Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Problema ATI

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

Problema ATI

Messaggioda omar_hs88 » lun nov 09, 2009 10:41 pm

Buonasera ragazzi, è da 3 giorni circa che il mio computer ha problemi.
Parlo del fatto che il computer è fisso al 85-90% di utilizzo della ram senza particolari processi attivi, e dopo un po' mi dà schermata blu con scritto di contattare il fornitore hardware ecc ecc.
Altra cosa molto strana è che tutti i programmi che apro lavorano a prestazioni pazzesche, ho firefox che oscilla tra i 500 e i 700 mb di utilizzo memoria...

posto il log di HijackThis, così mi dite se ci son problemi connessi..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.49.38, on 09/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
C:\Programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\dvd43\dvd43_tray.exe
C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Atlantis\NetFly U54 Wireless Utility \ZDWlan.EXE
C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SbUsb AudCtrl] RunDll32 sbusbdll.dll,RCMonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Programmi\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [BtTray] "C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NetFly U54 Wireless Utility .lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia tramite Bluetooth - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Invia usando Messaggio(&M)... - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Messenger ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Programmi\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12704 bytes
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda crazy.cat » mar nov 10, 2009 7:58 am

perché il titolo "problema ati"?

Fai una scansione con combofix e posta il suo log.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre
Top

Re: Problema ATI

Messaggioda omar_hs88 » mar nov 10, 2009 2:03 pm

ComboFix 09-11-09.01 - Administrator 10/11/2009 13.59.21.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1634 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Download\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Dati applicazioni\inst.exe
c:\documents and settings\All Users\Menu Avvio\HP Image Zone .lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NetFly U54 Wireless Utility .lnk
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
c:\documents and settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.url
c:\windows\system32\Data
c:\windows\system32\tmp82.tmp
c:\windows\system32\tmp83.tmp

La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty ate it :p
La copia infetta di c:\windows\system32\drivers\atapi.sys è stata trovata e disinfettata
ipristinata copia da - Kitty ate it :p
.
((((((((((((((((((((((((( Files Creati Da 2009-10-10 al 2009-11-10 )))))))))))))))))))))))))))))))))))
.

2009-11-10 12:16 . 2009-11-10 12:16 -------- d-----w- c:\programmi\ICQ6Toolbar
2009-11-10 12:16 . 2009-11-10 12:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ICQ
2009-11-10 12:14 . 2009-11-10 12:19 -------- d-----w- c:\programmi\ICQ6.5
2009-11-10 11:29 . 2009-11-10 12:18 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\ICQ
2009-11-05 18:06 . 2009-11-05 18:06 -------- d-----w- c:\documents and settings\HelpAssistant\WINDOWS
2009-11-05 18:06 . 2009-11-05 18:06 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2009-11-05 18:06 . 2009-11-05 18:06 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2009-11-05 18:06 . 2008-04-13 13:03 22352 ----a-w- c:\documents and settings\HelpAssistant\xbwceqmi.exe
2009-11-05 18:06 . 2008-04-13 13:01 22352 ----a-w- c:\documents and settings\HelpAssistant\qiwvqxhy.exe
2009-11-05 18:06 . 2008-04-13 13:01 22352 ----a-w- c:\documents and settings\HelpAssistant\qqcrhvxq.exe
2009-11-05 18:00 . 2009-11-05 18:05 -------- d--h--w- c:\documents and settings\HelpAssistant\Impostazioni locali
2009-11-05 18:00 . 2007-12-11 17:20 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di stampa
2009-11-05 18:00 . 2007-12-11 17:20 -------- d--h--w- c:\documents and settings\HelpAssistant\Risorse di rete
2009-11-05 18:00 . 2007-12-11 17:20 -------- d-----r- c:\documents and settings\HelpAssistant\Menu Avvio
2009-11-05 18:00 . 2007-12-11 16:37 -------- d-----w- c:\documents and settings\HelpAssistant\7zSDD1.tmp
2009-11-05 18:00 . 2007-12-11 16:25 -------- d--h--w- c:\documents and settings\HelpAssistant\Modelli
2009-11-05 18:00 . 2009-11-10 12:14 -------- d-----w- c:\documents and settings\HelpAssistant
2009-11-05 14:21 . 2009-11-05 14:21 152576 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-19 12:22 . 2009-10-19 12:04 24419312 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_1.8.10IT.exe
2009-10-19 12:21 . 2009-10-20 11:17 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-19 12:19 . 2009-10-19 12:19 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-10-19 12:19 . 2009-10-19 12:19 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-19 12:19 . 2009-10-19 12:19 3203453 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-14 12:42 . 2009-10-14 12:42 -------- d-----w- c:\programmi\IVT Corporation
2009-10-13 12:52 . 2009-03-19 12:48 136704 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys
2009-10-13 12:52 . 2009-03-19 12:48 8320 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys
2009-10-13 12:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-10-13 12:52 . 2009-02-09 06:37 7808 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-10-13 12:52 . 2009-02-09 06:37 659968 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-10-13 12:52 . 2009-02-09 06:37 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-10-13 12:52 . 2009-02-09 06:37 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-10-13 12:52 . 2009-02-09 06:32 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-10-13 12:49 . 2009-10-13 12:37 24510968 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\NokiaSoftwareUpdaterSetup_1.7.3IT.exe
2009-10-13 12:49 . 2009-10-13 12:49 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-13 12:49 . 2009-10-13 12:49 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2009-10-13 12:49 . 2009-10-13 12:49 3181612 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\vcredistExec.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 12:16 . 2007-12-17 13:21 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-06 00:08 . 2008-03-02 23:43 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-11-05 14:22 . 2007-12-11 17:02 -------- d-----w- c:\programmi\Java
2009-11-05 12:38 . 2002-12-31 12:00 84156 ----a-w- c:\windows\system32\perfc010.dat
2009-11-05 12:38 . 2002-12-31 12:00 489410 ----a-w- c:\windows\system32\perfh010.dat
2009-10-19 12:23 . 2008-10-01 12:09 -------- d-----w- c:\programmi\Nokia
2009-10-19 12:23 . 2008-10-01 12:06 -------- d-----w- c:\programmi\File comuni\Nokia
2009-10-19 12:04 . 2008-10-01 12:09 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-10-19 12:00 . 2008-09-30 20:54 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\PC Suite
2009-10-19 11:41 . 2008-06-27 11:47 20 ---h--w- c:\documents and settings\All Users\Dati applicazioni\PKP_DLdu.DAT
2009-10-13 12:41 . 2008-02-29 13:11 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\gtk-2.0
2009-10-11 03:17 . 2008-12-17 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 12:18 . 2009-03-14 00:47 -------- d-----w- c:\programmi\Microsoft
2009-10-06 12:18 . 2007-12-26 21:32 -------- d-----w- c:\programmi\Windows Live
2009-09-29 13:11 . 2008-02-17 12:04 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Azureus
2009-09-29 12:47 . 2009-09-29 12:47 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\LiteDownloadView
2009-09-26 00:04 . 2009-09-24 19:02 -------- d-----w- c:\programmi\AVS4YOU
2009-09-24 19:07 . 2009-09-24 19:07 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2009-09-24 19:07 . 2009-09-24 19:07 -------- d-----w- c:\programmi\dvd43
2009-09-24 19:03 . 2009-09-24 19:03 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\AVS4YOU
2009-09-24 19:03 . 2009-09-24 19:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2009-09-24 19:03 . 2009-09-24 19:02 -------- d-----w- c:\programmi\File comuni\AVSMedia
2009-09-24 12:18 . 2009-09-24 12:18 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Vso
