errore con disp usb ma non sembra worm...
Inviato: mer dic 30, 2009 2:07 pmda valenale
premetto che ho già tentato di risolvere il problema seguendo altre indicazioni trovate in rete, ma a quanto pare sbaglio io o serve un intervento "chirurgico".
allora, il problema è la finestra di errore:" Windows-Disco non presente-exception Processing Message c0000013 Parameters 75b1bf9c 4 75b1cf9c 75b1bf9c-tre opzioni, annulla, riprova e continua", che è presente in un vecchio post "virus worm bblog", e l'ho letto, ma ho comunque bisogno di aiuto.
La finestra si presenta sia con 2 pendrive che quando attacco l'ipod e la fotocamera.
le istruzioni che ho seguito erano di far girare combofix e anche malwarebytes con firewall, antivirus e antispyw vari disabilitati e senza essere connessi (al che ho staccato il cavo dato che ho fastweb e sono sempre connessa), dopodichè disinfettare i dispositivi usb con un progr., flash disinfector (nel post indicato si parlava di un altro progr., ninja mi pare)..........ma stamattina ho rimesso le chiavette ed oplà, di nuovo la finestraccia.
A differenza di chi ha avuto lo stesso fenomeno, io non ho segnalazioni di virus trovati da avg, nè da spybot....mi pare di capire che li dovrò cambiare....
Allego i log di combo e malware fatti stamane e spero di aver capito come allegarli col bbcode........
Grazie
allora, il problema è la finestra di errore:" Windows-Disco non presente-exception Processing Message c0000013 Parameters 75b1bf9c 4 75b1cf9c 75b1bf9c-tre opzioni, annulla, riprova e continua", che è presente in un vecchio post "virus worm bblog", e l'ho letto, ma ho comunque bisogno di aiuto.
La finestra si presenta sia con 2 pendrive che quando attacco l'ipod e la fotocamera.
le istruzioni che ho seguito erano di far girare combofix e anche malwarebytes con firewall, antivirus e antispyw vari disabilitati e senza essere connessi (al che ho staccato il cavo dato che ho fastweb e sono sempre connessa), dopodichè disinfettare i dispositivi usb con un progr., flash disinfector (nel post indicato si parlava di un altro progr., ninja mi pare)..........ma stamattina ho rimesso le chiavette ed oplà, di nuovo la finestraccia.
A differenza di chi ha avuto lo stesso fenomeno, io non ho segnalazioni di virus trovati da avg, nè da spybot....mi pare di capire che li dovrò cambiare....
Allego i log di combo e malware fatti stamane e spero di aver capito come allegarli col bbcode........
Grazie
Malwarebytes' Anti-Malware 1.42
Versione del database: 3454
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
30/12/2009 13.14.01
mbam-log-2009-12-30 (13-14-01).txt
Tipo di scansione: Scansione completa (E:\|F:\|G:\|)
Elementi scansionati: 179842
Tempo trascorso: 13 minute(s), 56 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
Versione del database: 3454
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
30/12/2009 13.14.01
mbam-log-2009-12-30 (13-14-01).txt
Tipo di scansione: Scansione completa (E:\|F:\|G:\|)
Elementi scansionati: 179842
Tempo trascorso: 13 minute(s), 56 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
ComboFix 09-12-29.05 - Valentina 30/12/2009 12.53.15.9.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2462 [GMT 1:00]
Eseguito da: e:\documents and settings\Valentina.HOMESWEE-B85CE1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-11-28 al 2009-12-30 )))))))))))))))))))))))))))))))))))
.
