Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Problemi con accensione e spengimento xp pro

Problemi con i sistemi operativi di casa Microsoft? Questa è la sezione che fa per te!

Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » mar set 28, 2010 9:18 am

Salve,
da qualche giorno ho formattato il pc di mia figlia, ma da un paio di giorni mi crea questi problemi:
a volte ignora il comando "spegni";
mentre navighiamo tranquillamente parte un rumore dal pc come quando il programma si avvia all'accensione .
In un primo tempo pensavo fosse la ventola di raffreddamento, ma ascoltando bene è come se il programma tentasse di partire pur essendo già acceso e funzionante...
Grazie per l'eventuale aiuto.
Simona
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » mar set 28, 2010 1:13 pm

- Scarica ed installa Hijackthis dal link sottostante:
http://www.hijackthis.de/downloads/HJTInstall.exe
- lancia Hijackthis
- clicca su Do a system scan and save a logfile
- al termine della scansione verrà rilasciato un file di testo: salvalo sul Desktop perché lo dovrai inviare qui
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » mar set 28, 2010 1:59 pm

Ecco...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.04.36, on 28/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5260083031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5508611843
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/instal ... er_6.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe

--
End of file - 6109 bytes
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am


Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » mar set 28, 2010 2:15 pm

Ciao.
Rilancia Hijackthis e:
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5260083031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5508611843
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/instal ... er_6.6.cab

Come va il PC?
Se riesci a accenderlo e spegnerlo correttamente, ok.
Altrimenti seguirà una scansione con Malwarebytes Free.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » gio set 30, 2010 11:35 am

Peggio che mai, ora non si chiudono le finestre e non si spenge il pc.
viene una finestra con errore nello script della pagina relativo al programma Alice ti aiuta...
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » gio set 30, 2010 12:18 pm

C'è sicuramente qualche infezione virale in corso.

Scarica ed installa MalwareBytes:
http://www.aiutamici.com/software?id=80346
Prima di fare la scansione aggiornalo -clicca su Aggiornamento in alto-
Esegui una scansione completa del sistema.
Elimina tutto ciò che trova.
Invia il log.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » gio set 30, 2010 1:14 pm

Purtroppo non ha rilevato niente...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4721

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/09/2010 14.18.52
mbam-log-2010-09-30 (14-18-52).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 218471
Tempo trascorso: 1 ore, 1 minuti, 41 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » gio set 30, 2010 1:16 pm

Andiamo più a fondo.

Scarica ComboFix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Quando lo salvi hai la possibilità di rinominare il file: rinomina l’exe in pippo.exe

● posiziona pippo.exe sul Desktop
● disconnettiti da Internet
● sconnetti, fisicamente, il modem dal computer
● accedi al sistema in modalità provvisoria con un account con privilegi di Amministratore
● lancia ComboFix e segui le istruzioni che verranno rilasciate per eseguire la scansione
● senza eseguire altre operazioni, lascia che il tool completi la scansione e la fase di creazione del log
● al termine della operazione, il sistema verrà riavviato automaticamente (in caso contrario, riavvialo tu)

Note - durante la scansione:
● verranno creati alcuni file sul desktop e poi eliminati
● spariranno, per un attimo, tutte le icone presenti sul Desktop
● potrebbe venire rilasciato un messaggio in relazione all' antivirus in uso: prosegui ignorando il messaggio
● il firewall, se attivo, potrebbe rilasciare un avviso che verranno rimossi alcuni driver (consenti pure)

Verrà creato un log in Disco Locale C: dal nome combofix.txt che dovrai inviare qui.

Conclusa la scansione:
● riavvia il sistema in modalità normale
● ricollega, fisicamente, il modem al computer
● connettiti a Internet e invia il file di testo

N.B. Se non riuscissi in alcun modo ad utilizzare Combofix, segui questi semplici passi:

start > esegui, nel box bianco copia e incolla questo comando, virgolette comprese:
"%userprofile%\desktop\pippo.exe" /killall
Premi OK, si dovrebbe avviare la scansione.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » gio set 30, 2010 10:44 pm

Ragazzi è proprio impossibile...il pc non si spenge...
comunque questo è il file combofix
Grazie per la pazienza

ComboFix 10-09-30.01 - SULI 30/09/2010 23.34.42.1.1 - FAT32x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.479.315 [GMT 2:00]
Eseguito da: c:\documents and settings\SULI\Desktop\pippo.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Creati Da 2010-08-28 al 2010-09-30 )))))))))))))))))))))))))))))))))))
.

