|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
ComboFix 10-06-11.01 - jonad 12/06/2010 16:34:50.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.39.1033.18.1022.393 [GMT 2:00] Eseguito da: c:\users\jonad\Downloads\ComboFix.exe .
((((((((((((((((((((((((( Files Creati Da 2010-05-12 al 2010-06-12 ))))))))))))))))))))))))))))))))))) .
2010-06-12 14:40 . 2010-06-12 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-12 12:52 . 2009-07-24 08:49 114688 ----a-w- c:\windows\system32\RicohMediadriverVer.dll 2010-06-12 12:52 . 2009-06-25 14:58 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys 2010-06-12 12:52 . 2009-06-25 14:25 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys 2010-06-12 12:52 . 2009-06-25 14:10 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys 2010-06-12 12:52 . 2004-09-04 01:00 90112 ----a-w- c:\windows\system32\snymsico.dll 2010-06-12 12:52 . 2007-07-25 10:48 172032 ----a-w- c:\windows\system32\rixdicon.dll 2010-06-12 12:19 . 2010-06-12 12:19 -------- d-----w- c:\users\jonad\AppData\Local\ElevatedDiagnostics 2010-06-12 12:12 . 2010-06-12 12:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-11 02:27 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys 2010-06-11 02:27 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-11 02:27 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll 2010-06-11 02:27 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll 2010-06-11 02:27 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-06 08:18 . 2010-06-06 08:19 -------- d-----w- c:\program files\TutoreDattilo 2010-06-05 06:21 . 2010-06-11 05:31 -------- d-----w- c:\users\jonad\AppData\Roaming\dvdcss 2010-06-04 14:46 . 2010-06-04 14:46 -------- d-----w- C:\omniformat 2010-06-04 14:38 . 2010-06-04 14:38 159878 ----a-w- c:\windows\ScanWiz Uninstaller.exe 2010-06-04 14:38 . 2010-06-04 14:38 -------- d-----w- c:\program files\ScanWizv2 2010-06-04 12:02 . 2010-06-04 12:02 -------- d-----w- c:\program files\JPEG to PDF 2010-05-26 10:37 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 06:24 . 2010-05-25 06:24 -------- d-----w- c:\windows\system32\Wat 2010-05-21 07:03 . 2010-04-21 10:07 52224 ----a-w- c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll 2010-05-21 07:03 . 2010-04-21 10:07 101376 ----a-w- c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll 2010-05-16 09:02 . 2010-05-16 09:02 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe 2010-05-16 09:02 . 2010-05-16 09:02 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll 2010-05-16 09:02 . 2010-05-16 08:54 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll 2010-05-16 09:02 . 2010-05-16 08:54 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll 2010-05-16 09:02 . 2010-05-16 08:54 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe 2010-05-16 09:02 . 2010-05-16 08:54 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll 2010-05-16 09:02 . 2010-05-16 08:54 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll 2010-05-16 09:02 . 2010-05-16 08:54 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe 2010-05-16 09:02 . 2010-05-16 08:54 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll 2010-05-16 09:02 . 2010-05-16 08:54 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll 2010-05-16 09:01 . 2009-10-21 22:13 59952 ----a-w- c:\windows\system32\vnetinst.dll 2010-05-16 09:01 . 2009-10-21 22:13 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys 2010-05-16 09:00 . 2009-10-22 02:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe 2010-05-16 09:00 . 2009-10-22 03:00 395824 ----a-w- c:\windows\system32\vmnat.exe 2010-05-16 09:00 . 2009-10-22 03:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2010-05-16 09:00 . 