error 0x0000006b

giancai · 08 Feb 2012

Hello everyone, I have a problem on win 7 that every time I boot 0x0000006b exits and reboots. not even in safe mode it goes to the network. I tried to delete the file Bootcat.cache, but I have not solved anything. I did the test disk and is ok. I c ambiato the ram and the problem is always there. how can I solve this puzzle? the hard disk when connected via USB to another PC I access it easily.

giancai · 10 Feb 2012

hi, why nobody reply at my question?

writhziden · 10 Feb 2012

Use Advanced Boot Options to select Repair Your Computer and get into the System Recovery Options. Then do startup repair three times. Further reading: Startup Repair - Run 3 Separate Times.

giancai · 11 Feb 2012

I did scan with ComboFix and found the virus but do not know how to remove them. I attach log.

ComboFix 12-02-11.02 - FILIPPO 11/02/2012 16:26:18.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3070.2123 [GMT 1:00]
Eseguito da: c:\users\FILIPPO\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\PresentationHost.exe . . . è infetto!!
.
c:\windows\System32\sdclt.exe . . . è infetto!!
.
c:\windows\System32\migwiz\PostMig.exe . . . è infetto!!
.
c:\windows\System32\Speech\SpeechUX\SpeechUXTutorial.exe . . . è infetto!!
.
c:\windows\System32\spool\tools\PrintBrmEngine.exe . . . è infetto!!
.
c:\windows\system32\d3d9.dll . . . è infetto!!
.
.
((((((((((((((((((((((((( Files Creati Da 2012-01-11 al 2012-02-11 )))))))))))))))))))))))))))))))))))
.
.
2012-02-11 15:41 . 2012-02-11 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 14:32 . 2012-02-11 14:32 -------- d-----w- c:\windows\system32\EventProviders
2012-02-10 16:51 . 2012-02-10 16:51 -------- d-----w- c:\windows\CheckSur
2012-02-10 16:45 . 2011-10-15 08:53 487232 ----a-w- c:\windows\system32\nvhotkey.dll
2012-02-10 16:45 . 2011-10-15 08:53 123712 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 16:45 . 2011-10-15 08:53 1136448 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 16:45 . 2011-10-15 08:53 6350144 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 16:45 . 2011-10-15 08:53 3840320 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 16:45 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-10 16:45 . 2011-10-15 08:53 203072 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 16:45 . 2011-10-15 08:53 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-02-10 11:10 . 2012-02-10 11:30 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Wise Registry Cleaner
2012-02-10 11:10 . 2012-02-10 11:10 -------- d-----w- c:\program files\Wise Registry Cleaner
2012-02-09 12:08 . 2012-02-09 12:08 -------- d-----w- c:\users\FILIPPO\AppData\Local\VirtualStore
2012-02-06 09:17 . 2012-02-06 09:17 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-02-06 09:17 . 2012-02-06 09:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-06 09:13 . 2009-11-21 02:34 182888 ----a-w- c:\windows\system32\nvcod178.dll
2012-02-05 11:02 . 2010-11-20 21:29 153984 ----a-w- c:\windows\system32\drivers\pci.sys
2012-02-02 01:38 . 2012-02-02 01:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81FD3E5E-324B-413B-B690-82778599D263}\offreg.dll
2012-02-02 01:37 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81FD3E5E-324B-413B-B690-82778599D263}\mpengine.dll
2012-01-27 17:17 . 2012-01-27 17:17 -------- d-----w- c:\windows\Sun
2012-01-25 14:04 . 2012-01-25 14:04 -------- d-----w- c:\program files\1ClickDownload
2012-01-18 20:39 . 2012-01-18 20:39 -------- d-----r- c:\users\FILIPPO\AppData\Roaming\Brother
2012-01-18 20:26 . 2012-01-18 20:26 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\FLEXnet
2012-01-18 20:26 . 2012-01-18 20:27 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\ControlCenter4
2012-01-18 20:19 . 2012-01-18 20:19 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\InstallShield
2012-01-18 20:18 . 2012-01-18 20:18 -------- d-----w- c:\programdata\zeon
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Nuance
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\programdata\ScanSoft
2012-01-18 20:17 . 2012-01-18 20:19 -------- d-----w- c:\program files\Nuance
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2012-01-18 20:17 . 2012-01-18 20:17 -------- d-----w- c:\programdata\FLEXnet
2012-01-18 20:17 . 2012-01-18 20:29 -------- d-----w- c:\programdata\Nuance
2012-01-18 20:14 . 2012-01-18 20:22 -------- d-----w- c:\programdata\Brother
2012-01-18 10:42 . 2012-01-18 10:42 53248 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\msihook.dll
2012-01-18 10:42 . 2012-01-18 10:42 126976 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\knlwrap.exe
2012-01-18 10:42 . 2012-01-18 10:42 114688 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\scpthdlr.dll
2012-01-18 10:41 . 1999-05-26 08:46 212480 ----a-w- c:\windows\pcdlib32.dll
2012-01-18 10:41 . 1996-06-30 23:00 77312 ----a-w- c:\windows\system32\TWAIN_32.DLL
2012-01-18 10:41 . 1995-07-31 12:44 212480 ----a-w- c:\windows\system32\PCDLIB32.DLL
2012-01-18 10:41 . 2012-01-18 10:41 -------- d-----w- c:\program files\ArcSoft
2012-01-18 10:41 . 2001-09-05 04:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-18 10:41 . 2001-09-05 04:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-01-18 10:41 . 2001-09-05 04:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-18 10:41 . 2001-09-05 04:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-18 10:40 . 2012-02-09 12:14 -------- d-----w- C:\CanoScan
