non è un applicazione win 32 valida....

**lellino193** · 04-01-2011, 00:36

ciao a tutti!!!!
ho un po di problemi ad aprire alcuni programmi,di seguito vi riporto il report fatto con combo fix,qualche buon uomo/donna,potrebbe darci un occhiata per indicarmi la strada per intravedere la luce?altrimenti formatto e chi se visto se visto

Ciao Grandi!!!

ecco il report:

ComboFix 11-01-03.01 - RaEmCiOli 03/01/2011 22.57.48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.2047.1187 [GMT 1:00]
Eseguito da: c:\documents and settings\RaEmCiOli\desktop\abc.exe
Opzioni usate :: /killall
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-12-03 al 2011-01-03 )))))))))))))))))))))))))))))))))))
.

2011-01-03 22:18 . 2011-01-03 22:18 -------- d-----w- c:\windows\system32\xircom
2011-01-03 22:18 . 2011-01-03 22:18 -------- d-----w- c:\windows\system32\wbem\snmp
2011-01-03 22:18 . 2011-01-03 22:18 -------- d-----w- c:\programmi\microsoft frontpage
2010-12-22 21:26 . 2010-12-22 21:26 -------- d-----w- c:\programmi\Widestream6
2010-12-12 17:29 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-12-12 17:27 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-12 17:12 . 2010-12-12 17:12 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Nokia
2010-12-10 17:52 . 2010-12-10 17:52 -------- d-----w- c:\documents and settings\RaEmCiOli\Impostazioni locali\Dati applicazioni\IsolatedStorage
2010-12-10 17:52 . 2010-12-10 17:52 -------- d-----w- c:\documents and settings\RaEmCiOli\Dati applicazioni\PC Suite
2010-12-10 17:51 . 2010-12-12 17:31 -------- d-----w- c:\documents and settings\RaEmCiOli\Impostazioni locali\Dati applicazioni\Nokia
2010-12-10 17:45 . 2010-12-10 17:45 -------- d-----w- c:\documents and settings\RaEmCiOli\Dati applicazioni\Nokia
2010-12-10 17:15 . 2010-12-12 18:40 -------- d-----w- c:\windows\Globalization
2010-12-10 17:14 . 2010-12-12 18:50 -------- d-----w- c:\programmi\File comuni\Nokia
2010-12-10 17:08 . 2010-12-10 17:08 -------- d-----w- c:\programmi\DIFX
2010-12-10 17:08 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-12-10 17:07 . 2008-09-15 06:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-12-10 17:07 . 2008-09-15 06:56 8064 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-12-10 17:07 . 2008-09-15 06:56 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-12-10 17:06 . 2008-09-15 06:56 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-12-10 17:06 . 2008-09-15 06:56 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-12-10 17:06 . 2008-09-15 06:29 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2010-12-10 17:06 . 2008-09-15 06:56 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-12-10 17:06 . 2010-12-12 18:55 -------- d-----w- c:\programmi\Nokia
2010-12-10 16:58 . 2010-12-10 16:58 -------- d-sh--w- c:\windows\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-11-20 16:46 . 2010-11-20 16:46 101120 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-10-27 16:59 . 2010-10-27 16:59 110080 ----a-r- c:\documents and settings\RaEmCiOli\Dati applicazioni\Microsoft\Installer\{9EFA7323-47A0-48E2-8F77-35DB5EED500A}\IconF7A21AF7.exe
2010-10-27 16:59 . 2010-10-27 16:59 110080 ----a-r- c:\documents and settings\RaEmCiOli\Dati applicazioni\Microsoft\Installer\{9EFA7323-47A0-48E2-8F77-35DB5EED500A}\IconD7F16134.exe
2010-10-14 12:42 . 2010-10-14 12:42 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-10-14 12:42 . 2010-10-14 12:42 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-10-14 12:42 . 2010-10-14 12:42 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-10-14 12:42 . 2010-10-14 12:42 59888 ------w- c:\windows\system32\pxwma.dll
.

------- Sigcheck -------

[-] 2008-04-14 . 4314623FD836E96A51343CE5C74B48A8 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\browser.dll
[-] 2007-01-03 . 39128B5A743545BAEDD3984C210F00A8 . 77824 . . [5.1.2600.2586] . . c:\windows\system32\browser.dll

[-] 2008-04-14 . B6FCBB157E9C8ABDCA4134C535535A8B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\cryptsvc.dll
[-] 2007-01-03 . 87F3E2D2A3231F820F9248DB90090F42 . 62464 . . [5.1.2600.2845] . . c:\windows\system32\cryptsvc.dll

[-] 2008-04-14 . 99B69A5697F622A192B2C1E0D55B48AB . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\linkinfo.dll
[-] 2007-01-03 . 212DEC5056523F8727C7B4E7E86782D5 . 19968 . . [5.1.2600.2839] . . c:\windows\system32\linkinfo.dll