2009-12-30 10:13 . 2009-12-30 10:13 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Malwarebytes
2009-12-30 10:12 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 10:12 . 2009-12-30 10:12 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2009-12-30 10:12 . 2009-12-30 10:13 -------- d-----w- e:\programmi\Malwarebytes' Anti-Malware
2009-12-30 10:12 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-28 11:23 . 2009-12-28 11:23 -------- d-----w- E:\$AVG8.VAULT$
2009-12-27 18:48 . 2005-05-03 10:43 69632 ------r- e:\windows\Alcmtr.exe
2009-12-13 21:04 . 2009-12-13 21:03 2065688 ----a-w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-12-08 16:06 . 2009-12-08 16:06 20299200 ----a-w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\TomTom\HOME\Profiles\ohveo5xe.default\Updates\v2_7_3_1894_win.exe
2009-12-05 10:00 . 2008-04-14 12:00 26624 ----a-w- e:\documents and settings\LocalService.NT AUTHORITY\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-01 17:57 . 2009-12-01 17:57 -------- d-----w- e:\programmi\Windows Media Connect 2
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- E:\5d2b3f026ab380a0464083506f17
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- e:\windows\system32\drivers\UMDF
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- e:\windows\system32\LogFiles
2009-12-01 17:55 . 2009-12-01 17:56 -------- d-----w- E:\08e2123e734d9e5917
2009-12-01 17:31 . 2009-12-01 17:31 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\WEBREG
2009-12-01 17:26 . 2007-10-29 09:25 16496 ----a-r- e:\windows\system32\drivers\HPZipr12.sys
2009-12-01 17:26 . 2007-10-29 09:25 49920 ----a-r- e:\windows\system32\drivers\HPZid412.sys
2009-12-01 17:25 . 2007-10-29 09:25 21568 ----a-r- e:\windows\system32\drivers\HPZius12.sys
2009-12-01 17:25 . 2007-10-29 09:25 372736 ----a-r- e:\windows\system32\hppldcoi.dll
2009-12-01 17:25 . 2007-10-29 09:25 309760 ----a-r- e:\windows\system32\difxapi.dll
2009-12-01 17:25 . 2007-10-29 09:22 729088 ----a-r- e:\windows\system32\hpowiax8.dll
2009-12-01 17:25 . 2007-10-29 09:22 303104 ----a-r- e:\windows\system32\hpovst14.dll
2009-12-01 17:25 . 2007-10-29 09:22 970752 ----a-r- e:\windows\system32\hpotiop6.dll
2009-12-01 17:25 . 2008-04-13 10:45 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2009-12-01 17:25 . 2008-04-13 10:45 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 11:22 . 2009-11-27 18:24 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\HPAppData
2009-12-30 11:18 . 2008-04-14 12:00 47814 ----a-w- e:\windows\system32\perfc010.dat
2009-12-30 11:18 . 2008-04-14 12:00 345382 ----a-w- e:\windows\system32\perfh010.dat
2009-12-28 11:56 . 2009-10-28 06:19 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-12-27 18:58 . 2009-11-01 14:01 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Apple Computer
2009-12-01 17:32 . 2009-11-27 18:10 168755 ----a-w- e:\windows\hpoins29.dat
2009-12-01 17:28 . 2009-11-27 17:54 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\HP
2009-11-27 18:28 . 2009-11-27 18:28 10134 ----a-r- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-27 18:14 . 2009-11-27 18:14 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\HP Product Assistant
2009-11-27 18:14 . 2009-11-16 17:24 -------- d-----w- e:\programmi\HP
2009-11-27 18:13 . 2009-11-27 18:13 -------- d-----w- e:\programmi\File comuni\HP
2009-11-27 18:13 . 2009-11-27 18:13 -------- d-----w- e:\programmi\Hewlett-Packard
2009-11-27 18:04 . 2009-11-16 17:25 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\HP
2009-11-17 17:55 . 2009-11-17 17:55 -------- d-----w- e:\programmi\MSXML 4.0
2009-11-17 16:43 . 2009-11-17 16:43 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Yahoo!
2009-11-17 16:43 . 2009-11-17 16:43 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Yahoo! Companion
2009-11-16 17:36 . 2009-11-16 17:36 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Hewlett-Packard
2009-11-16 17:34 . 2009-10-28 06:19 -------- d-----w- e:\programmi\Spybot - Search & Destroy
2009-11-16 17:28 . 2009-11-16 17:28 -------- d-----w- e:\programmi\Yahoo!