2012-01-18 10:40 . 2002-05-24 02:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2012-01-15 14:01 . 2012-01-15 14:01 -------- d-----w- c:\program files\Google
2012-01-14 23:32 . 2012-01-14 23:32 -------- d-----w- c:\programdata\DivX
2012-01-14 20:21 . 2012-01-14 20:21 -------- d-----w- c:\program files\Veetle
2012-01-14 17:53 . 2012-01-14 17:53 -------- d--h--w- c:\programdata\CanonBJ
2012-01-14 17:53 . 2009-07-14 01:15 70144 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
2012-01-14 17:09 . 2012-01-14 17:09 -------- d-----w- c:\program files\uTorrent
2012-01-14 17:08 . 2012-02-06 08:42 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\uTorrent
2012-01-14 12:50 . 2012-01-14 18:38 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Windows Live Writer
2012-01-14 12:50 . 2012-01-14 12:50 -------- d-----w- c:\users\FILIPPO\AppData\Local\Windows Live Writer
2012-01-14 12:48 . 2012-01-14 12:48 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c7f2e7911ccd2ba04\MeshBetaRemover.exe
2012-01-14 12:44 . 2012-01-16 08:03 -------- d-----w- c:\users\FILIPPO\AppData\Local\Adobe
2012-01-14 12:43 . 2012-01-15 14:02 -------- d-----w- c:\users\FILIPPO\AppData\Local\Google
2012-01-14 12:43 . 2012-01-14 12:43 -------- d-----w- c:\users\FILIPPO\AppData\Local\Deployment
2012-01-14 12:43 . 2012-01-14 12:43 -------- d-----w- c:\users\FILIPPO\AppData\Local\Apps
2012-01-13 20:47 . 2012-01-13 20:47 -------- d-----w- c:\program files\CCleaner
2012-01-13 14:12 . 2012-01-13 14:28 -------- d-----w- c:\windows\Acronis
2012-01-13 14:09 . 2012-01-13 14:09 -------- d-----w- c:\users\FILIPPO\AppData\Local\LogMeIn
2012-01-13 14:09 . 2012-01-31 20:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-13 14:09 . 2012-01-31 20:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-13 14:09 . 2012-01-31 20:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-01-13 14:09 . 2011-09-16 14:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-01-13 14:09 . 2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-01-13 14:09 . 2012-02-11 08:50 -------- d-----w- c:\programdata\LogMeIn
2012-01-13 14:09 . 2012-02-10 10:49 -------- d-----w- c:\program files\LogMeIn
2012-01-13 12:17 . 2012-02-10 16:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-01-13 12:16 . 2011-10-15 08:53 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-01-13 12:16 . 2011-10-15 08:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2012-01-13 12:16 . 2011-10-15 08:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2012-01-13 12:16 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\system32\nvcompiler.dll
2012-01-13 12:11 . 2012-02-10 16:45 -------- d-----w- c:\program files\NVIDIA Corporation
2012-01-13 12:09 . 2012-02-06 09:17 -------- d-----w- C:\NVIDIA
2012-01-13 11:34 . 2012-01-13 11:34 -------- d-----w- c:\users\FILIPPO\AppData\Local\ESET
2012-01-13 10:38 . 2012-01-14 17:24 -------- d-----w- c:\users\FILIPPO\AppData\Local\Ahead
2012-01-13 10:26 . 2012-01-14 17:25 -------- d-----w- c:\users\FILIPPO\AppData\Roaming\Ahead
2012-01-13 10:26 . 2012-01-13 10:26 -------- d-----w- c:\programdata\Ahead
2012-01-13 10:25 . 2012-01-13 10:26 -------- d-----w- c:\program files\Common Files\Ahead
2012-01-13 10:25 . 2012-01-13 10:25 -------- d-----w- c:\programdata\Nero
2012-01-13 10:25 . 2012-01-13 10:25 -------- d-----w- c:\program files\Nero
2012-01-13 09:54 . 2012-02-05 11:48 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-13 09:54 . 2011-11-17 05:41 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 09:54 . 2011-11-17 05:41 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-13 09:54 . 2011-11-17 05:39 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-13 09:54 . 2011-11-17 05:35 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-13 09:54 . 2011-11-17 05:34 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-13 09:54 . 2011-11-17 05:34 100352 ----a-w- c:\windows\system32\sspicli.dll
2012-01-13 09:54 . 2011-11-17 05:34 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 09:54 . 2011-11-17 05:34 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 09:54 . 2011-11-17 05:29 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 09:16 . 2012-01-18 20:15 -------- d-----w- c:\program files\MSXML 4.0
2012-01-13 09:12 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-01-13 09:12 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-01-13 09:12 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll
2012-01-13 09:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 09:27 . 2011-06-14 17:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-05 11:52 . 2009-07-13 23:32 50688 ----a-w- c:\windows\system32\psbase.dll
2012-02-05 11:51 . 2009-07-13 23:54 90624 ----a-w- c:\windows\system32\rasauto.dll
2012-02-05 11:50 . 2009-07-13 23:21 526848 ----a-w- c:\windows\system32\ntvdm.exe
2012-02-05 11:45 . 2009-07-13 23:27 531968 ----a-w- c:\windows\system32\ddraw.dll
2012-02-05 11:45 . 2010-11-20 21:29 551424 ----a-w- c:\windows\system32\samsrv.dll
2012-02-05 11:45 . 2009-07-13 23:12 191488 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-02-05 11:44 . 2011-06-14 17:12 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-05 11:44 . 2010-11-20 21:29 1414144 ----a-w- c:\windows\system32\ole32.dll
2012-01-12 11:47 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-12 11:21 . 2011-06-14 17:39 544656 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 00:19 . 2012-01-12 00:19 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2011-12-07 09:08 . 2011-06-14 16:52 236576 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:25 . 2011-12-31 17:23 2342912 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\System32\drivers\asyncmac.sys
