View Full Version : sono infestato
checco848484
04-11-2010, 10:41
salve raga siccome hoproblemi al pc in fase di spegnimento che dopo la scritta arresto in corso mi da sempre lo schermo nero (monitor spento?) ma il pc resta acceso e inoltre problemi al pannello di controllo (vedi Esplora risorse ha smesso di funzionare) :
Firma del problema
Nome evento problema: APPCRASH
Nome applicazione: Explorer.EXE
Versione applicazione: 6.0.6001.18164
Timestamp applicazione: 4907e242
Nome modulo con errori: ntdll.dll
Versione modulo con errori: 6.0.6001.18000
Timestamp modulo con errori: 4791a7a6
Codice eccezione: c00000fd
Offset eccezione: 0005a192
Versione SO: 6.0.6001.2.1.0.256.1
ID impostazioni locali: 1040
Informazioni aggiuntive 1: 2df8
Ulteriori informazioni 2: d4b57728710839d8ecb2d09b24e4de78
Ulteriori informazioni 3: 8cbf
Ulteriori informazioni 4: 10b23780e1e32bdf122bf5242a6dacd3
dopo opportune analisi sotto consiglio di Eress (nella sezione Windows 7 e Vista) vengo qui a disinfestarmi postando dapprima il log di hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.34.05, on 04/11/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Francesco\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AutoKMS] C:\Windows\AutoKMS.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.11 85.38.28.69
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 4884 bytes
ringrazio chiunque mi aiuterà!!!!!!!
Chill-Out
04-11-2010, 11:05
Dal log non emerge nulla, mi domando il perchè il SO non è aggiornato al SP2.
checco848484
04-11-2010, 11:20
allora perchè eres mi ha detto vai nella sezione adatta che hai il pc infestato???
vabbe cmq tu mi consigli di passare al sp2! ma pensi che dopo l upgrade i problemi si risolvono?
o me lo consigli a priori?
Chill-Out
04-11-2010, 11:29
allora perchè eres mi ha detto vai nella sezione adatta che hai il pc infestato???
vabbe cmq tu mi consigli di passare al sp2! ma pensi che dopo l upgrade i problemi si risolvono?
o me lo consigli a priori?
Assolutamente indispensabile, sia dal punto di vista della sicurezza che della stabilità del sistema.
checco848484
04-11-2010, 13:21
ciao chill ho appena terminato linstallazione del sp2, ed ho subito tentato di aprire il pannello di controllo ma niente mi da sempre lo stesso errore di esplora risorse non so piu che fare!! ??!!
ho provato anke come ho letto da qualke parte a riavviare con msconfig prima eliminando i programmi in avvio automatico poi togliendo anke tutto il resto di microsoft (avvio base) ma nada .....
inoltre ho notato che in gestione dispositivi c'è una voce che nn avevo mai visto fino ad ora:
in schede di rete mi trovo un punto esclamativo giallo affianco a un icona chiamata " Microsoft Isatap adapter#6 " !!!!
Chill-Out
04-11-2010, 21:06
ciao chill ho appena terminato linstallazione del sp2, ed ho subito tentato di aprire il pannello di controllo ma niente mi da sempre lo stesso errore di esplora risorse non so piu che fare!! ??!!
ho provato anke come ho letto da qualke parte a riavviare con msconfig prima eliminando i programmi in avvio automatico poi togliendo anke tutto il resto di microsoft (avvio base) ma nada .....
inoltre ho notato che in gestione dispositivi c'è una voce che nn avevo mai visto fino ad ora:
in schede di rete mi trovo un punto esclamativo giallo affianco a un icona chiamata " Microsoft Isatap adapter#6 " !!!!
Fai girare Combofix esattamente come qui indicato http://www.hwupgrade.it/forum/showthread.php?t=1984665
checco848484
05-11-2010, 15:18
chill eccoti il report di combofix come mi hai chiesto di fare :
ComboFix 10-11-04.06 - Francesco 05/11/2010 16.03.39.2.1 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.39.1040.18.1535.911 [GMT 1:00]
Eseguito da: c:\users\Francesco\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Creati Da 2010-10-05 al 2010-11-05 )))))))))))))))))))))))))))))))))))
.