2009-11-16 17:25 . 2009-11-16 17:25 -------- d-----w- e:\programmi\File comuni\Hewlett-Packard
2009-11-14 19:38 . 2009-11-14 19:38 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\TomTom
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\TomTom
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\programmi\TomTom International B.V
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\programmi\TomTom HOME 2
2009-11-01 14:01 . 2009-11-01 14:00 -------- d-----w- e:\programmi\iTunes
2009-11-01 14:01 . 2009-11-01 14:00 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\iPod
2009-11-01 14:00 . 2009-11-01 13:59 -------- d-----w- e:\programmi\File comuni\Apple
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\Bonjour
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\QuickTime
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-11-01 13:59 . 2009-11-01 13:59 -------- d-----w- e:\programmi\Apple Software Update
2009-11-01 13:59 . 2009-11-01 13:59 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-10-31 12:29 . 2009-10-27 18:28 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\U3
2009-10-31 10:53 . 2009-10-31 10:53 315392 ----a-w- e:\windows\HideWin.exe
2009-10-31 09:23 . 2009-10-31 09:23 17080 ----a-w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-30 16:49 . 2009-10-27 19:04 11952 ----a-w- e:\windows\system32\avgrsstx.dll
2009-10-30 16:49 . 2009-10-27 19:04 335240 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-10-30 16:49 . 2009-10-27 19:04 27784 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-10-29 05:24 . 2008-04-14 12:00 669696 ------w- e:\windows\system32\wininet.dll
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 19:04 . 2009-10-27 19:04 108552 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-10-27 18:13 . 2009-10-27 18:02 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 17:59 . 2009-10-27 17:59 21840 ----a-w- e:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- e:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- e:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- e:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 12:00 271360 ----a-w- e:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 150016 ----a-w- e:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- e:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="e:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"TomTomHOME.exe"="e:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="e:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="e:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="e:\programmi\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - e:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-7-28 49254]
HP Digital Imaging Monitor.lnk - e:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-30 16:49 11952 ----a-w- e:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Documents and Settings\\Valentina.HOMESWEE-B85CE1\\Desktop\\zdc\\zDC++0.668z3Ita\\zDCPlusPlus.exe"=
"e:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmi\\iTunes\\iTunes.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programmi\\Messenger\\msmsgs.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [27/10/2009 20.04.50 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [27/10/2009 20.04.54 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;e:\progra~1\AVG\AVG8\avgemc.exe [27/10/2009 20.04.38 908056]
R2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [27/10/2009 20.04.38 297752]
R2 TomTomHOMEService;TomTomHOMEService;e:\programmi\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16.05.04 92008]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys
d:\NTGLM7X.sys ![[?]](http://www.megalab.it/forum/images/smilies/confused.gif "Confuso")
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-HijackThis - e:\documents and settings\Valentina.HOMESWEE-B85CE1\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 12:55
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1396)
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-12-30 12:56:47
ComboFix-quarantined-files.txt 2009-12-30 11:56
Pre-Run: 732.365.111.296 byte disponibili
Post-Run: 732.336.087.040 byte disponibili
- - End Of File - - AC6F8E1C9F8E554A7BA66B6A7FD98584
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3071.2462 [GMT 1:00]
Eseguito da: e:\documents and settings\Valentina.HOMESWEE-B85CE1\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((( Files Creati Da 2009-11-28 al 2009-12-30 )))))))))))))))))))))))))))))))))))
.
