|
|||||||
|
|
|
 |
|
|
Strumenti |
27-02-2012, 14:08
|
#1 |
|
Senior Member
Iscritto dal: Mar 2000
Messaggi: 883
|
explore.exe errore applicazione...grazie
se può aiutare ho scoperto che nel registro di sistema non c'è il file explorer.exe in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options per cui temo sia stato corrotto ...
problema: ogni volta apro un .exe o una cartella compare messaggio explorer.exe errore applicazione,l'istruzione a "0x868fec14"ha fatto riferimento alla memoriqa "0x868fec14",la memoria non poteva essere letta.ok x terminare ,annulla x debug. Se non do ok non mi apre più nulla...dopo un pò riappare sempre - eseguito ieri hjack this dopo ccleaner,malwarabytes e virit fix explorer lite come suggeritomi,nonchè combofix .il PC dovrebbe essere ora pulito. -eseguito ripristino sistema nulla....qualche giorno fa ho eliminato le voci lowerfilters dal registro per far vedere al pc un masterizzatore esterno che non vedeva....forse qui il problema? Sono poi riuscito a far vedere l'unità dvd di nuovo a roxio che non la rilevava usando una patch. allego i file e grazie Codice:
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/02/2012 - 10:06:14
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
[D:]
MASTER BOOT RECORD (\\.\PhysicalDrive0): OK
BOOT SECTOR: OK
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVI Info.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIAddXSubs.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\AVIBitrate.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Documenti_D\tariffe\multimedia lettori\AVIAddXSub\SUBRenamer.exe Infetto da Backdoor.Win32.Bancodor.BW
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multi m\utilities\utilitiesdasalvare\Copia di Crackdiskeeper\diskeeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multi m\utilities\utilitiesdasalvare\Crackdiskeeper\disk eeper7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
D:\Dati\en16867\Trainers\Documenti_D\tariffe\multi m\utilities\UTILITIESWINXP\Crackdiskeeper\diskeepe r7\Crack_Diskeeper7.exe Infetto da Win32.Kriz.4029
[E:]
[F:]
[V:]
[Z:]
Chiavi Registro infette: 0.
Files Infetti: 7.
Files Sospetti: 0.
Files Analizzati: 146984.
Files Totali: 146984.
Codice:
ComboFix 12-02-25.02 - EN16867 26/02/2012 17.58.01.4.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.2998.2633 [GMT 1:00]
Eseguito da: c:\documents and settings\en16867\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\documents and settings\en16867\Application Data\Help\coredb\storage
c:\documents and settings\NetworkService\Application Data\Remote
c:\documents and settings\NetworkService\Application Data\Remote\al_shrd
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-26 al 2012-02-26 )))))))))))))))))))))))))))))))))))
.
.
2012-02-26 09:36 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4513CF7-96DB-48C2-8721-787F722620A9}\mpengine.dll
2012-02-25 22:04 . 2012-02-25 22:08 247296 ----a-w- c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
2012-02-25 22:04 . 2012-02-25 22:04 -------- d-----w- c:\documents and settings\en16867\Application Data\TeamViewer
2012-02-24 16:31 . 2012-02-24 16:31 -------- d-----w- c:\documents and settings\en16867\Application Data\ElevatedDiagnostics
2012-02-16 17:03 . 2012-02-16 17:15 -------- d-----w- c:\documents and settings\en16867\Application Data\Kiuka
2012-02-16 17:03 . 2012-02-16 17:04 -------- d-----w- c:\documents and settings\en16867\Application Data\Ciud
2012-02-13 20:43 . 2012-02-13 20:43 -------- d-----w- c:\documents and settings\en16867\Application Data\Apple
2012-02-12 21:29 . 2012-02-12 21:29 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
2012-02-04 14:24 . 2012-02-04 16:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Baubupe
2012-02-04 14:24 . 2012-02-04 14:29 -------- d-----w- c:\documents and settings\en16867\Application Data\Xeisgy
2012-02-03 19:59 . 2012-02-03 19:59 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Identities
2012-02-03 19:59 . 2012-02-05 02:51 -------- d-----w- c:\documents and settings\en16867\Application Data\Ofcyx
2012-02-03 19:59 . 2012-02-04 14:30 -------- d-----w- c:\documents and settings\en16867\Application Data\Esdizu
2012-01-30 10:28 . 2012-01-30 10:28 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-02-08 06:03 . 2011-12-09 08:00 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-30 12:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 08:18 . 2011-06-06 11:14 5343997 ----a-w- c:\windows\FramePkg.exe
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe
2011-12-10 14:24 . 2012-01-02 16:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:09 . 2011-12-07 08:09 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-07 08:09 . 2011-12-07 08:09 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-11-30 07:59 . 2011-06-16 07:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-14_15.38.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 16:27 . 2007-11-01 04:48 20992 c:\windows\system32\windowspowershell\v1.0\pwrshsi p.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 30208 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\9855d3fb15e6c63a811b1f0b66d78428 \Microsoft.PowerShell.Commands.Utility.resources.n i.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 17408 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\7618f444d33b1311e952ba9285e4a4b2 \Microsoft.PowerShell.Security.