2010-09-30 21:11 . 2010-09-30 21:11 -------- d-----w- c:\windows\LastGood
2010-09-30 21:11 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-30 21:03 . 2010-09-30 21:03 1 ----a-w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-30 21:03 . 2010-09-30 21:03 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\OpenOffice.org
2010-09-30 20:58 . 2010-09-30 20:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-30 19:47 . 2010-09-30 19:47 -------- d-----w- C:\FOUND.002
2010-09-30 19:29 . 2010-09-30 19:29 -------- d-----w- C:\FOUND.001
2010-09-30 16:56 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 16:56 . 2010-09-30 16:56 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-09-30 16:56 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 16:48 . 2008-04-14 02:13 26624 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-09-30 16:46 . 2010-09-30 16:46 -------- d-----w- c:\programmi\Windows Media Connect 2
2010-09-30 16:42 . 2010-09-30 16:42 -------- d-----w- c:\windows\system32\LogFiles
2010-09-30 16:42 . 2010-09-30 16:42 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-09-30 16:09 . 2010-09-30 16:09 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 10:04 . 2010-09-30 10:04 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Malwarebytes
2010-09-30 10:04 . 2010-09-30 10:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2010-09-30 07:38 . 2010-09-30 07:38 -------- d-----w- C:\FOUND.000
2010-09-28 18:42 . 2010-09-28 18:42 -------- d-----w- C:\Archivos de programa
2010-09-26 20:07 . 2010-09-26 20:07 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-09-26 13:20 . 2010-09-26 13:20 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\MessengerDiscovery 2
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Messenger Plus!
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\programmi\MessengerDiscovery 2
2010-09-26 13:19 . 2010-09-26 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MessengerDiscovery 2
2010-09-26 13:17 . 2010-09-26 13:17 -------- d-----w- c:\programmi\Messenger Plus! Live
2010-09-26 13:13 . 2010-09-26 13:13 -------- d-----w- c:\programmi\Windows Live
2010-09-26 12:50 . 2010-09-26 12:50 -------- d-----w- c:\documents and settings\SULI\Tracing
2010-09-26 12:49 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-26 12:48 . 2010-09-26 12:49 -------- d-----w- c:\programmi\Microsoft SQL Server Compact Edition
2010-09-26 12:48 . 2010-09-26 12:48 -------- d-----w- c:\programmi\Microsoft
2010-09-26 12:47 . 2010-09-26 12:47 -------- d-----w- c:\programmi\Windows Live SkyDrive
2010-09-26 12:40 . 2010-09-26 12:40 -------- d-----w- c:\programmi\File comuni\Windows Live
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\programmi\MSBuild
2010-09-26 12:20 . 2010-09-26 12:20 -------- d-----w- c:\programmi\Reference Assemblies
2010-09-26 12:20 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-09-26 12:17 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-09-26 12:17 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-09-26 12:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-09-26 12:17 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-09-26 12:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-09-26 12:17 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-09-26 12:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-09-26 12:17 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-09-25 17:56 . 2010-09-25 17:57 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\HPAppData
2010-09-25 17:50 . 2010-09-25 17:52 23133 ----a-w- c:\windows\hpqins15.dat
2010-09-25 17:28 . 2010-09-25 17:28 23510720 ----a-w- c:\windows\dotnetfx.exe
2010-09-25 11:09 . 2010-09-25 11:09 -------- d-sh--w- c:\documents and settings\SULI\IECompatCache
2010-09-25 11:09 . 2010-09-25 11:09 -------- d-sh--w- c:\documents and settings\SULI\PrivacIE
2010-09-25 11:06 . 2010-09-25 11:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-09-25 10:53 . 2010-09-25 10:53 -------- d-----w- c:\windows\l2schemas
2010-09-25 10:53 . 2010-09-25 10:53 -------- d-----w- c:\windows\system32\it
2010-09-25 09:47 . 2010-09-25 09:47 -------- d-sh--w- c:\documents and settings\SULI\IETldCache
2010-09-25 09:44 . 2010-09-25 09:44 -------- d-----w- c:\windows\ie8updates
2010-09-25 09:44 . 2010-06-24 12:22 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-09-25 09:44 . 2010-06-24 12:22 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-09-25 09:44 . 2010-06-24 12:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-09-25 09:44 . 2010-06-24 12:22 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-09-25 09:44 . 2010-06-24 12:22 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-25 09:44 . 2010-06-24 15:52 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-09-25 09:44 . 2010-06-24 12:22 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-09-25 09:42 . 2010-09-25 09:42 -------- d--h--w- c:\windows\ie8