2009-09-24 12:18 . 2009-09-24 12:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-09-24 12:18 . 2009-09-24 12:18 47360 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\pcouffin.sys
2009-09-24 12:18 . 2009-09-24 12:18 47360 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\pcouffin.sys
2009-09-24 12:18 . 2009-09-24 12:18 -------- d-----w- c:\programmi\DVDFab 6
2009-09-21 12:45 . 2009-09-21 12:45 -------- d-----w- c:\programmi\QuickTime
2009-09-17 09:43 . 2008-10-14 11:21 335872 ----a-r- c:\documents and settings\Administrator\Dati applicazioni\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-09-17 09:33 . 2008-06-27 11:47 -------- d-----w- c:\programmi\File comuni\Nikon
2009-09-11 14:17 . 2002-12-31 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2002-12-31 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:26 . 2002-12-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:26 . 2002-12-31 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:26 . 2002-12-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2002-12-31 12:00 247326 ------w- c:\windows\system32\strmdll.dll
2009-08-16 18:59 . 2009-08-16 18:59 8192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}\Installer\CommonCustomActions\UninstCCD.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\fc12fb9dc078edc471023573f97c4e40\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
[-] 2004-08-03 22:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-05 39408]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 184320]
"CTSysVol"="c:\programmi\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-01-05 185872]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Nikon Transfer Monitor"="c:\programmi\File comuni\Nikon\Monitor\NkMonitor.exe" [2009-02-24 479232]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-09-04 417792]
"dvd43"="c:\programmi\dvd43\dvd43_tray.exe" [2009-06-29 827904]
"BtTray"="c:\programmi\IVT Corporation\BlueSoleil\BtTray.exe" [2008-08-04 226816]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SbUsb AudCtrl"="sbusbdll.dll" - c:\windows\system32\sbusbdll.dll [2004-07-09 119296]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-03-21 16126464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"Skype"="c:\programmi\Skype\Phone\Skype.exe" [2006-09-25 20053544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica\
Stardock ObjectDock.lnk - c:\programmi\Stardock\ObjectDock\ObjectDock.exe [2008-1-7 3450608]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio rapido di HP Image Zone.lnk - c:\programmi\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^MioSync.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\MioSync.lnk
backup=c:\windows\pss\MioSync.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Soulseek-Test\\slsk.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"e:\\Azureus\\Azureus.exe"=
"e:\\lphant\\eLePhantClient.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programmi\\GameSpy Arcade\\Aphex.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"e:\\lphant1\\eLePhantClient.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Programmi\\ICQ6.5\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [07/01/2009 22.39.36 20616]
R2 BsMobileCS;BsMobileCS;c:\programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe [01/08/2008 14.55.28 143467]
R2 ICQ Service;ICQ Service;c:\programmi\ICQ6Toolbar\ICQ Service.exe [10/11/2009 13.16.21 222968]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 11.25.56 710144]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [02/07/2008 13.58.48 26248]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [28/03/2008 15.14.12 7040]
R3 ZD1211BU(Atlantis-Land);NetFly U54 Wireless USB Adapter(Atlantis-Land);c:\windows\system32\drivers\ZD1211BU.sys [11/02/2008 13.23.05 477696]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [07/12/2008 11.44.54 30088]
S3 CTUPnPSv;Creative Centrale Media Server;c:\programmi\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 12.42.56 64000]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13/10/2009 13.52.03 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13/10/2009 13.52.03 8320]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [02/03/2008 20.50.12 90229]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [02/02/2008 16.17.07 1643648]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programmi\File comuni\LightScribe\LSRunOnce.exe"
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-11-07 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-11-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia tramite Bluetooth - c:\programmi\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Invia usando Messaggio(&M)... - c:\programmi\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
FF - ProfilePath - c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\psniyhwi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Administrator\Dati applicazioni\Mozilla\Firefox\Profiles\psniyhwi.default\extensions\{f4035115-6152-4901-a81d-f4e0a0479615}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-NWEReboot - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 14:07
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A25FB00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a25fb00
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-11-10 14.10.04
ComboFix-quarantined-files.txt 2009-11-10 13:10