2009-12-30 10:13 . 2009-12-30 10:13 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Malwarebytes
2009-12-30 10:12 . 2009-12-03 15:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 10:12 . 2009-12-30 10:12 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Malwarebytes
2009-12-30 10:12 . 2009-12-30 10:13 -------- d-----w- e:\programmi\Malwarebytes' Anti-Malware
2009-12-30 10:12 . 2009-12-03 15:13 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-28 11:23 . 2009-12-28 11:23 -------- d-----w- E:\$AVG8.VAULT$
2009-12-27 18:48 . 2005-05-03 10:43 69632 ------r- e:\windows\Alcmtr.exe
2009-12-13 21:04 . 2009-12-13 21:03 2065688 ----a-w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\avg8\update\backup\avgcorex.dll
2009-12-08 16:06 . 2009-12-08 16:06 20299200 ----a-w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\TomTom\HOME\Profiles\ohveo5xe.default\Updates\v2_7_3_1894_win.exe
2009-12-05 10:00 . 2008-04-14 12:00 26624 ----a-w- e:\documents and settings\LocalService.NT AUTHORITY\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-01 17:57 . 2009-12-01 17:57 -------- d-----w- e:\programmi\Windows Media Connect 2
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- E:\5d2b3f026ab380a0464083506f17
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- e:\windows\system32\drivers\UMDF
2009-12-01 17:56 . 2009-12-01 17:56 -------- d-----w- e:\windows\system32\LogFiles
2009-12-01 17:55 . 2009-12-01 17:56 -------- d-----w- E:\08e2123e734d9e5917
2009-12-01 17:31 . 2009-12-01 17:31 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\WEBREG
2009-12-01 17:26 . 2007-10-29 09:25 16496 ----a-r- e:\windows\system32\drivers\HPZipr12.sys
2009-12-01 17:26 . 2007-10-29 09:25 49920 ----a-r- e:\windows\system32\drivers\HPZid412.sys
2009-12-01 17:25 . 2007-10-29 09:25 21568 ----a-r- e:\windows\system32\drivers\HPZius12.sys
2009-12-01 17:25 . 2007-10-29 09:25 372736 ----a-r- e:\windows\system32\hppldcoi.dll
2009-12-01 17:25 . 2007-10-29 09:25 309760 ----a-r- e:\windows\system32\difxapi.dll
2009-12-01 17:25 . 2007-10-29 09:22 729088 ----a-r- e:\windows\system32\hpowiax8.dll
2009-12-01 17:25 . 2007-10-29 09:22 303104 ----a-r- e:\windows\system32\hpovst14.dll
2009-12-01 17:25 . 2007-10-29 09:22 970752 ----a-r- e:\windows\system32\hpotiop6.dll
2009-12-01 17:25 . 2008-04-13 10:45 15104 -c--a-w- e:\windows\system32\dllcache\usbscan.sys
2009-12-01 17:25 . 2008-04-13 10:45 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 11:22 . 2009-11-27 18:24 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\HPAppData
2009-12-30 11:18 . 2008-04-14 12:00 47814 ----a-w- e:\windows\system32\perfc010.dat
2009-12-30 11:18 . 2008-04-14 12:00 345382 ----a-w- e:\windows\system32\perfh010.dat
2009-12-28 11:56 . 2009-10-28 06:19 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2009-12-27 18:58 . 2009-11-01 14:01 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Apple Computer
2009-12-01 17:32 . 2009-11-27 18:10 168755 ----a-w- e:\windows\hpoins29.dat
2009-12-01 17:28 . 2009-11-27 17:54 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\HP
2009-11-27 18:28 . 2009-11-27 18:28 10134 ----a-r- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-11-27 18:14 . 2009-11-27 18:14 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\HP Product Assistant
2009-11-27 18:14 . 2009-11-16 17:24 -------- d-----w- e:\programmi\HP
2009-11-27 18:13 . 2009-11-27 18:13 -------- d-----w- e:\programmi\File comuni\HP
2009-11-27 18:13 . 2009-11-27 18:13 -------- d-----w- e:\programmi\Hewlett-Packard
2009-11-27 18:04 . 2009-11-16 17:25 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\HP
2009-11-17 17:55 . 2009-11-17 17:55 -------- d-----w- e:\programmi\MSXML 4.0
2009-11-17 16:43 . 2009-11-17 16:43 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\Yahoo!
2009-11-17 16:43 . 2009-11-17 16:43 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Yahoo! Companion
2009-11-16 17:36 . 2009-11-16 17:36 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Hewlett-Packard
2009-11-16 17:34 . 2009-10-28 06:19 -------- d-----w- e:\programmi\Spybot - Search & Destroy
2009-11-16 17:28 . 2009-11-16 17:28 -------- d-----w- e:\programmi\Yahoo!
