Toggle sidebar Toggle sidebar

problema virus grep.3xe o cosa?grazie!

G

guerro

Utente Attivo
96
2
tecnico24 ha detto:
Si , precedentemente abbiamo rimosso Microsoft security Essentials , visto che hai come antivirus Mcafee.

Quindi procedi con il file CFScript.exe che ti ho allegato e riposta il nuovo log delle operazioni.
Clicca per espandere...

è da circa 25 minuti che combofix è sulla finestra "tipicamente non ci mette più di 10 minuti...!"..sembra che explore.exe lerrore di applicazione ,che è comparso almeno 10 volta nel mentre, lo blocchi!

tra l'altro mcafee non lo posso disattivare per come è stato impostato dall'azienda...ho provato anche in safe mode , idem.


che faccio?

grazie

---------- Post added at 21:34 ---------- Previous post was at 21:05 ----------
guerro ha detto:
è da circa 25 minuti che combofix è sulla finestra "tipicamente non ci mette più di 10 minuti...!"..sembra che explore.exe lerrore di applicazione ,che è comparso almeno 10 volta nel mentre, lo blocchi!

tra l'altro mcafee non lo posso disattivare per come è stato impostato dall'azienda...ho provato anche in safe mode , idem.


che faccio?

grazie
Clicca per espandere...


devo forse prima di lanciare combofix disinstallare virit explorer lite?
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Non c'entra , visto che virit non ha la real-time.
Gli errori che hai riportato possono dipendere anche da altre motivazioni , non per forza da qualche virus o malware.
Fai questa verifica , portati in questa chiave (Start-esegui-regedit-ok):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Dopo la riga C:\Windows\system32\userinit.exe, di fianco trovi scritto qualche applicazione/percorso strano?

Riprova con Combofix , deve partire per forza come ha fatto prima.
 
G

guerro

Utente Attivo
96
2
dato che mcafee non posso disabilitarlo ( non c'è la voce e l'ufficio così lo ha impostato) hfatto combofix in safe mode ,di seguito il log.

credo però che nonostante scandisk e registryeasy ( che mi ha rilevato circa 1000 errori!) il fatto che ancora ora compaia l'errore explorer.exe sia legato al registro e non a virus....ai più esperti la parola e grazie ancora.