[-] 2009-07-13 . ADD2ADE1C2B285AB8378D2DAAF991481 . 17920 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys
.
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\System32\drivers\beep.sys
[-] 2009-07-13 . 505506526A9D467307B3C393DEDAF858 . 6144 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys
.
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\System32\drivers\null.sys
[-] 2009-07-13 . F9756A98D69098DCA8945D62858A812C . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys
.
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\System32\netman.dll
[-] 2009-07-14 . 7CCCFCA7510684768DA22092D1FA4DB2 . 280576 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll
.
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[-] 2009-07-14 . 808D8A8B2A3074002852BC856D419576 . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[-] 2010-11-20 . 0AFBE7743E05C20E0D012EE6FE60F0CC . 585728 . . [7.5.7600.16385] . . c:\windows\System32\qmgr.dll
[-] 2010-11-20 . 0AFBE7743E05C20E0D012EE6FE60F0CC . 585728 . . [7.5.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\System32\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\System32\regsvc.dll
[-] 2009-07-14 . CB9A8683F4EF2BF99E123D79950D7935 . 112640 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll
.
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\System32\ssdpsrv.dll
[-] 2009-07-14 . D887C9FD02AC9FA880F6E5027A43E118 . 162816 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll
.
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\System32\hnetcfg.dll
[-] 2009-07-14 . 6383C60EC0133B14F5705F96369421B2 . 288256 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\System32\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\System32\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2010-11-20 . C9D89535F7959A7F6988BBAFB464D236 . 1828352 . . [6.1.7601.17514] . . c:\windows\System32\d3d9.dll
[-] 2010-11-20 . C9D89535F7959A7F6988BBAFB464D236 . 1828352 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[-] 2012-02-05 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\System32\ddraw.dll
[-] 2012-02-05 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\System32\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll
.
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\System32\w32time.dll
[-] 2009-07-14 . 55187FD710E27D5095D10A472C8BAF1C . 288768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\System32\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
2011-03-31 20:45 286208 ----a-w- c:\program files\Classic Shell\ClassicIE9DLL_32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Sh areOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 20:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2011-12-20 2696512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 91648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-26 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-05-16 08:27 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2010-03-08 23:37 46368 ----a-w- c:\program files\Nuance\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2009-05-05 15:06 222496 ----a-w- c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2010-03-08 23:42 29984 ----a-w- c:\program files\Nuance\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF5 Registry Controller]
2010-03-05 18:11 62752 ----a-w- c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFHook]
2010-03-05 19:11 636192 ----a-w- c:\program files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort12reminder]
2010-02-09 12:42 328992 ----a-w- c:\program files\Nuance\PaperPort\Ereg\Ereg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wxpSvc;webcamXP Service;c:\program files\wLite\wService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-08 144672]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 netw5v32;Driver scheda Intel(R) Wireless WiFi Link serie 5000 per Windows Vista a 32 bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Driver Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710450500-849374731-4109036366-1000Core.job
- c:\users\FILIPPO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 12:43]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-710450500-849374731-4109036366-1000UA.job
- c:\users\FILIPPO\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-14 12:43]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.10.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wxpSvc]
"ImagePath"="c:\program files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000410
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{BCB0D944-D27E-451C-A1A5-F31C7589F14E}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.67.10"
"UniqueId"="0055E8AA4F1015EE"
"ScannerBuild"=dword:00001fb5
"ScannerVersionId"=dword:000015d7
"ScannerVersion"="Open window for status."
"ei2"=hex(b):56,2d,f4,ba,a4,6c,a7,2d
"ei1"=hex(b):00,1e,68,7f,3c,5b,00,00
"ei3"=hex(b):20,16,10,4f,00,00,00,00
"ei4"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'lsass.exe'(496)
c:\windows\system32\pku2u.DLL
.
Ora fine scansione: 2012-02-11 16:57:46
ComboFix-quarantined-files.txt 2012-02-11 15:57
.
Pre-Run: 44.725.489.664 byte disponibili
Post-Run: 53.036.052.480 byte disponibili
.
- - End Of File - - 51137A445C493B5FE83DA9180042ABAD

writhziden · 11 Feb 2012

Use either the BitDefender Rescue CD or the Microsoft Standalone System Sweeper Beta | Microsoft Connect to scan for and remove the viruses without booting into Windows.

giancai · 12 Feb 2012

ok I will. I also wanted to say I've done sfc / cannow and found problems. As can be repaired? but if I reinstall windows 7 i get error 0xc0000005, and I stopped the installation.

writhziden · 12 Feb 2012

Did you try a full format of the drive before installing? You can open a command prompt when the installation disc loads to format the drive. Make sure you format the correct drive if you have any secondary hard drives or external hard drives connected. You may also want to do a Clean All with Diskpart if you want to remove any viruses. Disk - Clean and Clean All with Diskpart Command

Backup any important data before doing the above.

giancai · 14 Feb 2012

I tried to reinstall win 7 from system crashes and I started giving 42% error 0xc0000005. I can not format hard disk. but if I do sfc / scannow tells me: unable to restore damaged files found. how can I fix this?

writhziden · 14 Feb 2012

Why are you unable to format the drive? In the command prompt, use Diskpart to find your drive. List volume will list all partitions on your system. Select the volume that corresponds to the partition you want to put Windows on. The following commands assume the volume you want to format is volume 2; your volume number may be and probably is different.

Diskpart
list volume
select volume 2
format fs=ntfs

giancai · 14 Feb 2012

I do not want to format, but to solve the problem ..... if I format hard drive, I lose the configuration of my pc.