2009-11-16 17:25 . 2009-11-16 17:25 -------- d-----w- e:\programmi\File comuni\Hewlett-Packard
2009-11-14 19:38 . 2009-11-14 19:38 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\TomTom
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\TomTom
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\programmi\TomTom International B.V
2009-11-14 19:35 . 2009-11-14 19:35 -------- d-----w- e:\programmi\TomTom HOME 2
2009-11-01 14:01 . 2009-11-01 14:00 -------- d-----w- e:\programmi\iTunes
2009-11-01 14:01 . 2009-11-01 14:00 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\iPod
2009-11-01 14:00 . 2009-11-01 13:59 -------- d-----w- e:\programmi\File comuni\Apple
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\Bonjour
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\programmi\QuickTime
2009-11-01 14:00 . 2009-11-01 14:00 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer
2009-11-01 13:59 . 2009-11-01 13:59 -------- d-----w- e:\programmi\Apple Software Update
2009-11-01 13:59 . 2009-11-01 13:59 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple
2009-10-31 12:29 . 2009-10-27 18:28 -------- d-----w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Dati applicazioni\U3
2009-10-31 10:53 . 2009-10-31 10:53 315392 ----a-w- e:\windows\HideWin.exe
2009-10-31 09:23 . 2009-10-31 09:23 17080 ----a-w- e:\documents and settings\Valentina.HOMESWEE-B85CE1\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-30 16:49 . 2009-10-27 19:04 11952 ----a-w- e:\windows\system32\avgrsstx.dll
2009-10-30 16:49 . 2009-10-27 19:04 335240 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2009-10-30 16:49 . 2009-10-27 19:04 27784 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2009-10-29 05:24 . 2008-04-14 12:00 669696 ------w- e:\windows\system32\wininet.dll
2009-10-28 19:58 . 2009-10-28 19:58 79144 ----a-w- e:\documents and settings\All Users.WINDOWS\Dati applicazioni\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-27 19:04 . 2009-10-27 19:04 108552 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2009-10-27 18:13 . 2009-10-27 18:02 86327 ----a-w- e:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-27 17:59 . 2009-10-27 17:59 21840 ----a-w- e:\windows\system32\emptyregdb.dat
2009-10-21 05:38 . 2008-04-14 12:00 75776 ----a-w- e:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2008-04-14 12:00 25088 ----a-w- e:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-14 12:00 265728 ----a-w- e:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2008-04-14 12:00 271360 ----a-w- e:\windows\system32\oakley.dll
2009-10-12 13:38 . 2008-04-14 12:00 150016 ----a-w- e:\windows\system32\rastls.dll
2009-10-12 13:38 . 2008-04-14 12:00 79872 ----a-w- e:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:01 1230080 ----a-w- e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\programmi\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="e:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]
"TomTomHOME.exe"="e:\programmi\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-13 2043160]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"WinSys2"="e:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"QuickTime Task"="e:\programmi\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="e:\programmi\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="e:\programmi\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
e:\documents and settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - e:\programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-7-28 49254]
HP Digital Imaging Monitor.lnk - e:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - e:\programmi\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-30 16:49 11952 ----a-w- e:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Documents and Settings\\Valentina.HOMESWEE-B85CE1\\Desktop\\zdc\\zDC++0.668z3Ita\\zDCPlusPlus.exe"=
"e:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmi\\iTunes\\iTunes.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"e:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"e:\\Programmi\\Messenger\\msmsgs.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [27/10/2009 20.04.50 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [27/10/2009 20.04.54 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;e:\progra~1\AVG\AVG8\avgemc.exe [27/10/2009 20.04.38 908056]
R2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [27/10/2009 20.04.38 297752]
R2 TomTomHOMEService;TomTomHOMEService;e:\programmi\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16.05.04 92008]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys
d:\NTGLM7X.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
AddRemove-HijackThis - e:\documents and settings\Valentina.HOMESWEE-B85CE1\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 12:55
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'explorer.exe'(1396)
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Ora fine scansione: 2009-12-30 12:56:47
ComboFix-quarantined-files.txt 2009-12-30 11:56
Pre-Run: 732.365.111.296 byte disponibili
Post-Run: 732.336.087.040 byte disponibili
- - End Of File - - AC6F8E1C9F8E554A7BA66B6A7FD98584
![[boh]](http://www.megalab.it/forum/images/smilies/dntknw.gif "Boh")