Salve ragazzi,
un Felicissimo Natale a tutti voi.
Per il mio pc però non è Natale e fa capricci:
E' da un anno che ho installato un programma ,INVOICEX, per gestire le fatture di una piccola ditta artigianale per la quale lavoro , ma da un paio di giorni non mi fa più vedere la finestra delle fatture di acquisti, mostra una finestra vuota...ho provato a disinstallarlo e reinstallarlo ma niente, sopra ho il lavoro di tutto questo anno se non riesco a ripristinarlo sono nei guai!! Addirittura adesso non me lo apre proprio più per niente e mi dà una finestra di errore se provo a reinstallarlo.
Ho provato con vari punti di ripristino del sistema ma , se scelgo quelli più recenti ( una settimana fa) non cambia nulla e non me lo apre, se scelgo quelli più lontani non mi effettua il rirpristino .....non so cosa fare...ho provato a far girare Combofix ma anche quello si blocca sulla finestra " sto preparando il report" , volevo disinstallarlo da esegui " Combofix /unistall"e non lo disinstalla.....l'antivirus non appare più nella barra ma Combo lo vede attivo, però non riesco ad aggiornarlo.......non capisco cosa stia succedendo!!
All'avvio del pc mi appare questo messaggio :
PSservice.exe , Errore dell'Applicazione/ impossibile gestire un 'eccezione generata dall'applicazione/ID processo: Oxdc4(3524),
ID thread:Oxdd8(3544) Per terminare l'applicazione scegliere OK/ Per eseguire il debug scegliere annulla ...
Il report di MBAM non riesco a trovarlo ora faccio un'altra scansione e poi lo invio, intanto..
Questo è il report che sono riuscita a salvare di Combofix:
Codice:
ComboFix 11-12-22.04 - Anna Maria 23/12/2011 23.46.18.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1033.18.1015.519 [GMT 1:00]
Eseguito da: c:\documents and settings\Anna Maria\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {0012F2B4-5C49-7C91-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9D7C08000A00}
FW: PC Tools Firewall Plus *Disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-23 al 2011-12-23 )))))))))))))))))))))))))))))))))))
.
.
2011-12-23 21:12 . 2010-06-17 14:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-12-23 21:12 . 2010-06-17 14:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-12-23 15:48 . 2011-12-23 15:48 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-23 15:48 . 2011-12-23 15:48 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-12-23 15:48 . 2011-12-23 15:48 -------- d-----w- c:\program files\Avira
2011-12-23 15:48 . 2011-12-23 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-12-23 15:48 . 2011-12-23 15:48 -------- d-----w- c:\program files\Common Files\Java
2011-12-12 13:26 . 2011-12-12 13:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-09 19:02 . 2011-12-12 13:09 -------- d-----w- c:\program files\Common Files\Adobe
2011-12-09 18:21 . 2011-12-12 13:09 -------- d-----w- c:\program files\Apple Software Update
2011-12-09 17:51 . 2011-12-09 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-12-06 18:13 . 2011-12-12 13:09 -------- d-----w- c:\documents and settings\Anna Maria\Application Data\Owvyup
2011-12-06 18:12 . 2011-12-12 13:09 -------- d-----w- c:\documents and settings\Anna Maria\Application Data\Zecy
2011-12-06 18:10 . 2011-12-12 13:09 -------- d-----w- c:\documents and settings\Anna Maria\Application Data\Uhwaw
2011-12-06 18:08 . 2011-12-12 13:09 -------- d-----w- c:\documents and settings\Anna Maria\Application Data\Orev
2011-12-06 18:06 . 2011-12-12 13:09 -------- d-----w- c:\documents and settings\Anna Maria\Application Data\Yvpaer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 16:10 . 2011-07-07 15:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 18:15 . 2011-11-23 18:15 1024 ----a-w- c:\documents and settings\All Users\Application Data\1xls2pdf.dll
2011-11-23 13:25 . 2006-01-06 20:58 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-01 16:07 . 2006-01-06 20:53 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43 . 2006-01-06 20:59 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43 . 2004-09-01 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43 . 2004-09-01 08:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43 . 2004-09-01 08:00 17408 ------w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2004-09-01 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2006-01-06 20:53 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2006-01-06 15:53 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 19:54 . 2011-10-20 19:54 45056 ----a-r- c:\documents and settings\Anna Maria\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
2011-10-18 11:13 . 2004-09-01 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-09-28 07:06 . 2004-09-01 08:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 09:41 . 2007-10-09 12:03 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2004-09-01 08:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 09:41 . 2004-09-01 08:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 11:48 . 2011-05-06 09:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-23_21.56.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-23 22:37 . 2011-12-23 22:37 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2011-12-23 22:35 . 2011-12-23 22:35 6176 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-12-23 15:47 . 2011-12-23 15:47 6176 c:\windows\system32\config\systemprofile\Application Data\SoftGrid Client\Icon Cache\icon_ex.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"LXCTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-09-01 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:X*
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2007-03-19 12:58 82864 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-04-06 10:28 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2005-02-02 14:44 61440 -c--a-w- c:\hp\KBD\kbd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2007-03-19 12:59 304048 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2007-03-19 12:58 291760 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2005-12-14 11:13 7095344 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5910:TCP"= 5910:TCP:vnc5910
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09/12/2011 21.33.18 36000]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [25/02/2011 22.03.33 249616]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/12/2011 21.33.19 136360]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [20/10/2010 14.23.26 821664]
R2 ECBatteryDRV;ECBatteryDRV;c:\windows\system32\drivers\ECBatteryDRV.sys [17/04/2010 17.27.27 6144]
R2 ECMonitorDRV;ECMonitorDRV;c:\windows\system32\drivers\ECMonitorDRV.sys [17/04/2010 17.27.28 6144]
R2 ECUtilityDRV;ECUtilityDRV;c:\windows\system32\drivers\ECUtilityDRV.sys [17/04/2010 17.27.29 6144]
R2 HotCPUDRV;HotCPUDRV;c:\windows\system32\drivers\HotCPUDRV.sys [17/04/2010 17.27.31 7240]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [25/02/2011 22.03.35 160448]
R2 PMService;PMService;c:\program files\richcomm\PowerManagerII\PMService.exe -service --> c:\program files\richcomm\PowerManagerII\PMService.exe -service [?]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [14/09/2010 4.46.16 508264]
R2 WinBootDRV;WinBootDRV;c:\windows\system32\drivers\WinBootDRV.sys [17/04/2010 17.27.25 7242]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [25/02/2011 22.02.03 89192]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [25/02/2011 22.02.03 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [25/02/2011 22.02.01 124992]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22.23.46 581480]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22.23.50 209640]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22.23.52 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22.23.52 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [14/09/2010 4.46.26 219496]
S2 Network WanMiniport First Position;Network WanMiniport First Position;c:\program files\Telecom Italia\WanMiniport1st\srvany.exe [22/07/2011 14.07.51 8192]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20.37.50 4640000]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [25/02/2011 22.02.03 57536]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Anna Maria\Application Data\Mozilla\Firefox\Profiles\i9opuxvp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2463487&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 23:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
.
Ora fine scansione: 2011-12-24 00:08:31
ComboFix-quarantined-files.txt 2011-12-23 23:08
ComboFix2.txt 2011-12-23 22:06
.
Pre-Run: 113.118.212.096 bytes free
Post-Run: 113.104.551.936 byte disponibili
.
- - End Of File - - 745A24CB5A539D1EBE0BD542249DF92E
Aspetto consigli
Forum
Login
Iscriviti
FAQ
Cerca
->