ComboFix 12-02-25.02 - EN16867 28/02/2012 10.52.42.6.4 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.2998.2574 [GMT 1:00]
Eseguito da: c:\documents and settings\en16867\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\en16867\Application Data\Help\coredb\storage
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-28 al 2012-02-28 )))))))))))))))))))))))))))))))))))
.
.
2012-02-27 21:20 . 2012-02-27 21:20 -------- d-----w- C:\Downloads
2012-02-27 21:14 . 2012-02-27 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2012-02-27 11:45 . 2012-02-08 06:03 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E5F1FA88-1B4D-40B8-8EC4-92763ABECC9E}\mpengine.dll
2012-02-27 11:25 . 2012-02-27 11:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-27 11:10 . 2012-02-27 11:10 32490 ----a-w- c:\windows\SCHEDLGU.TXT.TMP
2012-02-27 08:52 . 2012-02-27 08:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{50DB8392-5787-4044-B241-1E1694663ECB}
2012-02-27 08:51 . 2012-02-27 08:51 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\PackageAware
2012-02-25 22:04 . 2012-02-26 23:42 -------- d-----w- c:\documents and settings\en16867\Application Data\TeamViewer
2012-02-25 22:04 . 2012-02-25 22:08 247296 ----a-w- c:\documents and settings\en16867\Application Data\Microsoft\{850B91B0-8C24-4386-866C-5BFCDB531A14}\LicenseValidator.exe
2012-02-24 16:31 . 2012-02-24 16:31 -------- d-----w- c:\documents and settings\en16867\Application Data\ElevatedDiagnostics
2012-02-16 17:03 . 2012-02-16 17:15 -------- d-----w- c:\documents and settings\en16867\Application Data\Kiuka
2012-02-13 20:43 . 2012-02-13 20:43 -------- d-----w- c:\documents and settings\en16867\Application Data\Apple
2012-02-12 21:29 . 2012-02-12 21:29 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\David_Rudie
2012-02-03 19:59 . 2012-02-03 19:59 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Identities
2012-01-30 10:28 . 2012-01-30 10:28 -------- d-----w- c:\documents and settings\en16867\Local Settings\Application Data\Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 17:56 . 2011-12-29 17:38 82424 ----a-w- c:\windows\system32\drivers\VIRAGTLT.sys
2012-02-08 06:03 . 2011-12-09 08:00 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-05-30 12:31 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-27 08:18 . 2011-06-06 11:14 5343997 ----a-w- c:\windows\FramePkg.exe
2012-01-03 07:28 . 2012-01-03 07:28 2570286 ----a-w- c:\windows\system32\abgx360.exe
2011-12-10 14:24 . 2012-01-02 16:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 08:09 . 2011-12-07 08:09 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-07 08:09 . 2011-12-07 08:09 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpgradeChecker"="c:\documents and settings\en16867\Application Data\TeamViewer\{E19C3A79-5B64-4011-9B7C-981FC12024D5}\UpgradeChecker.exe" [2012-02-28 257536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2010-04-26 737280]
"Flashget"="d:\dati\en16867\flashgetnew\flashget.exe" [2007-09-25 2007088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-06 111952]
"NVHotkey"="nvHotkey.dll" [2010-02-19 86016]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-05-19 161088]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"VIRIT LITE MONITOR"="d:\vexplite\MONLITE.EXE" [2012-01-10 303104]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2009-12-11 5114208]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2010-7-15 6144]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\0]
"Script"=Logout.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logoff\0\1]
"Script"=LogoutNotes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\0\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\0]
"Script"=cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\1\1]
"Script"=ChangeOutlookSecureTempFolder.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\2\0]
"Script"=Cscript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\3\0]
"Script"=OCSBulderMulti1.2.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\4\0]
"Script"=SetUserInfoOfficeXP.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\5\0]
"Script"=Main.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-220523388-1801674531-682003330-34766\Scripts\Logon\6\0]
"Script"=RDTFolderSecurity.cmd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesPDLR"=d:\samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"DAEMON Tools Lite"="d:\dati\en16867\Documenti_D\DAEMON Tools Lite\daemon.exe" -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /installquiet
"Flashget"=d:\dati\en16867\flashgetnew\flashget.exe /min
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"KiesHelper"=d:\samsung\Kies\KiesHelper.exe /s
"KiesTrayAgent"=d:\samsung\Kies\KiesTrayAgent.exe
"CloneCDTray"="d:\dati\en16867\clone CD\CloneCD\CloneCDTray.exe" /s
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" /fromrunkey
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"TkBellExe"=c:\program files\Common Files\Real\Update_OB\realsched.exe -osboot
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"Apoint"=c:\program files\DellTPad\Apoint.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"Acrobat Assistant 8.0"="d:\appl\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Persistence"=c:\windows\system32\igfxpers.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco Unified Video Advantage\\VideoAdvantage.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"d:\\Dati\\en16867\\flashgetnew\\flashget.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\Xbox 360 utilities\\Modio\\Modio.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Jubler.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Dati\\en16867\\Documenti_D\\tariffe\\Wrestlg\\utorrent.exe"=
"d:\\Dati\\en16867\\utorrent\\uTorrent.exe"=
"d:\\Dati\\en16867\\RapidShareManager\\RapidShareManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [14/07/2010 11.59.30 17072]
R0 VIRAGTLT;VIRAGTLT;c:\windows\system32\drivers\VIRAGTLT.sys [29/12/2011 18.38.26 82424]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [14/07/2010 11.44.02 59904]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [14/07/2010 11.59.30 42672]
R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\drivers\d554bus.sys [01/10/2010 4.24.16 98560]
R3 d554nd5;Dell Wireless 5540 HSPA Mini-Card Network Adapter (NDIS);c:\windows\system32\drivers\d554nd5.sys [01/10/2010 4.24.24 25216]
R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\drivers\d554unic.sys [01/10/2010 4.24.22 130560]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/07/2010 10.57.28 167080]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30/05/2011 11.10.54 721904]
S1 qeilvwmj;qeilvwmj;\??\c:\windows\system32\drivers\qeilvwmj.sys --> c:\windows\system32\drivers\qeilvwmj.sys [?]
S2 CDMA Device Service;CDMA Device Service;d:\samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [25/09/2011 22.56.30 63488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12.16.28 130384]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [11/11/2008 16.35.20 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [11/11/2008 16.35.22 20840]
S2 Ndiscdp;Cisco CDP KMDF NDIS Protocol Driver;c:\windows\system32\drivers\Ndiscdp.sys [15/07/2010 15.41.39 22776]
S2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);c:\program files\QUALCOMM\QDLService2k\QDLService2kDell.exe [14/01/2010 6.30.16 330488]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\dati\en16867\tuneup2011\TuneUpUtilitiesService32.exe [14/12/2010 13.41.10 1517376]
S2 viritsvclite;VirIT eXplorer Lite;d:\vexplite\viritsvc.exe [14/03/2011 12.54.14 86016]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [14/07/2010 11.37.42 113664]
S3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [10/02/2009 10.04.47 12840]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [12/07/2010 11.51.23 134144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [12/07/2010 11.51.24 143968]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/02/2009 10.04.13 32808]
S3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\drivers\d554gps.sys [01/10/2010 4.24.24 82984]
S3 d554mdfl;Dell Wireless 5540 HSPA Mini-Card Data Modem Filter;c:\windows\system32\drivers\d554mdfl.sys [01/10/2010 4.24.19 14976]
S3 d554mdm;Dell Wireless 5540 HSPA Mini-Card Data Modem Driver;c:\windows\system32\drivers\d554mdm.sys [01/10/2010 4.24.19 123904]
S3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\drivers\d554mgmt.sys [01/10/2010 4.24.22 117888]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\drivers\d554scard.sys [01/10/2010 4.24.22 47744]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [25/09/2011 22.56.24 77624]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13/01/2009 11.10.57 244368]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [12/07/2010 10.57.27 132480]
S3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [01/10/2010 4.49.45 235520]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/02/2009 9.58.46 110080]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/07/2010 10.57.22 58600]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [25/09/2011 22.56.25 181432]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\dati\en16867\tuneup2011\TuneUpUtilitiesDriver32.sys [29/11/2010 18.27.40 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12.16.28 753504]
S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [04/09/2008 17.28.42 406808]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 15.00.26 451872]
S4 gupdate;Servizio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23/08/2011 14.06.05 136176]
S4 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [14/07/2010 11.59.30 60928]
S4 WMCoreService;Mobile Broadband Service;c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode --> c:\program files\Dell\Dell WWAN\WMCore\WMCore.exe servicemode [?]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - MDMXSDK
*NewlyCreated* - PXHELP20
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
2008-04-14 03:41 99840 ----a-w- c:\windows\system32\advpack.dll
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-23 13:05]
.
2012-02-27 c:\windows\Tasks\RegCure Program Check.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]
.
2012-02-27 c:\windows\Tasks\RegCure.job
- d:\regcure\RegCure.exe [2010-05-19 23:20]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://myeni.eni.it
uInternet Connection Wizard,ShellNext = hxxp://legalarchives.eni.it
uInternet Settings,ProxyOverride = local
IE: &Scarica con FlashGet - d:\dati\en16867\flashgetnew\jc_link.htm
IE: &Scarica tutto con FlashGet - d:\dati\en16867\flashgetnew\jc_all.htm
IE: Aggiungi a PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti destinazione link in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in Adobe PDF - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - d:\appl\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\en16867\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Invia a Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Invia a periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Salva oggetto con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddLink.html
IE: Salva tutti gli oggetti con NetXfer - d:\dati\en16867\Documenti_D\tariffe\multimedia lettori\NetXfer\NXAddList.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\en16867\Application Data\Mozilla\Firefox\Profiles\lbd2c61s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2465030&q=
user_pref(security.warn_viewing_mixed,false);
user_pref(security.warn_viewing_mixed.show_once,false);
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
user_pref(security.warn_submit_insecure,false);
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-28 10:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2012-02-28 10:58:11
ComboFix-quarantined-files.txt 2012-02-28 09:58
ComboFix2.txt 2012-02-27 15:58
ComboFix3.txt 2012-02-26 17:03
ComboFix4.txt 2012-02-14 15:41
ComboFix5.txt 2012-02-27 19:14
.
Pre-Run: 14.624.055.296 bytes free
Post-Run: 14.610.694.144 byte disponibili
.
- - End Of File - - DA9C810783374F05B356AB3741703761
 
tecnico24

tecnico24

Utente Èlite
10,706
1,072
Il problema non dipende sicuramente da qualche virus.
L'errore "l'istruzione...memoria non poteva essere read" è provocato da più cause.
Per quanto riguarda explorer.exe , ti consiglio di munirti di CD del sistema operativo e di ripararlo tramite la console di ripristino.
 
G

guerro

Utente Attivo
96
2
grazie dei consigli ma dopo vari scandisk,le utility da te suggerite,registryfix e easyregister,malawarbytes ecc. si è risolto!!!Forse qualche activex ?mah!!!grazie
 
Devi accedere o registrarti per rispondere qui.

Entra

Hai dimenticato la password?
oppure Accedi utilizzando
Discord Ufficiale Entra ora!