www.MegaLab.it

[pmarco66]

in modo improvviso il pc ha rallentato tutto (anche la semplice apertura di una cartella) symantec antivirus non riesce piu' a scaricare gli aggiornamenti e non riesco neanche a fare uno scanner con kaspersky ( non riesce a scaricare gli aggiornamenti)
aiuto grazie

[stevens]

Scarica combofix sul Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Poi clicca su start>esegui, nel box bianco copia e incolla questo comando:

"%userprofile%\desktop\combofix.exe" /killall


Premi ok, ora dovrebbe partire il programma
Nota: Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
terminato lo scan riavvia il pc
in C:\ dovresti trovare il file combofix.txt Postalo NEL FORUM

[cosmo]

Ciao, probabile virus, prova a fare una scansione con questi due software

Combofix lo scarichi da qui
MalwareByte lo scarichi da qui

Prima di salvare combofix sul pc cambia il nome del salvataggio mettendone uno a tuo piacimento.

ciao ciao facci sapere

[pmarco66]

ho scanzionati il pc con combofix ma al riavvio il pc non carica windows dandomi l'errore "unmountable_boot_volume
non si riavvia neanche in modalita' provvisoria
cosa devo fare?
grazie

[pmarco66]

sono riuscito a far ripartire windows
combofix ha finito la sua scansione e questo e' il log


ComboFix 09-04-27.04 - MARCO 28/04/2009 14.00.13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2046.1510 [GMT 2:00]
Eseguito da: c:\documents and settings\MARCO\desktop\combofix.exe
Opzioni usate :: /killall
* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau.exe
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_nav.dat
c:\documents and settings\MARCO\Impostazioni locali\Dati applicazioni\osuesau_navps.dat
c:\programmi\webmediaplayer
c:\programmi\webmediaplayer\resources\wmp_translation_file.xml
c:\programmi\webmediaplayer\skins\classic.skn
c:\programmi\webmediaplayer\sqlite3.dll
c:\programmi\webmediaplayer\uninst.exe
c:\programmi\webmediaplayer\WebMediaPlayer.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-05-28 al 2009-4-29 )))))))))))))))))))))))))))))))))))
.

2009-04-18 11:12 . 2009-04-28 08:14 -------- d-----w c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2009-04-17 20:49 . 2009-04-17 20:49 -------- d-----w C:\313d4076b0d803736102
2009-04-17 17:04 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-17 17:04 . 2009-03-06 14:19 286208 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-17 17:04 . 2009-02-09 11:22 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-17 17:04 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-17 17:04 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-17 17:04 . 2009-02-09 10:51 683520 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-17 17:04 . 2009-02-09 10:51 734720 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-17 17:04 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-17 17:04 . 2009-02-09 10:51 736256 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 19:54 . 2008-04-21 21:14 219136 -c----w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 09:06 . 2008-09-01 15:48 -------- d-----w c:\programmi\Symantec AntiVirus
2009-04-28 08:14 . 2008-09-01 16:50 -------- d-----w c:\programmi\Lavasoft
2009-04-26 08:58 . 2008-09-01 14:54 60153 ----a-w c:\windows\system32\nvModes.dat
2009-04-22 21:05 . 2008-09-11 06:48 -------- d-----w c:\programmi\eMule
2009-04-22 15:01 . 2008-09-01 16:05 5209 ----a-w C:\My Folder_2.zip
2009-04-22 15:00 . 2008-09-01 18:52 5462 ----a-w c:\documents and settings\MARCO\Dati applicazioni\wklnhst.dat
2009-04-20 15:40 . 2008-09-01 16:05 11934 ----a-w C:\My Folder.zip
2009-04-15 21:11 . 2004-08-19 12:00 540492 ----a-w c:\windows\system32\perfh010.dat
2009-04-15 21:11 . 2004-08-19 12:00 104908 ----a-w c:\windows\system32\perfc010.dat
2009-03-31 16:11 . 2008-09-02 11:27 -------- d-----w c:\programmi\Java
2009-03-22 17:39 . 2008-09-03 06:23 -------- d-----w c:\programmi\File comuni\Adobe
2009-03-18 23:51 . 2008-09-02 10:31 -------- d-----w c:\programmi\Microsoft SQL Server
2009-03-09 03:19 . 2009-01-18 11:44 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:19 . 2004-08-19 12:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:03 . 2006-03-04 03:34 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:08 . 2004-08-19 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 14:04 . 2004-08-19 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:23 . 2005-03-30 17:35 2027520 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:22 . 2005-03-30 17:35 2148864 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:22 . 2004-08-19 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-19 12:00 734720 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-19 12:00 683520 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-19 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-19 12:00 736256 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-19 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-19 12:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"Apoint"="c:\programmi\Apoint\Apoint.exe" [2005-10-07 176128]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2004-04-22 66656]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-04-22 124128]
"Microsoft Works Update Detection"="c:\programmi\File comuni\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 50688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PCSuiteTrayApplication"="c:\programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 167936]
"DataLayer"="c:\programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 1106944]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-22 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-11-22 348160]
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Share-to-Web Namespace Daemon"="c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN BackUp\\MSNBackup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\DC++\\DCPlusPlus.exe"=
"c:\\Programmi\\Leica\\Axyz\\LTM.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd; [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; [x]
R3 SavRoam;SavRoam;c:\programmi\Symantec AntiVirus\SavRoam.exe [2004-04-22 173288]

.
Contenuto della cartella 'Scheduled Tasks'

2009-04-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]

2009-04-29 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 15:17]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-osuesau - c:\documents and settings\marco\impostazioni locali\dati applicazioni\osuesau.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.fastweb.it/portale/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7D7E6158-0A38-45C6-B469-FB673AB7BFA3} = 193.206.84.12,193.206.84.112
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 11:06
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(484)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmi\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\programmi\File comuni\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\programmi\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\programmi\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\programmi\Cisco Systems\VPN Client\cvpnd.exe
c:\programmi\Symantec AntiVirus\DefWatch.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programmi\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programmi\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
c:\programmi\Apoint\hidfind.exe
c:\programmi\Apoint\ApntEx.exe
c:\programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-29 11.10.49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-29 09:10

Pre-Run: 14.934.724.608 byte disponibili
Post-Run: 15.283.298.304 byte disponibili

187