Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » XP non si avvia(va)-- [Risolto]

2 pages: 1 [2]
XP non si avvia(va)-- [Risolto] Opzioni
Topic Precedente · Topic Sucessivo
lui49
Inviato: Wednesday, March 03, 2010 2:42:13 PM
Rank: AiutAmico

Iscritto dal : 5/4/2003
Posts: 2,845
questo è il log del Combo (è stato un bel pò ed ha anche riavviato il pc):

ComboFix 10-03-01.04 - Nico 03/03/2010 14.25.29.2.2 - x86
Eseguito da: J:\ComboFix.exe

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((( Files Creati Da 2010-02-03 al 2010-03-03 )))))))))))))))))))))))))))))))))))
.

2010-03-02 18:15 . 2009-04-06 10:37 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-03-02 18:14 . 2009-02-10 15:15 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-03-02 18:13 . 2009-02-18 16:30 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-03-02 18:13 . 2010-03-02 18:13 -------- d-----w- c:\programmi\Agnitum
2010-03-02 18:13 . 2010-03-02 18:13 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Agnitum
2010-03-02 17:57 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-02 17:57 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-02 17:57 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-02 17:57 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-02 17:57 . 2010-03-02 17:57 -------- d-----w- c:\programmi\Avira
2010-03-02 17:57 . 2010-03-02 17:57 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2010-02-15 21:49 . 2010-02-15 21:49 -------- d-----w- c:\documents and settings\Nico\Dati applicazioni\DeviceDoctorSoftware
2010-02-15 20:28 . 2010-02-15 20:28 -------- d-----w- c:\documents and settings\NetworkService\Impostazioni locali\Dati applicazioni\PCHealth

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 13:15 . 2009-11-18 18:39 -------- d-----w- c:\documents and settings\Nico\Dati applicazioni\HPAppData
2010-03-02 15:14 . 2005-01-01 02:35 77312 ----a-w- C:\mbr.exe
2010-02-24 08:16 . 2009-10-02 22:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-20 20:19 . 2008-02-08 16:30 -------- d-----w- c:\programmi\Microsoft Silverlight
2010-01-12 12:51 . 2009-02-28 19:13 -------- d-----w- c:\programmi\Eusing Free Registry Cleaner
2010-01-12 12:42 . 2006-02-08 12:25 85600 ----a-w- c:\documents and settings\Nico\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-01-12 12:42 . 2009-11-18 18:38 -------- d-----w- c:\documents and settings\Nico\Dati applicazioni\HP
2010-01-12 12:41 . 2009-11-18 17:14 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP
2010-01-12 12:41 . 2010-01-12 12:36 62267 ----a-w- c:\windows\hpqins05.dat
2010-01-12 12:39 . 2010-01-12 12:39 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\HP Product Assistant
2010-01-07 15:07 . 2005-01-01 01:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2005-01-01 01:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 09:53 . 2004-09-07 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:53 . 2004-09-07 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:53 . 2004-09-07 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-03 16:39 . 2008-12-09 21:28 -------- d-----w- c:\programmi\Java
2010-01-03 16:38 . 2010-01-03 16:38 152576 ----a-w- c:\documents and settings\Nico\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-03 16:38 . 2010-01-03 16:37 79488 ----a-w- c:\documents and settings\Nico\Dati applicazioni\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-03 16:31 . 2009-09-17 19:47 -------- d-----w- c:\documents and settings\Nico\Dati applicazioni\gtk-2.0
2009-12-31 16:50 . 2004-09-07 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:40 . 2006-02-08 10:36 346112 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 18:18 . 2004-09-07 12:00 84504 ----a-w- c:\windows\system32\perfc010.dat
2009-12-12 18:18 . 2004-09-07 12:00 489742 ----a-w- c:\windows\system32\perfh010.dat
2009-12-09 10:07 . 2004-09-07 12:00 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:07 . 2004-08-04 00:48 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-09-07 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeluxMouse"="c:\programmi\Mouse\MouseDrv.exe" [2004-01-12 339968]
"C-Media Mixer"="Mixer.exe" [2003-03-20 1855488]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\programmi\Agnitum\Outpost Firewall\feedback.exe" [2009-04-28 428032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
PS2 Keyboard English Edition 2.0.lnk - c:\programmi\PS2 Keyboard English Edition 2.0\kb_2k.exe [2006-2-8 262144]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"OPSE reminder"="c:\programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "c:\programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"<NO NAME>"=
"ehTray"=c:\windows\ehome\ehtray.exe
"OpwareSE2"="c:\programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"TQ566808"="F:\setup.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
"Windows Defender"="c:\programmi\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmi\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\eMule 047\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Nico\\Impostazioni locali\\Dati applicazioni\\TVLC\\Sandbox\\2009.12.14T00.29\\Virtual\\STUBEXE\\@PROGRAMFILES@\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico; [x]
R3 fsssvc;Servizio Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
R3 FXDRV;FXDRV;F:\Fxdrv.sys [x]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-04-06 704384]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2009-04-28 1195008]
S2 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par.sys [2003-07-17 16695]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
S2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2009-02-18 31128]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-02-10 257432]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenuto della cartella 'Scheduled Tasks'

2010-03-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-12-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-03-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://it.acer.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
TCP: {DF78B39F-5434-4F5C-B571-346F0FEAB79C} = 85.37.17.14,85.38.28.78
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 14:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-507921405-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140510900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\GTGina.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(580)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Avira\AntiVir Desktop\sched.exe
c:\programmi\Avira\AntiVir Desktop\avguard.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programmi\CyberLink\Shared files\RichVideo.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\dllhost.exe
c:\windows\Mixer.exe
.
**************************************************************************
.
Ora fine scansione: 2010-03-03 14:37:51 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-03-03 13:37

Pre-Run: 13.103.108.096 byte disponibili
Post-Run: 12.971.753.472 byte disponibili

- - End Of File - - 70BFA4ED4B254FCD32AA7CEE13365807
Torna in alto
 
paolopa
Inviato: Wednesday, March 03, 2010 3:12:50 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
aspettando r16 che ti vivisezioni il log,ho dato un occhiata e ho visto che hai questo device doctorsoftware,che dovrebbe servire per aggiornare i driver,l avevi per caso usato prima dei problemi?combo infezioni non ne ha eliminate,quindi presumo neppure trovate.
Torna in alto
 
r16
Inviato: Wednesday, March 03, 2010 3:13:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Hai alcuni file, che dovrebbero essere "rimasugli" di Firewall.
F:\Fxdrv.sys (firewall Kerio)
vsdatant (Zone Allarm)
Cos'è quella lettera F:? (partizione?)
Hai provato a resettare il Bios?
Torna in alto
 
lui49
Inviato: Wednesday, March 03, 2010 3:28:10 PM
Rank: AiutAmico

Iscritto dal : 5/4/2003
Posts: 2,845
device doctor software, Kerio, ZoneAlarm......provati e disinstallati; forse è rimasto qualcosa in giro.
La lettera F corrisponde al cd-rom
Quando ho lanciato Combo avevo collegato solo l'hd principale (partizioni c, d, e) ora ho aggiunto anche l'altro (partizioni g, h). Per il momento sembra che tutto regga.
Sto familiriarizzando con Avira (configurato come da tue indicazioni) e Outpost.....mi soddisfano.

Ho resettato il bios togliendo la batteria e spostando i jumpers previsti. Poi ho sistemato un paio di cosette al riavvio...etc...

Torno a tenere le dita incrociate......Shhh Shhh Shhh Shhh Shhh Shhh

Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » XP non si avvia(va)-- [Risolto]


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.