2010-09-25 09:42 . 2010-09-25 09:42 -------- d-----w- c:\windows\system32\it-IT
2010-09-25 09:15 . 2007-02-13 15:17 69632 ----a-w- c:\windows\system32\MCCDevice.dll
2010-09-25 09:15 . 2007-02-13 15:17 6048 ----a-w- c:\windows\system32\MCC16.dll
2010-09-25 09:04 . 2010-09-25 09:05 -------- d-----w- c:\documents and settings\SULI\Impostazioni locali\Dati applicazioni\Identities
2010-09-24 17:15 . 2010-09-24 17:15 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Motive
2010-09-24 14:36 . 2010-09-24 14:36 -------- d-----w- c:\programmi\iTunes
2010-09-24 14:35 . 2010-09-24 14:35 -------- d-----w- c:\programmi\iPod
2010-09-24 14:02 . 2010-09-25 08:14 1 ----a-w- c:\documents and settings\SULI\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-24 13:57 . 2010-09-24 13:57 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\OpenOffice.org
2010-09-24 13:55 . 2010-09-24 13:55 -------- d-----w- c:\windows\ShellNew
2010-09-24 13:54 . 2010-09-24 13:54 -------- d-----w- c:\programmi\OpenOffice.org 3
2010-09-24 13:53 . 2010-09-24 13:53 -------- d-----w- c:\programmi\readmes
2010-09-24 13:53 . 2010-09-24 13:53 -------- d-----w- c:\programmi\licenses
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\programmi\Foxit Software
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\Foxit
2010-09-24 13:26 . 2010-09-24 13:26 -------- d-----w- c:\programmi\FoxitReader
2010-09-24 11:27 . 2008-04-14 02:13 144896 ------w- c:\windows\system32\onex.dll
2010-09-24 11:26 . 2009-01-30 18:34 4096 ------w- c:\windows\system32\dllcache\wmsdmoe2.dll
2010-09-24 11:04 . 2008-06-14 17:32 272768 ------w- c:\windows\system32\dllcache\bthport.sys
2010-09-24 11:03 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-09-24 11:03 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-09-24 11:03 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-09-24 11:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-24 11:03 . 2009-10-15 16:29 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-09-24 11:03 . 2009-10-15 16:29 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-09-24 11:00 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-09-24 11:00 . 2008-05-01 14:34 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-09-24 11:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-09-24 10:58 . 2009-06-10 07:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-09-24 10:58 . 2008-10-15 16:36 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-09-24 10:57 . 2008-04-21 21:14 219136 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-09-24 07:36 . 2010-09-24 07:36 4093792 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2010-09-24 07:36 . 2010-09-24 07:36 3586912 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2010-09-24 07:36 . 2010-09-24 07:36 620896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgnsx.exe
2010-09-24 07:36 . 2010-09-24 07:36 1615200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgssie.dll
2010-09-24 07:36 . 2010-09-24 07:36 1107296 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxpl.dll
2010-09-24 07:36 . 2010-09-24 07:36 942432 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcfgx.dll
2010-09-24 07:36 . 2010-09-24 07:36 921440 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgemc.exe
2010-09-24 07:36 . 2010-09-24 07:36 598368 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgsrmx.dll
2010-09-24 07:36 . 2010-09-24 07:36 4368224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2010-09-24 07:36 . 2010-09-24 07:36 300896 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchclx.dll
2010-09-24 07:32 . 2010-09-24 07:32 1690952 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2010-09-23 21:37 . 2010-09-23 21:37 -------- d-----w- c:\programmi\IObit
2010-09-23 20:52 . 2010-09-23 20:52 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\IObit
2010-09-23 20:33 . 2010-09-23 20:33 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\WEBREG
2010-09-23 20:30 . 2010-09-23 20:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2010-09-23 20:30 . 2010-09-23 20:30 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2010-09-23 20:26 . 2010-09-23 20:26 -------- d-----w- c:\programmi\File comuni\HP
2010-09-23 20:22 . 2010-09-23 20:22 -------- d-----w- c:\windows\system32\DRVSTORE
2010-09-23 20:21 . 2010-09-23 20:21 -------- d-----w- c:\programmi\HP
2010-09-23 20:21 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-09-23 20:17 . 2010-09-23 20:33 149018 ----a-w- c:\windows\HPHins15.dat
2010-09-23 20:17 . 2007-08-28 06:45 2828 ------w- c:\windows\hphmdl15.dat
2010-09-23 20:16 . 2010-09-23 20:16 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Hewlett-Packard
2010-09-23 20:16 . 2007-03-30 15:11 267864 ----a-r- c:\windows\system32\hpzids01.dll
2010-09-23 20:16 . 2007-03-28 12:01 117760 ----a-w- c:\windows\system32\hpzll5ha.dll
2010-09-23 20:16 . 2007-03-28 11:57 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll
2010-09-23 20:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-09-23 20:06 . 2010-09-23 20:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-23 20:06 . 2010-09-23 20:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-23 20:06 . 2010-09-23 20:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-23 20:06 . 2010-09-23 20:06 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-23 20:06 . 2010-09-23 20:06 -------- d-----w- c:\windows\system32\drivers\Avg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 14:09 . 1979-12-31 22:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-09-26 14:09 . 1979-12-31 22:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-09-25 10:56 . 2010-09-23 15:21 86327 ----a-w- c:\windows\pchealth\HelpCtr\OfflineCache\index.dat
2010-09-23 16:31 . 2010-09-23 16:31 2232 ----a-w- c:\windows\java\Packages\Data\NHJ7ZDRP.DAT
2010-09-23 16:31 . 2010-09-23 16:31 155995 ----a-w- c:\windows\java\Packages\DB7PJVDZ.ZIP
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\GXVTJH7B.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\5RVXJVJZ.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\F3FRJLNJ.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\31R5RNBF.DAT
2010-09-23 16:31 . 2010-09-23 16:31 2678 ----a-w- c:\windows\java\Packages\Data\02SZH7VV.DAT
2010-09-23 15:30 . 2010-09-23 15:30 -------- d-----w- c:\programmi\Java
2010-09-23 15:30 . 2010-09-23 15:30 -------- d-----w- c:\programmi\File comuni\Java
2010-09-23 15:29 . 2010-09-23 15:29 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CyberLink
2010-09-23 15:29 . 2010-09-23 15:29 -------- d-----w- c:\programmi\CyberLink
2010-09-23 15:29 . 2010-09-23 15:40 -------- d-----w- c:\documents and settings\SULI\Dati applicazioni\InterTrust
2010-09-23 15:28 . 2010-09-23 15:28 1024 ---h--r- c:\windows\system32\NTICDMK32.dll
2010-09-23 15:28 . 2010-09-23 15:28 6912 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\Realtek Sound Manager
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\AvRack
2010-09-23 15:27 . 2010-09-23 15:27 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-09-23 15:27 . 2010-09-23 15:27 -------- d-----w- c:\programmi\File comuni\InstallShield
2010-09-23 15:26 . 2010-09-23 15:26 11 ----a-w- c:\windows\system32\drivers\Acer_Aspire T310.MRK
2010-09-23 15:22 . 2010-09-23 15:22 -------- d-----w- c:\programmi\microsoft frontpage
2010-09-23 15:20 . 2010-09-23 15:20 21840 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-23 15:19 . 2010-09-23 15:19 -------- d-----w- c:\programmi\Servizi in linea
2010-09-23 15:18 . 2010-09-23 15:40 0 ----a-w- c:\documents and settings\SULI\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:25 0 ----a-w- c:\documents and settings\Administrator\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:24 0 ----a-w- c:\windows\system32\config\systemprofile\vga10F.tmp
2010-09-23 15:18 . 2010-09-23 15:18 0 ----a-w- c:\documents and settings\Default User\vga10F.tmp
2010-08-17 13:17 . 2005-06-10 23:55 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-03-06 02:18 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\programmi\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"SunJavaUpdateSched"="c:\programmi\Java\j2re1.4.2_01\bin\jusched.exe" [2003-08-19 32873]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-09-23 2065760]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2010-9-23 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-23 20:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqpsapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqpse.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqusgm.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\BIN\\hpqusgh.exe"=
"c:\\Programmi\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23/09/2010 22.06.36 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23/09/2010 22.06.45 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\programmi\AVG\AVG9\avgemc.exe [23/09/2010 22.06.20 921952]
S2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [23/09/2010 22.06.19 308136]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/09/2010 18.30.45 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-09-30 c:\windows\Tasks\WebReg Deskjet D2400 series.job
- c:\programmi\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-30 23:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Ora fine scansione: 2010-09-30 23:42:42
ComboFix-quarantined-files.txt 2010-09-30 21:42

