|
|||||||
|
|
|
 |
|
|
Strumenti |
14-05-2012, 22:01
|
#1 |
|
Junior Member
Iscritto dal: May 2012
Messaggi: 9
|
grave problema divx
ho un grandissimo problema: ho scaricato un film da emule, e, come faccio sempre, prima l'ho controllato con avast, e l'ha definito un non-virus.. solo che aprendolo con divx, mi dava schermata grigia, windows player non me lo apriva, e windows media mi dava errore.. allora ho aperto un altro video mio, e mi dice: impossibile trovare il punto di ingresso
??0QCoreApplication@@QAE@abv 0@@Z della procedura nella libreria di collegamento dinamico QtCore4.dll e subito dopo un messaggio di divx: missing divxmain DLL: c:\Program Files(x86)\Divx\divx plus player\divx plus player.dll impossibile trovare la procedura specificata solo che ho controllato, e quel file c'è.. allora, l'ho disinstallato e reinstallat, ma durante entrambi mi è ricomparsa la seconda finestra.. cosi sono andato a cercare su google, ma ho trovato solo dll fixer qualcosa(programma tipo ccleaner...), che scaricandolo mi toglie 15 errori di prova su tutto il sistema(700 errotti) e per il resto mi chiede di comprarlo.. drasgo è online Segnala messaggio Ultima modifica di drasgo : 15-05-2012 alle 17:27. |
|
|
15-05-2012, 22:27
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Ipotizzando che il file sia legale e non coperto da copyright, io provvedderei a cestinarlo, successivamente farei una scansione con HitmanPro 3.6
http://www.surfright.nl/en
__________________
Try again and you will be luckier.
|
|
|
|
16-05-2012, 20:20
|
#3 |
|
Junior Member
Iscritto dal: May 2012
Messaggi: 9
|
appena fatto.. anzii, per l'esattezza l'ho gia fatto tre volte.. ma niente..adesso provo a disinstallare e reinstallare divx, ma credo non sia funzionato.. da sempre lo stesso errore.. altri consigli?
|
|
|
|
17-05-2012, 16:28
|
#5 |
|
Junior Member
Iscritto dal: May 2012
Messaggi: 9
|
appena finito, ma conitnua a dare sempre lo stesso errore... ora posto il log, ma continua sempre a dirmi prima che manca un file dll relativo a qtcore 4, credo, e poi che mi manca una dll di divx che pero effettivamente c'è..
Codice HTML:
ComboFix 12-05-17.05 - Tommaso 17/05/2012 16:04:09.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.8174.6335 [GMT 2:00]
Eseguito da: c:\users\Tommaso\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\extensions-4.0.4498.53\offerbox_air_iexplorer.dll
c:\programdata\FullRemove.exe
c:\users\Tommaso\AppData\Roaming\OfferBox
c:\users\Tommaso\AppData\Roaming\OfferBox\config.xml
c:\users\Tommaso\AppData\Roaming\OfferBox\temp.ico
c:\users\Tommaso\videos\putty.exe
c:\users\Tommaso\videos\tor-browser-2.2.35-7.1_it.exe
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Creati Da 2012-04-17 al 2012-05-17 )))))))))))))))))))))))))))))))))))
.
.
2012-05-17 14:09 . 2012-05-17 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-16 15:42 . 2012-05-16 15:42 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2012-05-16 14:37 . 2012-05-16 14:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-05-16 14:12 . 2012-05-16 17:25 -------- d-----w- c:\program files\HitmanPro
2012-05-16 14:11 . 2012-05-16 14:37 -------- d-----w- c:\programdata\HitmanPro
2012-05-15 17:19 . 2012-05-15 17:19 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6923DDC-BB0C-4C7A-A85B-A80CD1BB2688}\offreg.dll
2012-05-15 14:01 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6923DDC-BB0C-4C7A-A85B-A80CD1BB2688}\mpengine.dll
2012-05-10 22:56 . 2012-05-10 22:56 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-10 22:56 . 2012-05-10 22:56 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-10 22:35 . 2010-02-08 23:40 2151424 ----a-w- c:\windows\system32\qtcore4.dll
2012-05-10 21:59 . 2012-05-10 21:59 250 ----a-w- C:\user.js
2012-05-10 21:59 . 2012-05-10 21:59 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-05-10 21:59 . 2012-05-10 21:59 -------- d-----w- c:\users\Tommaso\AppData\Local\Babylon
2012-05-10 21:59 . 2012-05-10 21:59 -------- d-----w- c:\users\Tommaso\AppData\Roaming\Babylon
2012-05-10 21:59 . 2012-05-10 21:59 -------- d-----w- c:\programdata\Babylon
2012-05-10 21:59 . 2012-05-10 22:24 -------- d-----w- c:\program files (x86)\YourFileDownloader
2012-05-10 21:59 . 2012-05-10 21:59 -------- d-----w- c:\users\Tommaso\AppData\Roaming\YourFileDownloader
2012-05-10 21:52 . 2012-05-10 21:52 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-05-10 21:26 . 2012-05-10 21:26 -------- d-----w- c:\users\Tommaso\AppData\Local\Innovative Solutions
2012-05-10 20:09 . 2012-03-22 11:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2012-05-10 19:27 . 2012-05-10 19:55 -------- d-----w- c:\program files (x86)\Inno Setup 5
2012-05-10 14:11 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 14:11 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 14:11 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 14:11 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 14:11 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 14:11 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 14:10 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 14:10 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 14:10 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 14:10 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 14:10 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 14:10 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 14:10 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 13:54 . 2012-05-09 13:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-09 13:54 . 2012-05-09 13:54 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 13:54 . 2012-05-09 13:54 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 15:28 . 2012-05-02 15:28 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-05-02 15:28 . 2012-05-02 15:28 -------- d-----w- c:\program files (x86)\Application Updater
2012-05-02 15:28 . 2012-05-02 15:28 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-05-01 14:51 . 2012-05-01 14:51 -------- d-----w- c:\users\Tommaso\AppData\Local\Western Digital
2012-04-24 15:01 . 2012-04-24 15:01 -------- d-----w- c:\program files (x86)\Devious Codeworks
2012-04-20 16:38 . 2012-04-20 16:39 -------- d-----w- c:\users\Tommaso\AppData\Roaming\Media Finder
2012-04-19 18:17 . 2012-04-19 18:17 -------- d-----w- C:\Python31
2012-04-19 18:08 . 2012-04-19 18:08 -------- d-----w- c:\users\Tommaso\.idlerc
2012-04-19 16:00 . 2012-04-19 16:00 -------- d-----w- c:\program files\DIFX
2012-04-19 15:59 . 2012-04-19 15:59 -------- d-----w- c:\program files\WDCSAM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 16:42 . 2012-04-06 17:05 2542848 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-05-09 13:59 . 2012-04-03 17:52 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-09 13:59 . 2011-10-15 20:18 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 16:00 . 2012-04-03 18:00 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 19:30 . 2012-04-12 19:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-04-12 19:30 . 2012-04-12 19:30 375632 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-09 18:39 . 2011-10-15 20:18 113664 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1040\ResourceCache.dll
2012-03-06 23:15 . 2011-10-25 18:59 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-25 18:59 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-10-25 19:00 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2011-10-25 19:00 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2011-10-25 19:00 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-25 10:35 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-10-25 19:00 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-25 19:00 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-10-25 19:00 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-01 06:46 . 2012-04-10 18:08 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-10 18:08 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-10 18:08 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-10 18:08 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-10 18:08 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-10 18:08 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-10 18:08 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-10 18:10 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-10 18:10 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-10 18:10 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-10 18:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-10 18:10 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-10 18:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-10 18:10 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-10 18:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
2012-02-14 01:43 75000 ----a-w- c:\program files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="d:\ioscare\Advanced SystemCare 5\ASCTray.exe" [2011-12-09 619352]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-17 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-17 201584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-23 983904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Tommaso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Ritaglio schermata e avvio di OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk - c:\program files (x86)\Privoxy\privoxy.exe [2011-12-27 359936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-01-30 103992]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
R2 gupdate;Servizio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 257696]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 136176]
R3 HitmanPro36Crusader;HitmanPro 3.6 Crusader;c:\users\Tommaso\Downloads\HitmanPro36_x64.exe [2012-05-16 8298672]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-09 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WSDPrintDevice;Supporto stampa WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\ioscare\Advanced SystemCare 5\ASCService.exe [2011-12-09 494424]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-04-23 785304]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-05-16 107848]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 metasploitApache;metasploitApache;d:\metasp~1\apache2\bin\httpd.exe [2011-07-30 24645]
S2 metasploitPostgreSQL;metasploitPostgreSQL;D:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL -D D:/METASP~1/POSTGR~1/data [x]
S2 metasploitProSvc;Metasploit Pro Service;d:\metasp~1\ruby\bin\rubyw.exe [2011-07-30 436267]
S2 metasploitThin;Metasploit Thin Service;d:\metasp~1\ruby\bin\rubyw.exe [2011-07-30 436267]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-23 378472]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - HITMANPRO35
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:59]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 17:06]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-16 17:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]
"combofix"="c:\combofix\CF13698.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?affID=112555&tt=100512_1_&babsrc=HP_ss&mntrId=860054040000000000000015834a3d34
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Tommaso\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: I&nvia a OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tommaso\AppData\Roaming\Mozilla\Firefox\Profiles\u1ybs0m7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8118
FF - prefs.js: network.proxy.socks - forward-socks4a
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 7f8484e9-00df-4125-a458-bcf38b963be1
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=100512_1_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 860054040000000000000015834a3d34
FF - user.js: extensions.BabylonToolbar_i.hardId - 860054040000000000000015834a3d34
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15470
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-YourApplicationName - c:\program files (x86)\pressione tasti\pressione tasti.exe\YourApplicationName.exe
BHO-{703740c1-0f1a-4cec-a4df-d78db0158477} - c:\program files\OfferBox\extensions-4.0.4498.53\offerbox_air_iexplorer.dll
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]
"ImagePath"="D:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"D:/METASP~1/POSTGR~1/data\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]
"ImagePath"="D:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"D:/METASP~1/POSTGR~1/data\""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\05\1c\15\1d+E"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\FileZilla Server\FileZilla Server.exe
d:\metasp~1\POSTGR~1\bin\pg_ctl.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
d:\metasp~1\POSTGR~1\bin\postgres.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Ora fine scansione: 2012-05-17 16:18:32 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-05-17 14:18
.
Pre-Run: 329.543.348.224 byte disponibili
Post-Run: 329.873.084.416 byte disponibili
.
- - End Of File - - EB409FF0133CCF97757CD23B287C6DA4
|
|
|
|
18-05-2012, 15:41
|
#6 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
__________________
Try again and you will be luckier.
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 16:23.
