Condividi:        

scansione combofix

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

scansione combofix

Postdi carmima » 04/07/08 14:21

qualcuno può dare un'occhiata al log di combofix

ComboFix 08-07-03.5 - carmelo 2008-07-04 15.01.27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.292 [GMT 2:00]
Eseguito da: C:\Documents and Settings\carmelo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\barbara\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Creati Da 2008-06-04 al 2008-07-04 )))))))))))))))))))))))))))))))))))
.

2008-07-03 15:46 . 2008-07-03 15:46 <DIR> d-------- C:\Programmi\FreshDevices
2008-07-03 02:44 . 2008-07-03 02:58 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-03 02:06 . 2008-07-03 02:06 250 --a------ C:\WINDOWS\gmer.ini
2008-07-02 23:32 . 2008-07-02 23:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\NVIDIA
2008-07-02 23:11 . 2008-07-02 23:15 <DIR> d-------- C:\WINDOWS\nview
2008-07-02 23:11 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-02 23:11 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-02 23:11 . 2008-07-04 01:04 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-02 23:11 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-02 23:10 . 2008-07-02 23:10 <DIR> d-------- C:\NVIDIA
2008-07-02 19:52 . 2008-07-02 19:53 <DIR> d-------- C:\hijackthis
2008-06-28 22:50 . 2008-06-28 22:50 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-06-11 15:31 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-07 21:25 . 2008-06-07 21:25 <DIR> d-------- C:\Documents and Settings\barbara\Dati applicazioni\Winamp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 17:06 --------- d-----w C:\Programmi\VideoLAN
2008-06-30 14:28 --------- d-----w C:\Programmi\AdunanzA
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-31 14:17 --------- d-----w C:\Programmi\Alwil Software
2008-05-31 14:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-05-31 14:10 --------- d-----w C:\Documents and Settings\carmelo\Dati applicazioni\AVG7
2008-05-31 14:10 --------- d-----w C:\Documents and Settings\barbara\Dati applicazioni\AVG7
2008-05-31 14:10 --------- d-----w C:\Documents and Settings\alfredo\Dati applicazioni\AVG7
2008-05-11 10:01 --------- d-----w C:\Programmi\PokerStars.NET
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2001-08-31 11:00 94,816 --sh--w C:\WINDOWS\twain.dll
2004-08-19 14:39 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-19 14:39 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-19 14:39 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-19 14:39 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-19 14:39 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:40 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-19 14:39 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-19 14:39 12,288 --sh--w C:\WINDOWS\system32\regsvr32.exe
2008-03-13 20:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\MSHist012008031320080314\index.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 18:49 1185120 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-12-13 18:49 1185120]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"FreeRAM XP"="C:\Programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 01:13 1591808]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 10:11 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2004-07-16 14:50 1409136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:39 15360]

C:\Documents and Settings\alfredo\Menu Avvio\Programmi\Esecuzione automatica\
Indicatore FastMail.lnk - C:\Programmi\FastMail\TrayIndicator_it.exe [2008-03-12 19:22:02 110667]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Microsoft Office OneNote 2003.lnk - C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 22:23:32 51776]
HPAiODevice(hp psc 700 series) - 1.lnk - C:\Programmi\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe [2002-04-24 02:28:32 487484]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^3Com Connection Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\3Com Connection Assistant.lnk
backup=C:\WINDOWS\pss\3Com Connection Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 C:\Programmi\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP in ingresso
"4672:UDP"= 4672:UDP:emule :UDP in ingresso

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 CCCP106;TRUST 120 SPACEC@M;C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 15:07:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-04 15.08.39
ComboFix-quarantined-files.txt 2008-07-04 13:08:35

8 Directory 27,516,604,416 byte disponibili
12 Directory 27,896,520,704 byte disponibili

132 --- E O F --- 2008-07-04 12:44:00
carmima
Newbie
 
Post: 9
Iscritto il: 02/07/08 15:10

Sponsor
 

Re: scansione combofix

Postdi Luke57 » 04/07/08 15:30

Ciao, sembra ok.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: scansione combofix

Postdi carmima » 04/07/08 16:00

aiuto, c'è nessuno che mi da una mano
carmima
Newbie
 
Post: 9
Iscritto il: 02/07/08 15:10

Re: scansione combofix

Postdi carmima » 04/07/08 16:24

ciao luke, scusa non avevo visto la risposta.
Il problema è che il pc mi da noie da un po', ad esempio non mi fa entrare in modalità provvisoria, lo schermo fa continui refresh(non se è il termine esatto),nè riesco a riparare windows con il cd di installazione, volevo capire se era colpa di un virus.
carmima
Newbie
 
Post: 9
Iscritto il: 02/07/08 15:10


Torna a Sicurezza e Privacy


Topic correlati a "scansione combofix":


Chi c’è in linea

Visitano il forum: Nessuno e 14 ospiti