2009-10-21 22:13 51248 ----a-r- c:\windows\system32\vmnetbridge.dll 2010-05-16 09:00 . 2009-10-21 22:13 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys 2010-05-16 09:00 . 2009-10-21 22:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys 2010-05-16 09:00 . 2009-10-22 03:00 760368 ----a-w- c:\windows\system32\vnetlib.dll 2010-05-16 09:00 . 2009-10-22 03:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2010-05-16 09:00 . 2009-10-21 22:13 31280 ----a-w- c:\windows\system32\drivers\vmusb.sys 2010-05-16 08:59 . 2010-05-16 08:59 -------- d-----w- c:\program files\Common Files\VMware 2010-05-16 08:55 . 2010-05-16 08:55 -------- d-----w- c:\program files\VMware 2010-05-14 21:15 . 2010-06-05 06:07 -------- d-----w- c:\users\jonad\AppData\Roaming\skypePM 2010-05-14 21:13 . 2010-06-05 07:09 -------- d-----w- c:\users\jonad\AppData\Roaming\Skype 2010-05-14 21:11 . 2010-05-14 21:11 -------- d-----w- c:\program files\Common Files\Skype 2010-05-14 21:11 . 2010-05-14 21:13 -------- d-----r- c:\program files\Skype 2010-05-14 21:11 . 2010-05-14 21:11 -------- d-----w- c:\programdata\Skype 2010-05-14 19:32 . 2010-05-14 19:31 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-05-14 19:31 . 2010-05-14 19:31 -------- d-----w- c:\program files\Java 2010-05-13 18:09 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-12 14:14 . 2010-04-19 22:12 -------- d-----w- c:\programdata\VMware 2010-06-12 12:26 . 2010-04-21 09:13 -------- d-----w- c:\programdata\McAfee Security Scan 2010-06-11 09:48 . 2010-04-19 21:34 -------- d-----w- c:\programdata\Microsoft Help 2010-06-11 06:45 . 2010-05-10 06:08 -------- d-----w- c:\users\jonad\AppData\Roaming\vlc 2010-06-07 12:54 . 2010-04-19 22:21 -------- d-----w- c:\users\jonad\AppData\Roaming\VMware 2010-05-14 23:37 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-14 21:15 . 2010-05-14 21:15 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-05-12 09:21 . 2010-04-19 20:24 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-10 06:07 . 2010-05-10 06:07 -------- d-----w- c:\program files\VideoLAN 2010-04-24 18:40 . 2010-04-24 18:40 -------- d-----w- c:\program files\Microsoft 2010-04-24 18:40 . 2010-04-24 18:39 -------- d-----w- c:\program files\Windows Live 2010-04-24 18:40 . 2010-04-24 18:40 -------- d-----w- c:\program files\Windows Live SkyDrive 2010-04-24 18:25 . 2010-04-24 18:25 -------- d-----w- c:\program files\Common Files\Windows Live 2010-04-22 16:32 . 2010-04-22 16:21 -------- d-----w- c:\program files\LowRateVoip 2010-04-22 16:32 . 2010-04-22 16:24 -------- d-----w- c:\users\jonad\AppData\Roaming\LowRateVoip 2010-04-21 19:08 . 2010-04-20 18:03 108824 ----a-w- c:\users\jonad\AppData\Local\GDIPFONTCACHEV1.DAT 2010-04-21 18:45 . 2010-04-21 18:45 -------- d-----w- c:\programdata\Office Genuine Advantage 2010-04-21 16:31 . 2010-04-19 21:37 -------- d-----w- c:\program files\Microsoft Works 2010-04-21 09:18 . 2010-04-21 09:17 -------- d-----w- c:\program files\Common Files\Adobe 2010-04-21 09:13 . 2010-04-21 09:13 -------- d-----w- c:\programdata\McAfee 2010-04-21 09:13 . 2010-04-21 09:13 -------- d-----w- c:\program files\McAfee Security Scan 2010-04-20 18:02 . 2010-04-20 18:02 -------- d-----w- c:\program files\Alex Feinman 2010-04-19 21:37 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild 2010-04-19 21:36 . 2010-04-19 21:36 -------- d-----w- c:\program files\Microsoft.NET 2010-04-19 21:35 . 2010-04-19 21:35 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-04-19 20:13 . 2010-04-19 20:13 -------- d-----w- c:\programdata\Avira 2010-04-19 20:13 . 2010-04-19 20:13 -------- d-----w- c:\program files\Avira 2010-04-19 20:05 . 2010-04-19 20:05 -------- d-----w- c:\programdata\NVIDIA 2010-04-19 17:56 . 2010-04-19 17:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe .
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LowRateVoip"="c:\program files\LowRateVoip\LowRateVoip.exe" [2010-04-22 9167160] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1343400] S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
. . ------- Scansione supplementare ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll FF - ProfilePath - c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405727&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Radio Bar 2 Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405727&SearchSource=13 FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\FFExternalAlert.dll FF - component: c:\users\jonad\AppData\Roaming\Mozilla\Firefox\Profiles\1ik5092w.default\extensions\{9bb815eb-3f9f-4e11-9150-cb70e29b40fc}\components\RadioWMPCore.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . --------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Ora fine scansione: 2010-06-12 16:46:09 ComboFix-quarantined-files.txt 2010-06-12 14:46
Pre-Run: 82.157.891.584 bytes free Post-Run: 82.317.156.352 bytes free
- - End Of File - - 4D73C70B7EAA72EA6ED9BB6790719DB7
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Ho notato che il programma non è stato eseguito dal desktop, per rimuoverlo devo usare OTC by oldtimer, quell'altro simile come si chiamava?
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
C'è qualcuno?
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Sembra che fate apposta a non rispondermi.
|
|
Rank: AiutAmico
Iscritto dal : 4/2/2009 Posts: 1,367
|
fdaccc ha scritto:Sembra che fate apposta a non rispondermi. Spiacente,sono ignorante in materia. Scusami,ma se non ricordo male dovresti essere capace di leggere un log di combofix visto che avevi soluzioni per molti altri utenti ma ............ magari sbaglio,se così scusami ma sai alla mia età si inizia ad avere problemi di memoria.
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Combofix non sono sicuro di come agire, HJT si.
|
|
Rank: AiutAmico
Iscritto dal : 3/6/2009 Posts: 2,913
|
fai iscrivere il tuo amico cosi posta lui il log
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Anche no.
|
|
Rank: AiutAmico
Iscritto dal : 12/4/2008 Posts: 2,008
|
Innanzitutto mi pare che la build di Windows 7 non sia la RTM.
Quella del tuo amico numera: 6.1.7600.0.1252
La RTM è invece la: 6.1.7600.16385
Invece di cercare di pulire il pc, gli consiglio di comprare una licenza originale, e non di utilizzare certe builds pre RTM crackate (probabilmente, a meno che Combofix non abbia preso un abbaglio) la cui provenienza è incerta.
Ciao
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Grazie simo del consiglio.
|
|
Rank: AiutAmico
Iscritto dal : 2/25/2010 Posts: 1,008
|
Combofix non fà distinzioni se le licenze sono valide o NON valide. Se trova delle infezioni le elimina e le visualizza nel log. Mi sembra però che funzioni solo con XP.
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
nessuno script da eseguire?
|
|
Rank: AiutAmico
Iscritto dal : 10/31/2004 Posts: 7,185
|
.... la soluzione del bravo simo95 è quella che ti deve portare a comprendere che se nelle dll ce ne fosse anche solo una corrotta , questa crerebbe problemi di utilizzo puoi provare a scaricare ::::: http://www.softpedia.com/get/Antivirus/SpyDLLRemover.shtml lo fai girare e se vedi che compaiono rosse o arancioni ...ci sono problemi ..... se non trova nulla ..... allora son dolori ( PENSO ) perchè non esiste oppure è stato eliminato per gli script .... risultano funzioni prioritarie in attivazione direttamente sul registro ..... quì ci vuole l'amico r16 che ne sà molto di più ... ma credo che non servano in questo caso ... ciao :O)
|
|
Rank: AiutAmico
Iscritto dal : 12/12/2009 Posts: 2,114
|
Grazie Mao, pace pace mille patate :)
|
|
Guest |