2010-11-05 15:12 . 2010-11-05 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-04 12:55 . 2010-11-04 12:56 -------- d-----w- c:\windows\system32\ca-ES
2010-11-04 12:55 . 2010-11-04 12:56 -------- d-----w- c:\windows\system32\eu-ES
2010-11-04 12:55 . 2010-11-04 12:56 -------- d-----w- c:\windows\system32\vi-VN
2010-11-04 12:50 . 2010-11-04 12:50 -------- d-----w- c:\windows\system32\SPReview
2010-11-04 12:26 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-11-04 12:26 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-11-04 12:18 . 2009-04-10 22:28 723968 ----a-w- c:\windows\system32\powercpl.dll
2010-11-04 12:17 . 2009-04-10 22:28 75264 ----a-w- c:\windows\system32\adsmsext.dll
2010-11-04 12:16 . 2009-04-10 22:28 35840 ----a-w- c:\windows\system32\wbem\KrnlProv.dll
2010-11-04 12:15 . 2009-04-10 22:28 663552 ----a-w- c:\program files\Common Files\System\Ole DB\sqloledb.dll
2010-11-04 12:11 . 2010-11-04 12:11 -------- d-----w- c:\windows\system32\EventProviders
2010-11-03 17:23 . 2010-11-03 17:24 -------- d-----w- c:\program files\PhotoScape
2010-11-03 10:05 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-03 10:05 . 2010-11-03 11:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\programdata\Malwarebytes
2010-11-03 10:05 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-02 11:10 . 2010-11-02 11:11 -------- d-----w- c:\program files\CCleaner
2010-11-01 19:42 . 2010-11-01 19:42 -------- d-----w- c:\programdata\eMule
2010-11-01 10:49 . 2010-11-01 10:49 77004 ----a-w- c:\windows\system32\drivers\AFS.SYS
2010-11-01 10:40 . 2010-11-01 10:40 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-11-01 10:38 . 2010-11-01 10:49 -------- d-----w- c:\program files\Hewlett-Packard
2010-10-26 13:35 . 2010-10-26 13:35 -------- d-----w- c:\program files\Common Files\Java
2010-10-26 09:41 . 2010-09-15 02:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-26 09:41 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-26 09:40 . 2010-10-26 13:35 -------- d-----w- c:\program files\Java
2010-10-19 10:23 . 2010-10-19 10:23 -------- d-----w- c:\programdata\ATI
2010-10-19 10:19 . 2010-10-19 10:19 0 ----a-w- c:\windows\ativpsrm.bin
2010-10-19 10:17 . 2010-10-19 10:22 -------- d-----w- c:\program files\ATI Technologies
2010-10-19 10:16 . 2010-10-19 10:16 -------- d-----w- c:\program files\ATI
2010-10-19 10:15 . 2010-10-19 10:15 -------- d-----w- C:\ATI
2010-10-19 09:46 . 2010-10-19 09:46 -------- d-----w- c:\program files\Realtek
2010-10-19 09:46 . 2008-10-29 14:29 43520 ----a-w- c:\windows\system32\drivers\Rtnicxp.sys
2010-10-19 09:46 . 2008-07-21 11:08 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-10-19 09:43 . 2009-04-14 13:43 10975264 ----a-w- c:\windows\system32\RTLCPL.EXE
2010-10-19 09:43 . 2009-04-14 13:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
2010-10-19 09:43 . 2009-04-14 13:43 19036704 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-10-19 09:43 . 2009-04-14 13:43 154144 ----a-w- c:\windows\system32\RTLCPAPI.dll
2010-10-19 09:43 . 2009-04-14 13:43 965664 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-19 09:43 . 2009-04-14 13:43 141856 ----a-w- c:\windows\system32\RtkCfg.dll
2010-10-19 09:43 . 2009-04-14 13:43 2510368 ----a-w- c:\windows\system32\RtkAPO.dll
2010-10-19 09:42 . 2010-10-19 10:14 319488 ----a-w- c:\windows\HideWin.exe
2010-10-19 09:34 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2010-10-19 09:34 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2010-10-19 09:34 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2010-10-19 09:34 . 2004-03-08 22:00 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2010-10-19 09:34 . 2004-03-08 22:00 132880 ----a-w- c:\windows\system32\Msinet.ocx
2010-10-19 09:34 . 2004-03-08 22:00 152848 ----a-w- c:\windows\system32\Comdlg32.ocx
2010-10-19 09:34 . 2010-10-19 09:39 -------- d-----w- c:\program files\Driver Magician
2010-10-19 09:21 . 2010-11-02 12:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-10-19 09:17 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-19 09:17 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-19 09:17 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-19 09:17 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-19 09:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-19 09:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-19 09:16 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-19 09:16 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-19 09:16 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-19 09:16 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 09:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-19 08:52 . 2010-10-19 08:52 -------- d-----w- c:\programdata\Messenger Plus!
