www.MegaLab.it

da **pmarco66** » gio mag 07, 2009 9:33 am

sono riuscito a far ripartire windows
combofix ha finito la sua scansione e questo e' il log

ComboFix 09-04-27.04 - MARCO 28/04/2009 14.00.13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1510 [GMT 2:00]
Eseguito da: c:\documents and settings\MARCO\desktop\combofix.exe
Opzioni usate :: /killall
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.exe
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_nav.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_navps.dat
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\programmi\webmediaplayer\WebMediaPlayer.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-29 )))))))))))))))))))))))))))))))))))
.

2009-04-18 11:12 . 2009-04-28 08:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-04-17 20:49 . 2009-04-17 20:49 -------- d-----w C:\313d4076b0d803736102
2009-04-17 17:04 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 17:04 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 17:04 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 17:04 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 17:04 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 17:04 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 17:04 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 17:04 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 17:04 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 19:54 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 09:06 . 2008-09-01 15:48 -------- d-----w c:\programmi\Symantec AntiVirus
2009-04-28 08:14 . 2008-09-01 16:50 -------- d-----w c:\programmi\Lavasoft
2009-04-26 08:58 . 2008-09-01 14:54 60153 ----a-w c:\windows\system32\nvModes.dat
2009-04-22 21:05 . 2008-09-11 06:48 -------- d-----w c:\programmi\eMule
2009-04-22 15:01 . 2008-09-01 16:05 5209 ----a-w C:\My Folder_2.zip
2009-04-22 15:00 . 2008-09-01 18:52 5462 ----a-w c:\documents and settings\MARCO\Dati applicazioni\wklnhst.dat
2009-04-20 15:40 . 2008-09-01 16:05 11934 ----a-w C:\My Folder.zip
2009-04-15 21:11 . 2004-08-19 12:00 540492 ----a-w c:\windows\system32\perfh010.dat
2009-04-15 21:11 . 2004-08-19 12:00 104908 ----a-w c:\windows\system32\perfc010.dat
2009-03-31 16:11 . 2008-09-02 11:27 -------- d-----w c:\programmi\Java
2009-03-22 17:39 . 2008-09-03 06:23 -------- d-----w c:\programmi\File comuni\Adobe
2009-03-18 23:51 . 2008-09-02 10:31 -------- d-----w c:\programmi\Microsoft SQL Server
2009-03-09 03:19 . 2009-01-18 11:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-04 03:34 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2004-08-19 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2005-03-30 17:35 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2005-03-30 17:35 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2005-10-07 176128]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Leica\\Axyz\\LTM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
R3 SavRoam;SavRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [2004-04-22 173288]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2009-04-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-osuesau - c:\documents and settings\marco\impostazioni locali\dati applicazioni\osuesau.exe

.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7D7E6158-0A38-45C6-B469-FB673AB7BFA3} = 193.206.84.12,193.206.84.112
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\programmi\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\programmi\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\programmi\Cisco Systems\VPN Client\cvpnd.exe
c:\programmi\Symantec AntiVirus\DefWatch.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\programmi\Apoint\hidfind.exe
c:\programmi\Apoint\ApntEx.exe
c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-29 11.10.49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-29 09:10

Pre-Run: 14.934.724.608 byte disponibili
Post-Run: 15.283.298.304 byte disponibili

da **crazy.cat** » gio mag 07, 2009 10:05 am

Combofix ha rimosso parecchie cose come va il tuo pc adesso?

da **pmarco66** » gio mag 07, 2009 1:17 pm

il computer non si avviava sono dovuto intervenire con consolle ripristino xp
ma combofix ha tolto virus?
il pc prima di avere problemi mi e' caduto...l'hd si puo' essere rovinato?
con scandisk trova errori...

da **crazy.cat** » gio mag 07, 2009 1:33 pm

pmarco66 ha scritto:ma combofix ha tolto virus?

Si.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.exe
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_nav.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_navps.dat
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\programmi\webmediaplayer\WebMediaPlayer.exe

l'hd si puo' essere rovinato?

Visto quello che dici poi, la risposta è si.

con scandisk trova errori...

www.MegaLab.it

scansione con combofix

scansione con combofix

Re: scansione con combofix

Re: scansione con combofix

Re: scansione con combofix

Chi c’è in linea