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 19456 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\1b23e2c0707d81e7eb14f78552562635 \Microsoft.PowerShell.Commands.Management.resource s.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 35328 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\05bbffbe100ede49139819641a41dfda \Microsoft.PowerShell.ConsoleHost.resources.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 65536 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Security\1.0.0.0__31bf3856ad364e35\Microsoft.Power Shell.Security.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 36864 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. ConsoleHost.resources\1.0.0.0_en_31bf3856ad364e35\ Microsoft.PowerShell.ConsoleHost.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 32768 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Commands.Utility.resources\1.0.0.0_en_31bf3856ad36 4e35\Microsoft.PowerShell.Commands.Utility.resourc es.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 11264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Commands.Management.resources\1.0.0.0_en_31bf3856a d364e35\Microsoft.PowerShell.Commands.Management.r esources.dll
+ 2012-02-24 16:27 . 2007-06-30 18:49 4608 c:\windows\system32\windowspowershell\v1.0\pwrshms g.dll
+ 2012-02-24 16:38 . 2012-02-14 13:43 9610 c:\windows\pchealth\helpctr\Config\Cache\Professio nal_32_1040.dat
+ 2012-02-24 16:28 . 2012-02-24 16:28 8704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Security.resources\1.0.0.0_en_31bf3856ad364e35\Mic rosoft.PowerShell.Security.resources.dll
+ 2012-02-24 16:27 . 2007-10-30 09:15 330240 c:\windows\system32\windowspowershell\v1.0\powersh ell.exe
+ 2012-02-24 17:43 . 2012-02-24 17:43 160256 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management.A#\5d6a0e02b8e1cff94d07d2507667edc7 \System.Management.Automation.resources.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 433664 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\d29ea7e7bbc981d8e9d4df4419707b4f \Microsoft.PowerShell.Commands.Management.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 968192 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\b0c56fa3e83bbf43637c8e19632ac3a9 \Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 148480 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\8b107a8a8ac94ba2206c35e685c265b9 \Microsoft.PowerShell.Security.ni.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 492032 c:\windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.PowerShel#\612ab580b36369611744dcf73bd4b9c4 \Microsoft.PowerShell.ConsoleHost.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 163840 c:\windows\assembly\GAC_MSIL\System.Management.Aut omation.resources\1.0.0.0_en_31bf3856ad364e35\Syst em.Management.Automation.resources.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 200704 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. ConsoleHost\1.0.0.0__31bf3856ad364e35\Microsoft.Po werShell.ConsoleHost.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 294912 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Commands.Utility\1.0.0.0__31bf3856ad364e35\Microso ft.PowerShell.Commands.Utility.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 139264 c:\windows\assembly\GAC_MSIL\Microsoft.PowerShell. Commands.Management\1.0.0.0__31bf3856ad364e35\Micr osoft.PowerShell.Commands.Management.dll
+ 2012-02-24 17:43 . 2012-02-24 17:43 4949504 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management.A#\ab8103058e876daf2f11027bdc15e0f6 \System.Management.Automation.ni.dll
+ 2012-02-24 16:28 . 2012-02-24 16:28 1564672 c:\windows\assembly\GAC_MSIL\System.Management.Aut omation\1.0.0.0__31bf3856ad364e35\System.Managemen t.Automation.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LicenseValidator"="c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe" [2012-02-25 247296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-04-26 737280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Flashget"="d:\dati\en16867\flashgetnew\flashget.e xe" [2007-09-25 2007088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"NVHotkey"="nvHotkey.dll" [2010-02-19 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2009-12-11 5114208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-7-15 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\win dows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\0]
"Script"=Logout.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\1]
"Script"=LogoutNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\0\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\0]
"Script"=cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\1]
"Script"=ChangeOutlookSecureTempFolder.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\2\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\3\0]
"Script"=OCSBulderMulti1.2.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\4\0]
"Script"=SetUserInfoOfficeXP.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\5\0]
"Script"=Main.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\6\0]
"Script"=RDTFolderSecurity.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"KiesPDLR"=d:\samsung\Kies\External\FirmwareUpdate \KiesPDLR.exe
"DAEMON Tools Lite"="d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"nwiz"=nwiz.exe /installquiet
"Flashget"=d:\dati\en16867\flashgetnew\flashget.ex e /min
