00:25
2011-02-28 22:59 . 2011-03-03 11:57
2011-02-28 22:58 . 2009-08-04 08:02
2011-02-28 00:35 . 2010-02-12 10:32
2011-02-28 00:28 . 2010-02-20 23:06
2011-02-28 00:28 . 2010-02-20 20:53
2011-02-28 00:28 . 2010-02-20 23:05
2011-02-28 00:21 . 2009-10-09 21:56
2011-02-28 00:21 . 2009-10-09 21:56
2011-02-28 00:21 . 2009-10-09 21:56
2011-02-28 00:21 . 2009-10-09 21:56
2011-02-28 00:21 . 2009-10-09 21:56
2011-02-28 00:21 . 2009-10-09 21:56
ComboFix 11-03-03.01 - Cinzia 03/03/2011 22.29.07.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3069.1944 [GMT 1:00]
Eseguito da: c:\users\Cinzia\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
c:\program files\OfferBox
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\programdata\NETg
c:\programdata\NETg\netg.ini
c:\users\Cinzia\AppData\Roaming\OfferBox
c:\users\Cinzia\AppData\Roaming\OfferBox\config.dat
c:\users\Cinzia\AppData\Roaming\OfferBox\config.xml
c:\windows\XSxS
La copia infetta di c:\windows\system32\Drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!drivers!atapi.sys
((((((((((((((((((((((((( Files Creati Da 2011-02-03 al 2011-03-03 )))))))))))))))))))))))))))))))))))Foglio1
Pagina 2
2011-02-27 18:30 . 2010-01-25 12:00
2011-02-27 18:30 . 2010-01-25 12:00
2011-02-27 18:30 . 2010-01-25 08:21
2011-02-27 18:30 . 2010-01-25 12:00
2011-02-27 18:30 . 2010-01-25 12:00
2011-02-27 18:30 . 2010-01-25 08:21
2011-02-27 18:30 . 2010-01-25 08:21
2011-02-27 18:30 . 2010-01-25 08:21
2011-02-27 18:30 . 2010-01-25 11:58
2011-02-27 18:30 . 2010-06-11 16:15
2011-02-27 18:29 . 2010-10-18 13:37
2011-02-27 18:29 . 2010-11-04 18:55
2011-02-27 18:29 . 2010-11-04 18:56
2011-02-27 18:29 . 2010-11-04 18:55
2011-02-27 18:29 . 2010-11-04 18:55
2011-02-27 18:29 . 2010-11-04 16:34
2011-02-27 18:29 . 2010-10-28 13:20
2011-02-27 18:28 . 2011-01-08 08:47
2011-02-27 18:28 . 2011-01-08 06:28
2011-02-27 18:28 . 2010-06-16 15:30
2011-02-27 18:26 . 2010-01-13 17:34
2011-02-27 18:26 . 2010-06-16 16:04
2011-02-27 18:26 . 2009-12-08 17:26
2011-02-27 18:26 . 2010-05-27 20:08
2011-02-27 18:13 . 2010-08-31 15:44
2011-02-27 18:13 . 2010-05-04 19:13
2011-02-27 18:11 . 2009-12-04 18:30
2011-02-27 18:11 . 2009-12-04 18:29
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:28
2011-02-27 18:11 . 2009-12-04 18:27
2011-02-27 18:04 . 2009-11-08 09:55
2011-02-27 18:04 . 2009-11-08 09:55
2011-02-27 18:04 . 2009-11-08 09:55
2011-02-27 18:04 . 2009-11-08 09:55
2011-02-27 18:04 . 2009-11-08 09:55
2011-02-27 00:20 . 2010-09-13 13:56
2011-02-27 00:20 . 2010-09-13 13:56
2011-02-27 00:20 . 2010-09-06 13:45
2011-02-27 00:20 . 2010-09-06 16:20
2011-02-27 00:20 . 2010-09-06 13:45
2011-02-27 00:20 . 2010-09-06 13:45
2011-02-27 00:20 . 2010-09-06 16:19
2011-02-27 00:18 . 2010-04-16 16:46
2011-02-27 00:18 . 2010-10-12 13:41
2011-02-27 00:18 . 2010-10-12 13:41
2011-02-27 00:18 . 2010-10-12 15:53
2011-02-27 00:18 . 2010-08-10 15:53
2011-02-27 00:17 . 2010-12-28 15:55Foglio1
Pagina 3
2011-02-27 00:17 . 2010-12-28 15:53
2011-02-27 00:17 . 2010-12-28 15:53
2011-02-27 00:17 . 2010-12-28 15:53
2011-02-27 00:17 . 2010-12-28 15:53
2011-02-27 00:17 . 2010-12-28 15:53
2011-02-27 00:17 . 2010-12-31 13:57
2011-02-27 00:15 . 2011-01-20 16:07
2011-02-27 00:15 . 2011-01-20 16:04
2011-02-27 00:15 . 2011-01-20 16:07
2011-02-27 00:15 . 2011-01-20 16:06
2011-02-27 00:15 . 2010-02-23 11:10
2011-02-27 00:15 . 2010-02-23 11:10
2011-02-27 00:15 . 2010-02-23 11:10
2011-02-27 00:15 . 2010-03-05 14:01
2011-02-27 00:15 . 2010-04-05 17:01
2011-02-27 00:15 . 2010-06-28 17:00
2011-02-27 00:15 . 2010-06-28 14:54
2011-02-27 00:14 . 2010-08-17 14:11
2011-02-27 00:14 . 2010-10-19 04:27
2011-02-27 00:14 . 2010-08-26 16:37
2011-02-27 00:14 . 2010-12-14 14:49
2011-02-27 00:14 . 2010-06-17 18:08
2011-02-27 00:14 . 2010-06-17 16:16
2011-02-27 00:14 . 2010-08-26 16:34
2011-02-27 00:14 . 2010-08-26 16:33
2011-02-27 00:14 . 2010-08-26 14:23
2011-02-27 00:12 . 2010-08-20 16:05
2011-02-27 00:12 . 2010-01-21 15:05
2011-02-27 00:12 . 2009-04-11 06:27
2011-02-27 00:07 . 2009-12-23 11:33
2011-02-26 03:02 . 2011-02-27 18:14
2011-02-26 02:00 . 2011-02-26 02:00
2011-02-26 01:59 . 2011-02-26 02:12
2011-02-25 01:49 . 2011-02-27 17:46
2011-02-25 01:48 . 2011-02-27 17:46
2011-02-25 01:48 . 2011-02-27 17:46
2011-02-25 01:48 . 2011-02-27 17:46
2011-02-25 01:29 . 2011-02-27 17:44
2011-02-25 00:58 . 2011-02-25 02:26
2011-02-15 21:53 . 2008-04-07 04:38
2011-02-15 21:53 . 2008-04-07 04:38
2011-02-13 02:51 . 2011-02-23 08:17
2011-02-05 14:25 . 2011-02-05 14:25
2011-02-05 14:24 . 2011-02-05 14:26
2011-02-02 20:54 . 2011-02-02 21:01
2011-02-02 00:12 . 2011-02-02 00:12
.
.
2011-02-02 16:11 . 2009-11-06 07:41
2011-01-30 01:16 . 2010-12-07 15:50
2011-01-13 08:47 . 2010-09-20 09:48
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))Foglio1
Pagina 4
2011-01-13 08:47 . 2009-09-07 01:10
2011-01-13 08:41 . 2009-09-07 01:10
2011-01-13 08:40 . 2009-09-07 01:10
2011-01-13 08:37 . 2009-09-07 01:10
2011-01-13 08:37 . 2009-09-07 01:10
2011-01-13 08:37 . 2009-09-07 01:10
.
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
@="Driver"
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Google Update="c:\users\Cinzia\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-29 135664]
Skype="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
StartCCC="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
SynTPEnh="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1410344]
UCam_Menu="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
QlbCtrl.exe="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
HP Software Update="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
WirelessAssistant="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
Adobe Reader Speed Launcher="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
AdobeCS4ServiceManager="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
Adobe Acrobat Speed Launcher="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
Acrobat Assistant 8.0="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
SunJavaUpdateSched="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
avast5="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
AdobeAAMUpdater-1.0="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
SwitchBoard="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
AdobeCS5ServiceManager="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
RtHDVCpl="RtHDVCpl.exe" [2008-01-15 4874240]
Skytel="Skytel.exe" [2007-11-20 1826816]
SysTrayApp="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
iTunesHelper="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
GrooveMonitor="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
QuickTime Task="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
c:\users\Cinzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
EnableLUA= 0 (0x0)
EnableUIADesktopToggle= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3370645036-689909312-44440716-1000]Foglio1
Pagina 5
2008-06-09 08:14
 