Pre-Run: 4.779.544.576 byte disponibili
Post-Run: 4.837.404.672 byte disponibili

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 1E4CBD1B50F5F850AEE5543DF165C18E
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top
Top

Re: Problema ATI

Messaggioda Amantide » mar nov 10, 2009 4:45 pm

Scarica mbr.exe e salvalo nella directory C:\
Dopo vai su Start>> Esegui e digita mbr.exe -f
Mbr.exe metterà qualche secondo a fare la scansione. Fatto ciò postami qui il contenuto del log creato che troverai in c:\mbr.log

Fai anche la scansione con antivirus dalla modalità provvisoria perché ci sono alcuni file strani e potrebbero esserci anche altri:

c:\documents and settings\HelpAssistant\xbwceqmi.exe
c:\documents and settings\HelpAssistant\qiwvqxhy.exe
c:\documents and settings\HelpAssistant\qqcrhvxq.exe
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Problema ATI

Messaggioda omar_hs88 » mer nov 11, 2009 1:52 pm

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda omar_hs88 » mer nov 11, 2009 5:45 pm

li ha riconosciuti come trojan. dovrebbe anche averli rimossi.
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda Amantide » mer nov 11, 2009 6:50 pm

Hai ancora dei problemi?
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo
Top

Re: Problema ATI

Messaggioda omar_hs88 » mer nov 11, 2009 10:38 pm

si, mi carica firefox a 1 gb di utilizzo oltre ad altri processi strani, e dopo un po' schermata blu con seguente messaggio:

"un thread del kernel è stato bloccato mentre tentava un mutex"
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda tecnico24 » mer nov 11, 2009 10:41 pm

Ciao...
puoi controllare se il problema esiste in modalità provvisoria(F8 all'avvio del pc)?
Avatar utente
tecnico24
Senior Member
Senior Member
 
Messaggi: 380
Iscritto il: dom mag 20, 2007 4:31 pm
Top

Re: Problema ATI

Messaggioda omar_hs88 » gio nov 12, 2009 9:16 pm

sisi, schermata blu e tutto bloccato!
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda Fred » ven nov 13, 2009 9:39 pm

Lo fa anche con browsers diversi da FF?
[ciao]
Asus M3N78SE;AMD Athlon 64X2 5200+@5400;2 GB DDR2;NVIDIA GeForce 9500GT;Windows 7 Pro 64bit;
AcerASPIRE5230;Windows 7 Pro 64bit
Skype: nellopc90
Avatar utente
Fred
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3623
Iscritto il: mer apr 27, 2005 4:13 pm
Località: Urbe
Top

Re: Problema ATI

Messaggioda omar_hs88 » sab nov 14, 2009 2:31 pm

si anche internet explorer mi lavora a prestazioni assurde.
altra cosa strana è che all'avvio mi fa partire 50 processi riconosciuti dal task manager, quando io li ho disattivati quasi tutti!
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top

Re: Problema ATI

Messaggioda Fred » sab nov 14, 2009 3:25 pm

omar_hs88 ha scritto:quando io li ho disattivati quasi tutti!
Sinceramente non sembrerebbe. Vai su start-->esegui e digita msconfig. Ti si aprirà una finestra: le schede che ti interessano sono Avvio e Servizi. Vedi se puoi togliere qualcuno di quelli.
[ciao]
Asus M3N78SE;AMD Athlon 64X2 5200+@5400;2 GB DDR2;NVIDIA GeForce 9500GT;Windows 7 Pro 64bit;
AcerASPIRE5230;Windows 7 Pro 64bit
Skype: nellopc90
Avatar utente
Fred
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3623
Iscritto il: mer apr 27, 2005 4:13 pm
Località: Urbe
Top

Re: Problema ATI

Messaggioda omar_hs88 » lun nov 16, 2009 1:38 pm

fatto, ora parte con 34 processi.
Il problema rimane, ora nella schermata blu mi dice
" Invalid work queue item"
Avatar utente
omar_hs88
Aficionado
Aficionado
 
Messaggi: 31
Iscritto il: lun dic 15, 2008 12:11 am
Località: Alghero
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 11 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising