Condividi:        

finestra all'avvio: manca cmstp.exe

Risolvi qui i tuoi problemi legati a Windows '95, '98, ME, NT, 2000, XP, 2003, Vista...

Moderatori: m.paolo, antoo69, -> EleKtrA <-

finestra all'avvio: manca cmstp.exe

Postdi carbo » 27/03/10 06:09

Ciao a tutti,sono nuovo sono venuto qua perchè il mio pc mi da un problema all'avvio,mi esce una finestra con scritto desktop e con scritto che manca un file CMSTP.exe,ho provato cancellarlo ed ora avast antivirus me lo a rilevato,ho provato fare di tutto prima di postare questo topic in tutti i metodi possibili,e oltre questo mi si sono cambiate le icone del menu start per esempio mettete "avast antivirus" a la icona con una lettera A dentro cerchiata e al posto di vedere quella nel menu start vedo la forma di blocco notes,di solito di queste cose me ne intendo ma stavolta mi sa di avere beccato un bel virus e non so piu come liberarmene,adesso ho provato fare scansione con avast e mi dice che la memoria è infetta spero qualcuno mi possa aiutare,grazie a tutti.
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Sponsor
 

Re: [PROBLEMA]cmstp.exe

Postdi gahan » 27/03/10 09:43

Ciao,
scarica ed installa HijackThis
http://www.hijackthis.de/downloads/HJTInstall.exe

- apri il software
- accetta i termini di licenza
- clicca su "do a system scan and save a logfile"
- posta qui sul forum il log risultante
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: [PROBLEMA]cmstp.exe

Postdi carbo » 27/03/10 09:46

Ecco il log:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9.45.25, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.EXE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Administrator\LOCALS~1\APPLIC~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Users\ADMINI~1\AppData\Local\Temp\mstsc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37200731-1D04-445A-BCF2-7B5287EFA349}: NameServer = 192.168.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7745 bytes
Ultima modifica di -> EleKtrA <- su 27/03/10 11:44, modificato 1 volte in totale.
Motivazione: inserito tag code
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Re: [PROBLEMA]cmstp.exe

Postdi antoo69 » 27/03/10 10:23

Riavvia il pc in modalità provvisoria (premi ripetutamente F8), riesegui il Log di HijackThis e se ancora presenti fixa queste voci

O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Users\ADMINI~1\AppData\Local\Temp\mstsc.exe /waitservice
(Description: Program running on startup from a temporary folder.)

Facoltative

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
(Description: C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs . Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Common Files\Java\Java Update\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

Poi svuota il cestino e riavvia in modalità normale.
dai un pesce ad un uomo e lo sfamerai per un giorno.
insegna ad un uomo a pescare e lo sfamerai per tutta la vita.

Dell Alienware M17x
Avatar utente
antoo69
Moderatore
 
Post: 2112
Iscritto il: 28/04/09 16:40
Località: PARMA

Re: [PROBLEMA]cmstp.exe

Postdi carbo » 27/03/10 11:20

Ho provato fare come hai detto,ma non funziona mi risulta lo stesso problema ti incollo qua i logs.
LOGS:

Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.20.15, on 27/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intelligent\Common\RaUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TrustInstaller] E:\Setup.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Global Startup: Intelligent Wireless Utility.lnk = C:\Program Files\Intelligent\Common\RaUI.exe
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37200731-1D04-445A-BCF2-7B5287EFA349}: NameServer = 192.168.0.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MySQL - Unknown owner - C:\xampp\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6978 bytes
Ultima modifica di -> EleKtrA <- su 27/03/10 11:45, modificato 1 volte in totale.
Motivazione: inserito tag code
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Re: [PROBLEMA]cmstp.exe

Postdi gahan » 27/03/10 11:29

- Scarica ed installa Malwarebytes dal link sottostante:
http://dw.com.com/redir?edId=3&siteId=4 ... l-10804572
- disconnettiti da internet
- disattiva il tuo antivirus
- fai una scansione completa
- rimuovi eventuali minacce rilevate cliccando sul pulsante "rimuovi elementi selezionati"
- posta il log risultante dalla scansione
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: [PROBLEMA]cmstp.exe

Postdi -> EleKtrA <- » 27/03/10 11:50

Ciao carbo, oltre alla scansione con Malwarebytes, esegui questo passaggio.

Disattiva il teatimer di Spybot, altrimenti renderesti vana ogni modifica.
Apri SpyBot > menù modalità > avanzata > utilità > resident e togli la spunta a TeaTimer.

Con tutte le applicazioni chiuse e disconnesso da internet
Tasto destro su Hijackthis esegui come amministratore
Clicca su "do a system scan only"
Metti la spunta a queste voci e clicca su "fix checked"

Codice: Seleziona tutto
F3 - REG:win.ini: load=C:\Windows\System32\drivers\cmstp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: [PROBLEMA]cmstp.exe

Postdi carbo » 27/03/10 14:24

Fatto,ed ho sempre lo stesso problema :cry: mi sa che devo formattare.
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Re: [PROBLEMA]cmstp.exe

Postdi -> EleKtrA <- » 27/03/10 14:59

Disattiva momentaneamente l'antivirus
Scarica Combofix | Tutorial
Tasto destro sull'exe, esegui come amministratore
Lascia lavorare il programma senza interferire
Allega il rapporto C:\ComboFix.txt nella tua risposta.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: [PROBLEMA]cmstp.exe

Postdi carbo » 27/03/10 19:40

Ho fatto come a detto lei,questo è il log:

Codice: Seleziona tutto
ComboFix 10-03-26.02 - Administrator 27/03/2010  19.02.07.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.39.1040.18.3573.2036 [GMT 1:00]
Eseguito da: c:\users\Administrator\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\recycler\S-1-5-21-1214440339-299502267-725345543-1003
c:\users\Administrator\AppData\Roaming\Desktopicon
c:\users\Administrator\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Administrator\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Administrator\AppData\Roaming\inst.exe
c:\users\Administrator\AppData\Roaming\Microsoft\cisvc.exe
c:\users\Administrator\AppData\Roaming\Microsoft\cmstp.exe
c:\users\Administrator\AppData\Roaming\mqtgsvc.exe
c:\users\Administrator\AppData\Roaming\rsvp.exe
c:\windows\chkdsk.exe
c:\windows\ieudinit.exe
c:\windows\sessmgr.exe
c:\windows\system\clipsrv.exe
c:\windows\system\dllhst3g.exe
c:\windows\system\sessmgr.exe
c:\windows\system32\systeminfo.dll

.
(((((((((((((((((((((((((   Files Creati Da 2010-02-27 al 2010-03-27  )))))))))))))))))))))))))))))))))))
.

2010-03-27 18:11 . 2010-03-27 18:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-03-27 04:49 . 2010-03-27 04:49   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-03-27 04:49 . 2010-01-07 15:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-27 04:49 . 2010-03-27 04:49   --------   d-----w-   c:\programdata\Malwarebytes
2010-03-27 04:49 . 2010-03-27 07:27   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-03-27 04:49 . 2010-01-07 15:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-03-27 04:43 . 2010-03-27 04:43   --------   d-----w-   c:\program files\Trend Micro
2010-03-20 19:39 . 2010-03-20 19:39   --------   d-----w-   c:\users\Administrator\AppData\Roaming\SynthMaker
2010-03-20 01:51 . 2009-04-11 06:28   247296   ----a-w-   c:\windows\shsvcs.dll
2010-03-20 01:51 . 2009-04-11 06:28   11584000   ----a-w-   c:\windows\shell32.dll
2010-03-20 01:51 . 2009-04-11 06:28   31744   ----a-w-   c:\windows\perfdisk.dll
2010-03-20 01:51 . 2009-04-11 06:27   43520   ----a-w-   c:\windows\rekeywiz.exe
2010-03-20 01:51 . 2009-04-11 06:27   26624   ----a-w-   c:\windows\ipconfig.exe
2010-03-20 01:51 . 2009-04-11 06:27   119808   ----a-w-   c:\windows\diskpart.exe
2010-03-20 01:51 . 2006-11-02 09:45   15360   ----a-w-   c:\windows\doskey.exe
2010-03-15 18:28 . 2010-03-25 17:20   --------   d-----w-   c:\program files\Metin2_Italiano
2010-03-12 23:23 . 2010-03-12 23:23   --------   d-----w-   c:\program files\PremiumSoft
2010-03-10 22:08 . 2010-02-20 23:06   24064   ----a-w-   c:\windows\system32\nshhttp.dll
2010-03-10 22:08 . 2010-02-20 23:05   30720   ----a-w-   c:\windows\system32\httpapi.dll
2010-03-10 22:08 . 2010-02-20 20:53   411648   ----a-w-   c:\windows\system32\drivers\http.sys
2010-03-10 00:02 . 2010-03-10 00:02   --------   d-----w-   c:\program files\Common Files\Java
2010-03-10 00:01 . 2010-03-10 00:01   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-10 00:01 . 2010-03-10 00:01   --------   d-----w-   c:\program files\Java
2010-03-07 12:51 . 2010-02-12 10:32   293376   ----a-w-   c:\windows\system32\browserchoice.exe
2010-03-01 15:56 . 2010-03-01 15:56   --------   d-----w-   c:\programdata\Plugins
2010-03-01 15:47 . 2010-03-20 01:56   --------   d-----w-   c:\programdata\BlazeVideo
2010-03-01 15:20 . 2006-03-02 16:24   133504   ----a-w-   c:\windows\system32\drivers\AF05BDA.sys
2010-03-01 15:20 . 2005-12-21 13:36   24576   ----a-w-   c:\windows\system32\AF05BDAEX.dll
2010-03-01 15:20 . 2010-03-01 15:47   --------   d-----w-   c:\program files\BlazeVideo
2010-02-28 14:32 . 2010-02-28 14:32   --------   d-----w-   c:\users\Administrator\AppData\Roaming\mIRC
2010-02-28 11:45 . 2010-02-28 11:45   --------   d-----w-   c:\programdata\vsosdk

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 13:13 . 2009-12-04 04:31   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-03-27 12:13 . 2009-12-05 05:22   164880   ---ha-w-   c:\users\Administrator\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-03-21 17:00 . 2010-01-03 18:08   --------   d-----w-   c:\program files\VstPlugins
2010-03-21 15:57 . 2010-01-03 18:04   --------   d-----w-   c:\program files\Image-Line
2010-03-20 01:44 . 2006-11-06 01:51   664284   ----a-w-   c:\windows\system32\perfh010.dat
2010-03-20 01:44 . 2006-11-06 01:51   120836   ----a-w-   c:\windows\system32\perfc010.dat
2010-03-19 02:30 . 2010-02-01 02:02   --------   d-----w-   c:\users\Administrator\AppData\Roaming\XnView
2010-03-17 18:40 . 2009-12-03 20:36   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-03-11 02:15 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-03-07 17:04 . 2010-01-25 13:25   --------   d-----w-   c:\program files\HeidiSQL
2010-03-07 16:07 . 2009-12-03 20:28   54624   ----a-w-   c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-01 09:34 . 2009-12-27 17:30   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Vso
2010-02-24 09:16 . 2009-12-04 00:30   181632   ------w-   c:\windows\system32\MpSigStub.exe
2010-02-22 07:15 . 2010-02-22 07:15   --------   dc-h--w-   c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-21 04:27 . 2010-02-21 04:27   407304   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-20 06:07 . 2010-02-20 06:07   --------   d-----w-   c:\program files\HyperCam Toolbar
2010-02-20 06:07 . 2010-02-20 06:06   --------   d-----w-   c:\program files\HyCam2
2010-02-17 02:46 . 2010-01-28 05:48   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Skype
2010-02-17 02:45 . 2010-01-28 05:54   --------   d-----w-   c:\users\Administrator\AppData\Roaming\skypePM
2010-02-14 18:28 . 2009-12-11 18:32   --------   d-----w-   c:\program files\Nokia
2010-02-14 18:26 . 2009-12-11 18:46   --------   d-----w-   c:\program files\Common Files\Nokia
2010-02-14 18:24 . 2010-02-14 18:24   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-02-14 18:21 . 2010-02-14 18:21   77824   ----a-w-   c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-02-14 18:21 . 2010-02-14 18:21   50000   ----a-w-   c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2010-02-14 18:21 . 2009-12-11 18:32   --------   d-----w-   c:\programdata\OviInstallerCache
2010-02-12 07:13 . 2010-01-11 18:05   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Nero
2010-02-07 06:40 . 2010-02-07 06:40   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-02-07 06:40 . 2010-02-07 06:36   --------   d-----w-   c:\program files\Microsoft Visual Studio 9.0
2010-02-07 06:40 . 2010-02-07 06:40   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2010-02-07 06:40 . 2010-02-07 06:40   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2010-02-07 06:40 . 2010-02-07 06:36   --------   d-----w-   c:\programdata\Microsoft Help
2010-02-07 06:39 . 2010-02-07 06:39   187808   ----a-w-   c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-02-07 06:39 . 2010-02-07 06:39   416   ----a-w-   c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-02-07 06:36 . 2010-02-07 06:36   --------   d-----w-   c:\program files\Microsoft.NET
2010-02-07 06:35 . 2010-02-07 06:35   --------   d-----w-   c:\program files\Microsoft SDKs
2010-02-04 15:53 . 2010-02-22 07:15   2954656   -c--a-w-   c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2010-02-22 07:16   64288   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2010-02-01 02:02 . 2010-02-01 02:02   --------   d-----w-   c:\program files\XnView
2010-01-28 05:54 . 2010-01-28 05:54   56   ---ha-w-   c:\windows\system32\ezsidmv.dat
2010-01-28 05:48 . 2010-01-28 05:48   --------   d-----r-   c:\program files\Skype
2010-01-28 05:48 . 2010-01-28 05:48   --------   d-----w-   c:\program files\Common Files\Skype
2010-01-28 05:48 . 2010-01-28 05:48   --------   d-----w-   c:\programdata\Skype
2010-01-27 13:07 . 2009-12-04 00:19   --------   d-----w-   c:\users\Administrator\AppData\Roaming\Yahoo!
2010-01-25 12:00 . 2010-02-24 07:42   471552   ----a-w-   c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 07:42   152576   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 07:42   152064   ----a-w-   c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 07:42   471552   ----a-w-   c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 07:42   332288   ----a-w-   c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 07:42   526336   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 07:42   346624   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 07:42   518144   ----a-w-   c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 07:42   347136   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 07:42   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 07:42   1696256   ----a-w-   c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 07:42   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 07:42   173056   ----a-w-   c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 07:42   542720   ----a-w-   c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 07:42   458752   ----a-w-   c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 07:42   2159616   ----a-w-   c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 07:42   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 18:08 . 2010-01-03 18:08   264106   ----a-w-   c:\users\Administrator\AppData\Roaming\OpenCandy\DlMgrWrapper.exe
2010-01-02 06:38 . 2010-01-22 01:50   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 01:50   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 01:50   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 01:50   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2008-05-21 09:09 . 2008-05-21 08:36   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-05-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-05-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intelligent Wireless Utility.lnk - c:\program files\Intelligent\Common\RaUI.exe [2009-12-3 626688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7f,e0,8c,01,5d,75,ca,01

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-22 1229232]
R3 AF05BDA;AF9005 BDA Device;c:\windows\system32\drivers\AF05BDA.sys [2006-03-02 133504]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-04-06 2743325]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 aswSP;avast! Self Protection; [x]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-08-05 24640]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 07:16]

2010-03-07 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-07 10:32]

2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{E19738FD-E907-4B51-A150-FBE206E5EFDE}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
TCP: {37200731-1D04-445A-BCF2-7B5287EFA349} = 192.168.0.3
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-TrustInstaller - E:\Setup.EXE
AddRemove-eBay Icon - c:\users\Administrator\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 19:11
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,ed,9e,89,85,8d,62,4e,90,32,72,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,ed,9e,89,85,8d,62,4e,90,32,72,\

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WMPlayer.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\xnview.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="mp3_auto_file"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.resx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.script\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.settings\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\xnview.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vhd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Virtual PC.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vmc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WMPlayer.exe"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-3064896817-400304240-4084713142-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2010-03-27  19:17:56
ComboFix-quarantined-files.txt  2010-03-27 18:17

Pre-Run: 22.244.622.336 byte disponibili
Post-Run: 22.187.425.792 byte disponibili

- - End Of File - - 4F1A11FE20D4EA7EDB744C6444547B71
Ultima modifica di -> EleKtrA <- su 27/03/10 22:11, modificato 1 volte in totale.
Motivazione: inserito tag code
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Re: finestra all'avvio: manca cmstp.exe

Postdi -> EleKtrA <- » 27/03/10 22:14

Bene, combofix dovrebbe aver risolto il problema.

Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
Tasto destro su TFC, avvia come amministratore
clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Scarica OTC by OldTimer sul desktop
tasto destro su OTC, avvia come amministratore
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Collegati al sito Kaspersky ed esegui una scansione online usando Internet Explorer
allega il risultato.
Guida.
“Ieri è storia, domani è mistero, ma oggi è un dono... per questo si chiama presente!”.
Avatar utente
-> EleKtrA <-
Moderatore
 
Post: 436
Iscritto il: 11/12/08 12:50

Re: finestra all'avvio: manca cmstp.exe

Postdi carbo » 29/03/10 07:09

Scusa,ma ho il pc che si blocca a volte,e la scansione devo sempre rifarla,appena finisce avviso.
carbo
Utente Junior
 
Post: 12
Iscritto il: 27/03/10 05:50

Re: finestra all'avvio: manca cmstp.exe

Postdi gahan » 29/03/10 08:40

carbo ha scritto:Scusa,ma ho il pc che si blocca a volte,e la scansione devo sempre rifarla,appena finisce avviso.


Ciao carbo,

apri un file di testo (blocco note) e incollaci all'interno il seguente script:

Codice: Seleziona tutto
File::
c:\windows\system32\GameMon.des

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]

Driver::
npggsvc


Salva il file nella stessa posizione di Combofix e chiamalo obbligatoriamente CFScript
Con il pulsante sinistro del mouse trascina quest'ultimo sull'icona rossa di Combofix.
Si avvierà una nuova scansione.
Posta il nuovo log di combofix.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09


Torna a Sistemi Operativi Windows


Topic correlati a "finestra all'avvio: manca cmstp.exe":

Suono di avvio
Autore: danny
Forum: Sistemi Operativi Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 71 ospiti