2010-10-18 22:23 . 2010-10-18 22:23 -------- d-----w- c:\programdata\Uniblue
2010-10-18 22:07 . 2010-10-18 22:07 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-10-18 18:02 . 2010-10-31 17:06 -------- d-----w- c:\program files\Messenger Plus! Live
2010-10-18 17:52 . 2010-10-18 17:52 -------- d-----w- c:\program files\Conduit
2010-10-18 17:51 . 2010-10-18 17:51 -------- d-----w- c:\program files\Microsoft
2010-10-18 17:51 . 2010-10-18 17:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-10-18 17:50 . 2010-10-18 17:51 -------- d-----w- c:\program files\Windows Live
2010-10-18 17:47 . 2010-10-18 17:47 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-18 15:56 . 2008-01-18 21:34 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2010-10-10 19:53 . 2010-10-10 20:01 -------- d-----w- c:\program files\Veoh Networks
2010-10-10 19:26 . 2009-07-14 17:45 132224 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2010-10-10 19:26 . 2009-07-14 17:48 64512 ----a-w- c:\windows\system32\WUDFSvc.dll
2010-10-10 19:26 . 2009-07-14 17:48 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2010-10-10 19:26 . 2009-07-14 17:45 92672 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2010-10-10 19:26 . 2009-07-14 17:48 567808 ----a-w- c:\windows\system32\WUDFx.dll
2010-10-10 19:26 . 2009-07-14 17:48 162304 ----a-w- c:\windows\system32\WUDFPlatform.dll
2010-10-10 19:26 . 2009-07-14 17:45 195584 ----a-w- c:\windows\system32\WUDFHost.exe
2010-10-10 19:03 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2010-10-10 19:03 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2010-10-10 18:59 . 2010-10-10 19:24 -------- d-----w- c:\programdata\PC Suite
2010-10-10 18:55 . 2010-10-10 18:55 -------- d-----w- c:\program files\Common Files\PCSuite
2010-10-10 18:55 . 2010-10-10 18:55 -------- d-----w- c:\program files\Common Files\Nokia
2010-10-10 18:55 . 2010-10-10 18:57 -------- d-----w- c:\program files\DIFX
2010-10-10 18:55 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-10-10 18:54 . 2010-10-10 18:55 -------- dc----w- c:\windows\system32\DRVSTORE
2010-10-10 18:54 . 2010-10-10 18:54 -------- d-----w- c:\program files\PC Connectivity Solution
2010-10-10 18:50 . 2010-10-10 18:55 -------- d-----w- c:\program files\Nokia
2010-10-10 18:49 . 2010-10-10 18:49 -------- d-----w- c:\programdata\Installations
2010-10-10 18:23 . 2010-10-10 18:23 -------- d-----w- c:\program files\Tunatic
2010-10-10 18:14 . 2010-10-10 18:14 -------- d-----w- c:\program files\VS Revo Group
2010-10-09 16:36 . 2010-10-09 16:36 -------- d-----w- c:\program files\MSXML 4.0
2010-10-09 15:17 . 2010-10-09 15:18 -------- d-----w- c:\program files\Safari
2010-10-09 15:17 . 2010-10-09 15:17 -------- d-----w- c:\programdata\Apple Computer
2010-10-09 15:15 . 2010-10-09 15:15 -------- d-----w- c:\program files\Common Files\Apple
2010-10-09 15:15 . 2010-10-09 15:15 -------- d-----w- c:\program files\Apple Software Update
2010-10-09 15:15 . 2010-10-09 15:15 -------- d-----w- c:\programdata\Apple
2010-10-08 11:58 . 2010-10-08 11:58 -------- d-----w- c:\program files\BitLocker
2010-10-08 11:51 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-10-08 11:49 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-10-08 11:47 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-10-08 11:43 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-08 11:42 . 2008-09-12 04:46 2048 ----a-w- c:\program files\Microsoft Games\Tinker\SparkResource.dll
2010-10-08 11:42 . 2008-09-12 04:46 1307136 ----a-w- c:\program files\Microsoft Games\Tinker\Tinker.exe
2010-10-08 11:42 . 2008-09-12 04:46 333312 ----a-w- c:\program files\Microsoft Games\Tinker\SparkGDF.dll
2010-10-08 11:41 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll
2010-10-08 11:40 . 2007-02-21 19:46 1496912 ----a-w- c:\program files\Microsoft Games\HoldEm\HoldEm.exe
2010-10-08 11:23 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-10-08 11:23 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-10-08 11:21 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-08 11:21 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-08 11:21 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-08 11:21 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-10-08 11:18 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-08 11:09 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-10-08 11:09 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-08 10:44 . 2010-10-08 11:24 -------- d-----w- c:\program files\Nero
2010-10-08 10:43 . 2010-10-08 14:06 -------- d-----w- c:\programdata\Nero
2010-10-08 10:43 . 2010-10-08 13:48 -------- d-----w- c:\program files\Common Files\Nero
2010-10-08 10:33 . 2010-10-08 10:33 615936 ----a-w- c:\windows\AutoKMS.exe
2010-10-08 10:21 . 2010-10-08 10:21 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-08 10:20 . 2010-10-08 10:20 -------- d-----w- c:\windows\PCHEALTH
2010-10-08 10:20 . 2010-10-08 10:20 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-08 10:20 . 2010-10-08 10:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-03 09:38 . 2001-12-31 22:12 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-03 09:38 . 2001-12-31 22:12 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-06 17:59 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-06 17:59 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-08-17 14:11 . 2001-12-31 22:29 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"AutoKMS"="c:\windows\AutoKMS.exe" [2010-10-08 615936]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceRV_McciTrayApp]
2007-01-23 15:43 1001472 ----a-w- c:\program files\Alice ti aiuta\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-06 17:01 136176 ----atw- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:11 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 21:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2012210036-3782486033-4258856275-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contenuto della cartella 'Scheduled Tasks'
2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012210036-3782486033-4258856275-1000Core.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 17:01]
2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2012210036-3782486033-4258856275-1000UA.job
- c:\users\Francesco\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-06 17:01]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ljyfmkih.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\ljyfmkih.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Francesco\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-05 16:12
Windows 6.0.6002 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-11-05 16:16:17
ComboFix-quarantined-files.txt 2010-11-05 15:16
ComboFix2.txt 2010-11-05 14:58
Pre-Run: 19.316.191.232 byte disponibili
Post-Run: 19.294.420.992 byte disponibili
- - End Of File - - C4A271211437EB32FFE588FA10F022C1
Chill-Out
05-11-2010, 15:52
Allegalo in formato testo .txt su uno dei Server remoti indicati nelle Regole di sezione in firma, thx.
checco848484
06-11-2010, 16:00
eccoti il link al report come da te chiesto :
http://www.filedropper.com/1_490
Chill-Out
06-11-2010, 23:33
eccoti il link al report come da te chiesto :
http://www.filedropper.com/1_490
Dimmi se riscontri ancora il problema, comunque non si tratta di una infezione come era stato ipotizzato.
checco848484
07-11-2010, 11:07
sono gia contento che nn si tratti di infezione !!!
però tutt'ora purtroppo il problema sussiste .... !!!!!
se hai altri suggerimenti sono "tutt'orecchi"
ciaoooo
FulValBot
07-11-2010, 12:20
hai dei codec di terze parti?
checco848484
07-11-2010, 18:16
no poiche il pc l ho formattato da pokissimo (1 mese) e sto tentando di tenerlo il piu pulito possibile !
Chill-Out
07-11-2010, 19:43
sono gia contento che nn si tratti di infezione !!!
però tutt'ora purtroppo il problema sussiste .... !!!!!
se hai altri suggerimenti sono "tutt'orecchi"
ciaoooo
Ti suggerisco la discussione aperta in Sezione Microsoft Windows 7 e Vista
http://www.hwupgrade.it/forum/showthread.php?t=2271960
checco848484
08-11-2010, 10:34
ahahah ... chill ti ringrazio per il suggerimento al topic "pannello di controllo nn si apre" , purtroppo però ti devo dire che quel topic l ho aperto io e l utente Eres mi ha poi indirizzato da te dicendomi che avevo il pc infestato (come puoi leggere nell ultimo intervento di questa discussione appunto).
quindi nn se ne viene a capo ....
Chill-Out
08-11-2010, 11:04
ahahah ... chill ti ringrazio per il suggerimento al topic "pannello di controllo nn si apre" , purtroppo però ti devo dire che quel topic l ho aperto io e l utente Eres mi ha poi indirizzato da te dicendomi che avevo il pc infestato (come puoi leggere nell ultimo intervento di questa discussione appunto).
quindi nn se ne viene a capo ....
Questa Sezione è dedicata solo ed esclusivamente alla rimozione di eventuali infezioni, non essendo un problema legato ad un ipotetico virus, prosegui nel 3D indicato. Non tutti i problemi sono riconducibili ad un malware.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.