c:\users\Cinzia\AppData\Roaming\Malwarebytes
c:\windows\system32\drivers\mbamswissarmy.sys
c:\programdata\Malwarebytes
c:\program files\Malwarebytes' Anti-Malware
c:\windows\system32\drivers\mbam.sys
c:\programdata\Microsoft\Windows Defender\Definition Updates\{1559AD50-6E4A-4F27-A3A5-63D1960AC6C9}\mpengine.dll
c:\users\Cinzia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
c:\program files\Trend Micro
c:\users\Cinzia\AppData\Local\PackageAware
c:\users\Cinzia\AppData\Local\Windows Live
c:\windows\system32\webservices.dll
c:\windows\system32\browserchoice.exe
c:\windows\system32\nshhttp.dll
c:\windows\system32\drivers\http.sys
c:\windows\system32\httpapi.dll
c:\windows\system32\winrsmgr.dll
c:\windows\system32\wsmprovhost.exe
c:\windows\system32\winrshost.exe
c:\windows\system32\winrs.exe
c:\windows\system32\wsmplpxy.dll
c:\windows\system32\winrssrv.dllFoglio1
Pagina 16
c:\windows\system32\secproc_isv.dll
c:\windows\system32\secproc.dll
c:\windows\system32\RMActivate_isv.exe
c:\windows\system32\secproc_ssp_isv.dll
c:\windows\system32\secproc_ssp.dll
c:\windows\system32\RMActivate_ssp_isv.exe
c:\windows\system32\RMActivate.exe
c:\windows\system32\RMActivate_ssp.exe
c:\windows\system32\msdrm.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\consent.exe
c:\windows\system32\schedsvc.dll
c:\windows\system32\wmicmiplugin.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\taskeng.exe
c:\windows\system32\tzres.dll
c:\windows\system32\atmlib.dll
c:\windows\system32\atmfd.dll
c:\windows\system32\fontsub.dll
c:\windows\system32\cabview.dll
c:\windows\system32\drivers\tcpip.sys
c:\windows\system32\drivers\tcpipreg.sys
c:\windows\system32\inetcomm.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\msshsq.dll
c:\windows\system32\tsbyuv.dll
c:\windows\system32\quartz.dll
c:\windows\system32\msyuv.dll
c:\windows\system32\msvidc32.dll
c:\windows\system32\msrle32.dll
c:\windows\system32\iyuv_32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\mciavi32.dll
c:\windows\system32\avifil32.dll
c:\windows\system32\PresentationHostProxy.dll
c:\windows\system32\netfxperf.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\PresentationHost.exe
c:\windows\system32\dfshim.dll
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\system32\wmploc.DLL
 
c:\windows\system32\drivers\srv.sys
c:\windows\system32\srvsvc.dll
c:\windows\system32\drivers\srv2.sys
c:\windows\system32\drivers\srvnet.sys
c:\windows\system32\netevent.dll
c:\windows\system32\usp10.dll
c:\program files\Windows Mail\wab.exe
c:\program files\Windows Mail\wabmig.exe
c:\program files\Windows Mail\wabfind.dll
c:\windows\system32\schannel.dll
c:\windows\system32\odbc32.dllFoglio1
Pagina 17
c:\program files\Common Files\System\ado\msadox.dll
c:\program files\Common Files\System\ado\msado15.dll
c:\program files\Common Files\System\ado\msadomd.dll
c:\program files\Common Files\System\msadc\msadcs.dll
c:\program files\Common Files\System\msadc\msadco.dll
c:\windows\system32\win32k.sys
c:\windows\system32\cdd.dll
c:\windows\system32\mfps.dll
c:\windows\system32\winspool.drv
c:\windows\system32\printfilterpipelineprxy.dll
c:\windows\system32\drivers\mrxsmb10.sys
c:\windows\system32\drivers\mrxsmb20.sys
c:\windows\system32\drivers\mrxsmb.sys
c:\windows\system32\vbscript.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\ole32.dll
c:\program files\Windows NT\Accessories\wordpad.exe
c:\windows\system32\spoolsv.exe
c:\program files\Internet Explorer\iecompat.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\sdclt.exe
c:\program files\Movie Maker\MOVIEMK.dll
c:\program files\Movie Maker\MOVIEMK.exe
c:\windows\system32\gameux.dll
c:\windows\system32\Apphlpdm.dll
c:\windows\system32\GameUXLegacyGDFs.dll
c:\windows\system32\wmpmde.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\l3codecp.acm
c:\windows\system32\wintrust.dll
c:\program files\Microsoft CAPICOM 2.1.0.2
c:\program files\icons
c:\program files\Common Files\Photoshop
c:\program files\Microsoft Synchronization Services
c:\program files\Microsoft Sync Framework
c:\program files\Microsoft.NET
c:\program files\Microsoft SQL Server Compact Edition
c:\program files\Microsoft Analysis Services
c:\windows\AutoKMS.exe
c:\windows\system32\AdobePDFUI.dll
c:\windows\system32\AdobePDF.dll
c:\program files\Mozilla Sunbird
c:\program files\iPod
c:\program files\iTunes
c:\users\Cinzia\AppData\Roaming\FontCreator
c:\program files\Xenocode
c:\windows\system32\MpSigStub.exe
c:\windows\DIFxAPI.dll
c:\windows\avastSS.scrFoglio1
Pagina 18
c:\windows\system32\aswBoot.exe
c:\windows\system32\drivers\aswSP.sys
c:\windows\system32\drivers\aswTdi.sys
c:\windows\system32\drivers\aswRdr.sys
c:\windows\system32\drivers\aswMonFlt.sys
c:\windows\system32\drivers\aswFsBlk.sysFoglio1
Pagina 19
c:\program files\Common Files\LightScribe\LSRunOnce.exeFoglio1
Pagina 20Foglio1
Pagina 21
 
