Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Firefox e pc lento

Firefox e pc lento Opzioni
Topic Precedente · Topic Sucessivo
lindbergh
Inviato: Wednesday, May 20, 2009 5:23:13 PM
Rank: AiutAmico

Iscritto dal : 10/11/2002
Posts: 435
Ciao, sono già 2 volte che dopo aver installato Firefox il mio pc rallenta un pò nelle sue mansioni, quindi lo disinstallo e faccio pulizia con i vari Spybot, Adware, Antivir e Ccleaner, il tutto in modalità provvisoria. Devo dire che la situazione dopo tale procedura migliora sensibilmente. C'è qualcuno che ha qualche esperienza in merito?

Ho appena fatto ora una scansione con Prevx il quale mi ha trovato: VFIND.EXE in C:\WINDOWS\. Devo eliminarlo?
Torna in alto
 
Sponsor
Inviato: Wednesday, May 20, 2009 5:23:13 PM

 
Torna in alto
 
shapiro
Inviato: Wednesday, May 20, 2009 6:27:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

di solito Prevx trova molti falsi positivi

analizza il file qui ===> http://www.virustotal.com/it/

posta anche un log di hijackthis

http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php#
Torna in alto
 
lindbergh
Inviato: Wednesday, May 20, 2009 7:03:50 PM
Rank: AiutAmico

Iscritto dal : 10/11/2002
Posts: 435
Il file VFIND.EXE in C:\WINDOWS\ da una ricerca su google risulta essere un residuo di una scansione fatta con Combofix. Per quan to riguarda Hijackthis, ecco il log, ma da una analisi fatta in automatico risultano solo 2 elementi neutri. Comunque aspetto conferma. Ciao.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.01.01, on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HDD Health\HDDHealth.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\Master\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Programmi\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241557581527
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1107E77-E79A-4408-88B2-8EBE12C22A43}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 5624 bytes
Torna in alto
 
shapiro
Inviato: Wednesday, May 20, 2009 7:42:13 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
hai analizzato il file su virus total?

elimina queste voci con hjt

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

scarica Malwarebytes http://www.malwarebytes.org/mbam/program/mbam-setup.exe
1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare per ora le ventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis
Torna in alto
 
lindbergh
Inviato: Thursday, May 21, 2009 4:32:35 PM
Rank: AiutAmico

Iscritto dal : 10/11/2002
Posts: 435
Ciao shapiro, ecco tutti i log da te richiesti (HijackThis nella sua scansione sembra tentennare un pò troppo verso la fine). Aggiungo che ieri, prima di postare, avevo installato Prevx ma ora non riesco più a disinstallarlo. Avevo provato con RevoUnistaller ma l'icona del programma è sempre nella barra delle applicazioni in basso a destra ed è pienamente funzionante nonostante che la disinstlazone sembrava avesse avutuo un esito felice.

_____________________________________________________________________________________________


Tempo trascorso: 1 hour(s), 0 minute(s), 42 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\MSN\MSNCoreFiles\copymar.exe (Worm.Luder) -> No action taken.


_____________________________________________________________________________________________




--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Processore Intel Pentium III )
BIOS : Award Modular BIOS v4.51PGN
USER : Master ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:3 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 21/05/2009|15.35 )