Pre-Run: 52.718.731.264 byte disponibili
Post-Run: 52.814.184.448 byte disponibili

- - End Of File - - 28977A1ECD192E4AF289D02E5F9089BD
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda The Doctor » gio set 30, 2010 10:53 pm

Ragazzi voglio ricordare a tutti l'uso del tag MEMO --> topic45943.html
[grazie]
Ciao Nonno
Avatar utente
The Doctor
MLI Hero
MLI Hero
 
Messaggi: 5553
Iscritto il: mer mar 24, 2010 9:10 am
Località: Fiumicino (Roma)

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » gio set 30, 2010 10:58 pm

Grazie, non ne ero a conoscenza...
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » ven ott 01, 2010 1:09 pm

Scarica mbr.exe e salvalo direttamente nella Directory C:\
http://www2.gmer.net/mbr/mbr.exe

Riavvia il PC e avvialo in modalità provvisoria, premendo ripetutamente F5 subito dopo l'accensione del PC finchè non compare una schermata in nero con delle opzioni in bianco.

Da Start/Esegui e digita

C:\mbr.exe -f


e clicca su OK

NB - C'è uno spazio vuoto tra "C:\mbr.exe" e "-f"

La scansione durerà pochi secondi.
Posta il log situato in C:\ come mbr.log
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda Boscagoo » ven ott 01, 2010 1:21 pm

Scusa, ma la modalità provvisoria non è F8?
Avatar utente
Boscagoo
Senior Member
Senior Member
 
Messaggi: 423
Iscritto il: gio set 23, 2010 12:19 pm
Località: Caldiero (VR)

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » ven ott 01, 2010 1:34 pm

Giusto, mea culpa:
f8
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda Boscagoo » ven ott 01, 2010 1:34 pm

FDAC ha scritto:Giusto, mea culpa:
f8


Nessun problema [;)] siamo qui per aiutarci a vicenda [^]
Avatar utente
Boscagoo
Senior Member
Senior Member
 
Messaggi: 423
Iscritto il: gio set 23, 2010 12:19 pm
Località: Caldiero (VR)

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » dom ott 03, 2010 11:41 am

E' questo?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » dom ott 03, 2010 12:20 pm

Si, L'MBR è a posto.
Scarica ed installa HitmanPro (scegli la versione adatta al tuo Sistema Operativo - 32Bit o 64Bit):
http://www.surfright.nl/en/downloads

- lascia le impostazioni di default e lancia la scansione (attiva anche la licenza, sarà valida per 30 giorni);
- al termine della scansione (sarà velocissima, 3/4 minuti al massimo) ti verrà mostrato una finestra di riepilogo: nella finestra di riepilogo, in basso a sinistra, avrai modo di salvare il Report generato
- invia qui sul forum il log del programma

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF Cleaner con un doppio click
1) seleziona la casella Select All
2) clicca sul pulsante Empty selected
3) aspetta l'avviso Done Cleaning
(se usi Opera o Firefox, spunta anche le loro sezioni)

Al termine posta un log AGGIORNATO di Hijackthis.
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » dom ott 03, 2010 2:30 pm

- <Log computer="PCSULI" scan="Normal" version="3.5.6.115" date="2010-10-03T15:16:57" timeSpentInSecs="317" filesProcessed="8846">
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@ad.yieldmanager[3].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@ad.zanox[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@ads.lzjl[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@atdmt[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@clicksor[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@content.yieldmanager[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@content.yieldmanager[4].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@eas.apm.emediate[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@in.getclicky[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@invitemedia[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="Deleted">
<File path="C:\Documents and Settings\SULI\Cookies\suli@myroitracking[1].txt" />
</Item>
</Log>[memo]
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda smazzella62 » dom ott 03, 2010 2:38 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.44.00, on 03/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Common Files\Motive\McciCMService.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\SULI\Impostazioni locali\Temporary Internet Files\Content.IE5\PS84A8C0\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AliceRE_McciTrayApp] C:\PROGRA~1\ALICET~1\vendors\AliceRE\content\template\DRIVEN~1\syncer\MCCITR~1.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: Visualizza o nasconde HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5260083031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5508611843
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/instal ... er_6.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Programmi\Common Files\Motive\McciCMService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe

--
End of file - 7270 bytes
Avatar utente
smazzella62
Aficionado
Aficionado
 
Messaggi: 50
Iscritto il: mar dic 13, 2005 1:22 am

Re: Problemi con accensione e spengimento xp pro

Messaggioda FDAC » dom ott 03, 2010 5:31 pm

Rilancia Hijackthis:
- Do a System Scan Only
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programmi\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5260083031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 5508611843
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://aiuto.alice.it/ata/static/instal ... er_6.6.cab


POI

Hai fatto la pulizia con ATF Cleaner?
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Prossimo

Torna a Sistema Operativo

Chi c’è in linea

Visitano il forum: Yahoo [Bot] e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising