www.MegaLab.it

[maxtrend]

Salve ho il seguente problema:
ho windows vista sp1 avevo installato PC Tools Firewall Plus 5, ho rimosso questo firewall e adesso quello di vista non parte.
Non riesco ad installare il SP2, ho già provato netsh winsock reset, fatto varie scansioni anti-virus e malware con esito negativo. Ho provato anche combofix a cancellato alcuni file. ma il firewall di vista non funziona.

[ste_95]

Ti vengono restituiti errori installando il Service Pack o avviando il firewall?

[maxtrend]

Ti vengono restituiti errori installando il Service Pack o avviando il firewall?

windows vista firewall errore 5 e windows vista service pack 2 errore E_FAIL(0x80004005).

Penso che sia tutto per colpa del firewall che non si installa il service pack, perché mi ha dato problemi anche installando con windows update un pach prima del service pack, che ho risolto scaricando la pach e installandola dal hard disk.

[maxtrend]

Vi riporto il file di report di combofix che da quando ha agito non parte più in automatico il "centro di sicurezza di vista", devo avviarlo a mano.

ComboFix 09-08-04.03 - Gianluca 05/08/2009 12.06.29.1.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.39.1040.18.3070.2193 [GMT 2:00]
Eseguito da: c:\users\Gianluca\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1063699345-46742232-1034967174-500
c:\$recycle.bin\S-1-5-21-3327553885-3938062735-1467920761-1000
c:\$recycle.bin\S-1-5-21-3790674884-1691277161-139194871-500
c:\users\Gianluca\AppData\Local\skcmk.dat
c:\users\Gianluca\AppData\Local\skcmk_navps.dat
c:\users\Gianluca\Desktop\Windows Live Messenger .lnk
c:\windows\Installer\1a1432.msi

.
((((((((((((((((((((((((( Files Creati Da 2009-07-05 al 2009-08-05 )))))))))))))))))))))))))))))))))))
.

2009-08-05 10:12 . 2009-08-05 10:12 -------- d-----w- c:\users\Gianluca\AppData\Local\temp
2009-08-05 10:12 . 2009-08-05 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 06:25 . 2009-08-05 06:25 -------- d-----w- c:\windows\system32\SPReview
2009-08-04 16:37 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2009-08-04 14:38 . 2009-08-04 14:38 -------- d-----w- c:\windows\system32\EventProviders
2009-08-04 13:52 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-08-04 13:43 . 2009-08-04 14:08 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-04 08:43 . 2009-08-04 08:43 -------- d-----w- c:\users\Gianluca\AppData\Roaming\GlarySoft
2009-08-04 08:40 . 2009-08-04 08:40 -------- d-----w- c:\program files\Glary Utilities
2009-08-04 07:34 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-04 07:34 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-04 07:34 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-04 07:34 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-04 07:34 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-04 07:34 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-04 07:34 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-04 07:30 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-04 07:30 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-04 07:30 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-04 07:30 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-04 07:30 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-03 18:04 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-03 17:46 . 2009-08-03 17:46 680 ----a-w- c:\users\Gianluca\AppData\Local\d3d9caps.dat
2009-08-03 15:49 . 2009-08-03 15:49 -------- d-----w- c:\users\Gianluca\AppData\Roaming\Malwarebytes
2009-08-03 15:49 . 2009-08-03 15:49 -------- d-----w- c:\programdata\Malwarebytes
2009-08-02 19:33 . 2009-08-02 19:33 1924440 ----a-w- c:\users\Gianluca\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-28 15:52 . 2009-07-28 15:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-07-16 07:34 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 07:34 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 07:34 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 07:34 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-15 13:13 . 2009-08-03 16:13 91 ----a-w- c:\users\Gianluca\AppData\Local\skcmk.bat
2009-07-15 13:12 . 2009-08-03 16:01 77104 ----a-w- c:\users\Gianluca\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-14 18:45 . 2009-08-04 14:06 -------- d-----w- C:\Nostale(IT)
2009-07-13 19:02 . 2009-07-13 19:02 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2009-07-13 19:02 . 2009-07-13 19:02 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2009-07-13 19:02 . 2009-07-13 19:02 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2009-07-13 19:02 . 2009-07-13 19:02 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2009-07-13 19:02 . 2009-07-13 19:02 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2009-07-13 19:02 . 2009-07-13 19:02 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2009-07-13 19:02 . 2009-07-13 19:02 -------- d-----w- c:\programdata\NexonEU
2009-07-13 18:01 . 2009-07-14 21:34 -------- d-----w- C:\download
2009-07-13 18:00 . 2009-07-13 18:00 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-07-13 17:49 . 2009-07-13 17:49 -------- d-----w- C:\Downloads
2009-07-13 10:19 . 2009-07-13 10:19 -------- d-----w- c:\program files\GamersFirst
2009-07-13 10:18 . 2009-07-13 10:18 -------- d-----w- c:\users\Gianluca\AppData\Roaming\InstallShield
2009-07-08 18:29 . 2009-07-08 19:01 -------- d-----w- c:\program files\MVM 2005 - Pro Beach Soccer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:53 . 2008-07-18 00:43 662608 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 09:53 . 2008-07-18 00:43 120120 ----a-w- c:\windows\system32\perfc010.dat
2009-08-05 07:19 . 2008-07-17 15:04 -------- d-----w- c:\programdata\NVIDIA
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-05 06:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-05 06:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-05 06:36 . 2006-11-02 12:37 30808 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-08-05 06:29 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-04 18:07 . 2008-07-17 15:12 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-08-03 15:53 . 2008-09-09 10:53 -------- d-----w- c:\program files\CCleaner
2009-08-02 12:33 . 2008-09-09 14:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 21:52 . 2009-08-04 13:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-04 13:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-04 13:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-04 13:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-13 10:19 . 2008-07-17 15:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 19:01 . 2009-04-22 16:47 -------- d--h--w- c:\program files\FX Uninstall Information
2009-06-29 16:00 . 2009-06-29 13:59 -------- d-----w- c:\program files\WarRock
2009-06-21 22:22 . 2009-06-21 22:22 -------- d-----w- c:\programdata\CyberLink
2009-06-21 22:22 . 2009-06-21 22:22 -------- d-----w- c:\users\Gianluca\AppData\Roaming\CyberLink
2009-06-13 14:49 . 2008-07-17 15:20 -------- d-----w- c:\programdata\WildTangent
2009-06-11 19:21 . 2008-08-30 18:08 -------- d-----w- c:\program files\Microsoft Works
2009-05-18 15:03 . 2009-03-13 16:55 2855 ----a-w- c:\users\Gianluca\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-17 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-17 13535776]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-31 5369856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):05,19,5f,df,13,15,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 4.23.43 21504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-05 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-04 14:55]

2009-08-05 c:\windows\Tasks\User_Feed_Synchronization-{36E3FD05-1583-4338-B5BB-F9174A560671}.job
- c:\windows\system32\msfeedssync.exe [2009-08-04 20:13]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-Locked - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)


.
------- Scansione supplementare -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cndt
FF - ProfilePath - c:\users\Gianluca\AppData\Roaming\Mozilla\Firefox\Profiles\t77k1ds1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: browser.search.selectedEngine - PHPNukeIT Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 12:12
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2009-08-05 12.14.31
ComboFix-quarantined-files.txt 2009-08-05 10:14

Pre-Run: 296.704.786.432 byte disponibili
Post-Run: 295.757.008.896 byte disponibili

221 --- E O F --- 2009-08-04 16:51