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KiesHelper"=d:\samsung\Kies\KiesHelper.exe /s
"KiesTrayAgent"=d:\samsung\Kies\KiesTrayAgent. exe
"CloneCDTray"="d:\dati\en16867\clone CD\CloneCD\CloneCDTray.exe" /s
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" /fromrunkey
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"Apoint"=c:\program files\DellTPad\Apoint.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 8.0"="d:\appl\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"d:\\Dati\\en16867\\flashgetnew\\flashget.exe" =
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\ \Xbox 360 utilities\\Modio\\Modio.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Jubler.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\ \utorrent.exe"=
"d:\\Dati\\en16867\\utorrent\\uTorrent.exe"=
"d:\\Dati\\en16867\\RapidShareManager\\RapidShareM anager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\ \ComboFix.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn. sys [14/07/2010 11.59.30 17072]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risd pe86.sys [14/07/2010 11.44.02 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [14/07/2010 11.59.30 42672]
R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\drivers\d554bus.sys [01/10/2010 4.24.16 98560]
R3 d554nd5;Dell Wireless 5540 HSPA Mini-Card Network Adapter (NDIS);c:\windows\system32\drivers\d554nd5.sys [01/10/2010 4.24.24 25216]
R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\drivers\d554unic.sys [01/10/2010 4.24.22 130560]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/07/2010 10.57.28 167080]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2011 11.10.54 721904]
S1 qeilvwmj;qeilvwmj;\??\c:\windows\system32\drivers\ qeilvwmj.sys --> c:\windows\system32\drivers\qeilvwmj.sys [?]
S2 CDMA Device Service;CDMA Device Service;d:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [25/09/2011 22.56.30 63488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 16.35.20 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 16.35.22 20840]
S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [15/07/2010 15.41.39 22776]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [14/01/2010 6.30.16 330488]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\dati\en16867\tuneup2011\TuneUpUtilities Service32.exe [14/12/2010 13.41.10 1517376]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [14/07/2010 11.37.42 113664]
S3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [10/02/2009 10.04.47 12840]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [12/07/2010 11.51.23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/07/2010 11.51.24 143968]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/02/2009 10.04.13 32808]
S3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [01/10/2010 4.24.24 82984]
S3 d554mdfl;Dell Wireless 5540 HSPA Mini-Card Data Modem Filter;c:\windows\system32\drivers\d554mdfl.sys [01/10/2010 4.24.19 14976]
S3 d554mdm;Dell Wireless 5540 HSPA Mini-Card Data Modem Driver;c:\windows\system32\drivers\d554mdm.sys [01/10/2010 4.24.19 123904]
S3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\drivers\d554mgmt.sys [01/10/2010 4.24.22 117888]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [01/10/2010 4.24.22 47744]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25/09/2011 22.56.24 77624]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13/01/2009 11.10.57 244368]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [12/07/2010 10.57.27 132480]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [01/10/2010 4.49.45 235520]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/02/2009 9.58.46 110080]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/07/2010 10.57.22 58600]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25/09/2011 22.56.25 181432]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\dati\en16 867\tuneup2011\TuneUpUtilitiesDriver32.sys [29/11/2010 18.27.40 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 17.28.42 406808]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 15.00.26 451872]
S4 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallF ilterService.exe [14/07/2010 11.59.30 60928]
S4 WMCoreService;Mobile Broadband Service;c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode --> c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2008-04-14 03:41 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2012-02-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://myeni.eni.it
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://legalarchives.eni.it
uInternet Settings,ProxyOverride = local
IE: &Scarica con FlashGet - d:\dati\en16867\flashgetnew\jc_link.htm
IE: &Scarica tutto con FlashGet - d:\dati\en16867\flashgetnew\jc_all.htm
IE: Aggiungi a PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Invia a Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Salva oggetto con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\en16867\Application Data\Mozilla\Firefox\Profiles\lbd2c61s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,fa lse);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-26 18:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
Ora fine scansione: 2012-02-26 18:03:30
ComboFix-quarantined-files.txt 2012-02-26 17:03
ComboFix2.txt 2012-02-14 15:41
ComboFix3.txt 2012-01-14 14:09
ComboFix4.txt 2011-12-24 06:44
.
Pre-Run: 13.713.240.064 bytes free
Post-Run: 13.700.128.768 bytes free
.
- - End Of File - - D74AA66B20168B86F5D5F2E2B9DFA2B4
Codice:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.31.20, on 27/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
C:\WINDOWS\system32\svchost.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService3 2.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.ex e
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Dati\en16867\tuneup2011\TuneUpUtilitiesApp32.ex e
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\DATI\en16867\flashgetnew\flashget.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
D:\Dati\en16867\mozilla 9.0\firefox.exe
D:\Dati\en16867\mozilla 9.0\plugin-container.exe
C:\WINDOWS\explorer.exe
D:\hicjackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myeni.eni.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail.fr, Messenger, Actualité, Sport, People, Femmes - MSN France
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://legalarchives.eni.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\DATI\en16867\flashgetnew\jccatch.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Flashget] D:\DATI\en16867\flashgetnew\flashget.exe /min
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU\..\Run: [LicenseValidator] C:\Documents and Settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Scarica con FlashGet - D:\DATI\en16867\flashgetnew\jc_link.htm
O8 - Extra context menu item: &Scarica tutto con FlashGet - D:\DATI\en16867\flashgetnew\jc_all.htm
O8 - Extra context menu item: Aggiungi a PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://D:\Appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Invia a Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Salva oggetto con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - D:\DATI\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\Software\..\Telephony: DomainName = eni.pri
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = eni.pri
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = eni.pri
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CDMA Device Service - Unknown owner - D:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Servizio McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Qualcomm Gobi 2000 Download Service (Dell) (QDLService2kDell) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - d:\dell latitude e6410\drivers\audio\r255264\payload\wdm\stacsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Dati\en16867\tuneup2011\TuneUpUtilitiesService3 2.exe
--
End of file - 12543 bytes
Ultima modifica di ezio : 27-02-2012 alle 23:58. Motivo: tag code |
|
|
27-02-2012, 23:55
|
#2 |
|
Senior Member
Iscritto dal: Apr 2001
Città: Giovinazzo(BA) ...bella città, riso patat e cozz a volontà!
Messaggi: 26494
|
Utilizza i thread in rilievo della sezione antivirus, seguendo passo passo le indicazioni sulla disinfezione e l'eventuale pubblicazione dei log. Sprecherai meno tempo e potrai capire se effettivamente il tuo sistema è pulito, prima di mettere eventualmente mano ad altre componenti e file di Windows
__________________
Ezio Lacandia on DeviantArt | Slimkat mod per N4 e N5 | Trattative mercatino HWU | Driver nForce NET Framework [Guida] | BSOD individuazione cause | Guida Sintetica Strap/Divisori P45 | Fix associazioni Vista/7 Problemi Win Installer | Avviare programmi senza richiesta UAC | Problemi Font | Guida Raccolte 7 | Win 32/64bit come perchè Ultima modifica di ezio : 27-02-2012 alle 23:59. |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 00:42.