Di problemi insolubili, ce ne sono.

Potresti copiare ed incollare per bene il log di ComboFix? (hai tagliato/incollato/pasticciato il testo...).
 
Scarica Kaspersky Virus Removal Tool: Kaspersky Virus Removal Tool 2010
● al termine della installazione verrà mostrata la schermata principale del tool
● verrà creata una cartella sul Desktop dal nome Virus Removal Tool
● seleziona la partizione da scansionare e clicca su Scan per avviare la Scansione
● terminata la scansione, in caso di rilevazione di infezioni, clicca su Neutralize all
● si apriranno dei popup dove potrai scegliere se Cancellare o Disinfettare l'oggetto
● metti la spunta su Apply to all e clicca su Quarantine
● per salvare il Report che verrà rilasciato, clicca sul tasto Reports: salvalo sul Desktop poi allegalo sul forum

Poi, un controllino ai Driver/servizi/MBR:

Scarica Kaspersky TDSS Killer: http://support.kaspersky.com/downloads/utils/tdsskiller.exe
● posiziona il file scaricato sul Desktop
● doppio click su TDSSKiller.exe per avviare l'applicazione e successivamente sul pulsante Start Scan

Giunti a questo punto, inizia la scansione del tuo sistema alla ricerca di software malevolo:
● se viene trovato un file infetto, l'azione di default sarà Cure, clicca quindi su Continua
● se viene trovato un file sospetto, l'azione di default sarà Skip, clicca quindi su Continua

Una volta terminata la scansione, si presenterà una di queste due opzioni:
non è necessario il riavvio del sistema: clicca su Report e salva il contenuto in un file di testo
● è necessario riavviare il sistema: clicca su Riavvia ora
● una volta riavviato il sistema, il report del programma da allegare si trova in C:\ in questa forma:
TDSSKiller.[Version]_[Date]_[Time]_log.txt
 
Ciao Fda in entrambi le scansioni non mi ha trovato nulla..devo considerarmi appagato? o devo provare a fare altri controlli? la cpu sembra tornata a livelli normali..se hai altri consigli ti ascolto altrimenti ti ringrazio di cuore per l'aiuto che mi hai dato..sei l'orgoglio del sito :-)
grazie mille
 
Pubblicità
Pubblicità
Indietro
Top