[-] 2008-04-14 . FE5A5329CCFC33D645C33077FF04F052 . 296960 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\073a8e968 4d59d4923c2eb2e44aa36af\termsrv.dll

c:\windows\System32\termsrv.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 110592]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2007-01-03 61952]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-05 14396416]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-04-14 2790472]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-01 339968]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2010-05-03 202256]
"AdobeCS4ServiceManager"="c:\programmi\File comuni\Adobe\CS4ServiceManager\CS4ServiceManager.e xe" [2008-08-14 611712]
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" [2007-06-29 286720]
"SpyHunter Security Suite"="c:\programmi\Enigma Software Group\SpyHunter\SpyHunter4.exe" [2010-09-21 4086104]
"ISTray"="c:\programmi\PC Tools Security\pctsGui.exe" [2010-09-29 1588184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2010-05-04 124928]

c:\documents and settings\RaEmCiOli\Menu Avvio\Programmi\Esecuzione automatica\
Nikon Monitor.lnk - c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
ATI CATALYST System Tray.lnk - c:\programmi\ATI Technologies\ATI.ACE\CLI.exe [2005-2-1 32768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

**lellino193** · 04-01-2011, 00:37

ecco il restante della scansione:

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\WebSite X5 v8 - Evolution\\WebSite.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programmi\\Google\\Chrome\\Application\\chrom e.exe"=
"c:\\Programmi\\File comuni\\Adobe\\CS4ServiceManager\\CS4ServiceManage r.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programmi\\WINDEasyConnect\\SwiApiMux.exe "=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27/10/2010 18.09.00 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [27/10/2010 18.09.06 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [27/10/2010 18.09.06 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/05/2010 8.37.58 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [01/05/2010 8.37.58 19024]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programmi\PC Tools Security\pctsAuxs.exe [27/10/2010 18.08.26 366840]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [21/09/2010 13.51.54 327000]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmi\T omTom HOME 2\TomTomHOMEService.exe [13/11/2009 12.31.14 92008]
R2 WTGService;WTGService;c:\programmi\WINDEasyConnect \WTGService.exe [20/11/2010 17.48.15 230856]
R3 esgiguard;esgiguard;c:\programmi\Enigma Software Group\SpyHunter\esgiguard.sys [27/01/2010 17.10.44 5248]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate. exe [01/05/2010 8.38.01 133104]

--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - PCTSDInjDriver32
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-01 07:37]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-05-01 07:37]

2011-01-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2011-01-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-1972579041-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-01-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-1972579041-682003330-1003.job
- c:\programmi\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2011-01-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-02 20:18]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.unina.it/areariservata.jsp
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll
TCP: {86315873-0B17-4DFB-AF3B-03A09AA3C188} = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-AdobeBridge - (no file)
HKCU-Run-iso70700ultrabox.exe - c:\documents and settings\RaEmCiOli\Dati applicazioni\BEE87DD928A79CA6C5D6AF39F071D9AF\iso7 0700ultrabox.exe
HKLM-Run-Nokia FastStart - c:\programmi\Nokia\Nokia Music\NokiaMusic.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 23:21
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\SHSVCS.dll
c:\windows\system32\Ati2evxx.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(816)
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\programmi\File comuni\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programmi\File comuni\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\System32\NETRAP.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
c:\windows\RTHDCPL.EXE
c:\programmi\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmi\PC Tools Security\pctsSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\File comuni\Java\Java Update\jucheck.exe
.
************************************************** ************************
.
Ora fine scansione: 2011-01-03 23:25:45 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-01-03 22:25

Pre-Run: 98.147.438.592 byte disponibili
Post-Run: 105.040.576.512 byte disponibili

- - End Of File - - 91F17BDDC11FC17049415B3FB4862C6E

**SkinBonno** · 04-01-2011, 07:50

Il log è pulito..non credo sia un problema di virus. Prova a disinstallare Spyware doctor, non è mai andato d'accordissimo con Avira. Se anche così non risolvi, prova a chiedere nella sezione Windows e software..

**lellino193** · 08-01-2011, 14:22

§Grazie Mille!Adesso provo!

**antonpaco** · 10-01-2011, 21:00

l'antivirus e' avast, non avira, dimmi una cosa, quando lanci l'antivirus funziona? riesce a fare la scansione?

**SkinBonno** · 10-01-2011, 22:10

Originariamente inviato da antonpaco
l'antivirus e' avast, non avira, ..........

Effettivamente hai ragione..

Discussione: non è un applicazione win 32 valida....

Strumenti discussione

Ricerca discussione

Visualizza

non è un applicazione win 32 valida....

Permessi di invio