salve a tutti
qusto post continua da una discussione nata in windows e software
con il nome di "programmi che non partono", infatti il problema riguardava
un programma che dopo il caricamento si chiudeva senza msg di errore, era da
mesi che facevo tentativi e non volevo arrendermi ad una nuova formattazione
la soluzione si chiama COMBOFIX
risolto il problema, mi ritrovo però con un log che fa paura, file infetti e mancanti...
(lo posto subito dopo) che non so come risolvere..
prima inserrisco una nuova voce uscita sul log hijackthis dopo ilfix
(unico dato strano, il resto è ok )
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
e questo è combofix.log
ComboFix 11-01-10.04 - r0ninHoundMaster 10/01/2011 21.57.07.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.275 [GMT 1:00]
Eseguito da: c:\documents and settings\r0ninHoundMaster\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.
/wow section - STAGE 50
Impossibile trovare il percorso specificato.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
c:\windows\regedit.exe . . . è infetto!!
c:\windows\system32\midimap.dll . . . è infetto!!
c:\windows\system32\srsvc.dll . . . è infetto!!
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((( Files Creati Da 2010-12-10 al 2011-01-10 )))))))))))))))))))))))))))))))))))
.
2011-01-03 21:01 . 2011-01-03 21:01 -------- d-----w- C:\Intel
2011-01-03 20:51 . 2011-01-10 20:38 -------- d-----r- C:\Programmi
2011-01-03 20:49 . 2011-01-09 23:25 -------- d-----w- C:\Documents and Settings
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
------- Sigcheck -------
[-] 2008-08-30 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-09-08 . 6DC43081C760EEC1130D2C8C145DF375 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-09-08 . 8B2A7229651894B07A5F750E1FEF99CC . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-04-13 . 9530E35D9033ACED20CDA2509A21073A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2001-08-31 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-09-08 . 450030B1EED8E40620C778BB687336B3 . 3459584 . . [6.00.2900.5512] . . c:\windows\system32\mshtml.dll
[-] 2008-09-08 . C19CC764588859C9D5038DE8F5DEF3FC . 813568 . . [6.00.2900.5512] . . c:\windows\system32\wininet.dll
[-] 2008-09-08 . 19CB8AA5B83D0017EB9A9126AA2EEB55 . 1554944 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-30 . AE9F25DDEEFA1E63FE80CF59D61731C9 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-09-08 . 91B6AAC828F8BBE1796275424E44DFB0 . 25088 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\System32\drivers\beep.sys ... è mancante !!
c:\windows\System32\wuauclt.exe ... è mancante !!
c:\windows\System32\srsvc.dll ... è mancante !!
c:\windows\System32\schedsvc.dll ... è mancante !!
c:\windows\System32\termsrv.dll ... è mancante !!
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HijackThis startup scan"="c:\programmi\Trend Micro\HiJackThis\HijackThis.exe" [2010-03-25 388096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AsusTray"="c:\programmi\Asus\EeePC ACPI\AsTray.exe" [2007-09-28 77824]
"AsusACPIServer"="c:\programmi\Asus\EeePC ACPI\AsAcpiSvr.exe" [2007-10-02 450560]
"ACU"="c:\programmi\Atheros\ACU.exe" [2007-05-03 376921]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-22 104984]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-22 121368]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-09-22 100888]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-04 16841216]
"SkyTel"="SkyTel.EXE" [2007-08-04 1826816]
"SynTPStart"="c:\programmi\Synaptics\SynTP\SynTPSt art.exe" [2007-08-18 102400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-13 101888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableCAD"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"HideRunAsVerb"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"StartMenuLogoff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\r0ninHoundMaster\\Documenti\\Download\\u torrent.exe"=
R0 ffire;FlashFire;c:\windows\system32\drivers\ffire. sys [15/07/2009 20.39.04 10624]
S3 dciiodrv;dciiodrv;c:\windows\system32\drivers\dcii odrv.sys [03/01/2011 22.40.17 2944]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DcomLaunch REG_MULTI_SZ DcomLaunch
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
NWCWorkstation
Nwsapagent
Rasauto
Rasman
SENS
Sharedaccess
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
napagent
hkmsvc
BITS
ShellHWDetection
WmdmPmSN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\r0ninHoundMaster\Dati applicazioni\Mozilla\Firefox\Profiles\rqkifrhj.def ault\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programmi\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: PhZilla: amin.eft_PhProxy@gmail.com - %profile%\extensions\amin.eft_PhProxy@gmail.com
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 22:01
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
************************************************** ************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(512)
c:\windows\system32\sfc_os.dll
- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(180)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Ora fine scansione: 2011-01-10 22:03:51
ComboFix-quarantined-files.txt 2011-01-10 21:03
Pre-Run: 1.675.653.120 byte disponibili
Post-Run: 1.668.005.888 byte disponibili
WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - EAE57F479E893F572DD753EBE69495F8
cosa ne dite???
Rispondi quotando