--------------------\\ Listing folders in DATIAP~1

[07/05/2009|09.38] C:\DOCUME~1\ADMINI~1\DATIAP~1\AVGTOOLBAR
[05/05/2009|18.05] C:\DOCUME~1\ADMINI~1\DATIAP~1\Malwarebytes
[07/05/2009|10.00] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[01/05/2009|18.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[07/05/2009|11.12] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[25/04/2009|20.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Comodo
[01/05/2009|18.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Lavasoft
[30/04/2009|10.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[25/04/2009|22.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[28/04/2009|22.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[20/05/2009|17.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PrevxCSI
[26/04/2009|15.11] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Skype
[20/05/2009|23.22] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[20/05/2009|14.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spyware Terminator
[25/04/2009|19.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SUPERAntiSpyware.com
[28/04/2009|15.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[25/04/2009|17.58] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[07/05/2009|09.38] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[26/04/2009|23.49] C:\DOCUME~1\Master\DATIAP~1\Adobe
[26/04/2009|19.03] C:\DOCUME~1\Master\DATIAP~1\dvdcss
[25/04/2009|18.07] C:\DOCUME~1\Master\DATIAP~1\Identities
[26/04/2009|23.49] C:\DOCUME~1\Master\DATIAP~1\Macromedia
[30/04/2009|11.00] C:\DOCUME~1\Master\DATIAP~1\Malwarebytes
[26/04/2009|12.22] C:\DOCUME~1\Master\DATIAP~1\Media Player Classic
[10/05/2009|22.48] C:\DOCUME~1\Master\DATIAP~1\Microsoft
[10/05/2009|22.33] C:\DOCUME~1\Master\DATIAP~1\Microsoft Web Folders
[26/04/2009|14.59] C:\DOCUME~1\Master\DATIAP~1\Real
[19/05/2009|20.58] C:\DOCUME~1\Master\DATIAP~1\Skype
[19/05/2009|17.58] C:\DOCUME~1\Master\DATIAP~1\skypePM
[20/05/2009|16.10] C:\DOCUME~1\Master\DATIAP~1\Spyware Terminator
[27/04/2009|17.19] C:\DOCUME~1\Master\DATIAP~1\Sun
[30/04/2009|23.30] C:\DOCUME~1\Master\DATIAP~1\SUPERAntiSpyware.com
[26/04/2009|18.52] C:\DOCUME~1\Master\DATIAP~1\vlc
[03/05/2009|23.55] C:\DOCUME~1\Master\DATIAP~1\WinPatrol
[0|File] C:\DOCUME~1\Master\DATIAP~1\byte
[18|Directory] C:\DOCUME~1\Master\DATIAP~1\byte disponibili

[07/05/2009|09.38] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[02/05/2009|10.59] C:\DOCUME~1\Utente\DATIAP~1\Adobe
[26/04/2009|09.20] C:\DOCUME~1\Utente\DATIAP~1\Identities
[02/05/2009|10.59] C:\DOCUME~1\Utente\DATIAP~1\Macromedia
[07/05/2009|09.38] C:\DOCUME~1\Utente\DATIAP~1\Microsoft
[29/04/2009|08.56] C:\DOCUME~1\Utente\DATIAP~1\Real
[02/05/2009|09.52] C:\DOCUME~1\Utente\DATIAP~1\Spyware Terminator
[0|File] C:\DOCUME~1\Utente\DATIAP~1\byte
[8|Directory] C:\DOCUME~1\Utente\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/05/2009 18.24][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[21/05/2009 09.47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 17.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[26/04/2009|12.34] C:\Programmi\Ahead
[06/05/2009|09.36] C:\Programmi\AVG
[07/05/2009|11.12] C:\Programmi\Avira
[03/05/2009|23.54] C:\Programmi\BillP Studios
[30/04/2009|15.04] C:\Programmi\CCleaner
[25/04/2009|20.43] C:\Programmi\COMODO
[25/04/2009|17.54] C:\Programmi\ComPlus Applications
[08/05/2009|10.56] C:\Programmi\Crawler
[30/04/2009|19.21] C:\Programmi\DustBuster
[30/04/2009|18.14] C:\Programmi\EPSON
[25/04/2009|18.40] C:\Programmi\Fastrate USB 100
[10/05/2009|22.39] C:\Programmi\File comuni
[30/04/2009|19.48] C:\Programmi\HDD Health
[30/04/2009|19.04] C:\Programmi\InstallShield Installation Information
[07/05/2009|12.40] C:\Programmi\Internet Explorer
[27/04/2009|17.23] C:\Programmi\Java
[26/04/2009|18.27] C:\Programmi\K-Lite Codec Pack
[01/05/2009|18.21] C:\Programmi\Lavasoft
[21/05/2009|14.26] C:\Programmi\Malwarebytes' Anti-Malware
[07/05/2009|12.49] C:\Programmi\Messenger
[26/04/2009|12.27] C:\Programmi\Messenger Plus! Live
[10/05/2009|22.32] C:\Programmi\microsoft frontpage
[10/05/2009|22.33] C:\Programmi\Microsoft Office
[07/05/2009|12.40] C:\Programmi\Movie Maker
[25/04/2009|17.53] C:\Programmi\MSN
[25/04/2009|17.53] C:\Programmi\MSN Gaming Zone
[07/05/2009|12.56] C:\Programmi\MSN Messenger
[07/05/2009|12.34] C:\Programmi\NetMeeting
[07/05/2009|12.34] C:\Programmi\Outlook Express
[20/05/2009|17.16] C:\Programmi\Prevx
[25/04/2009|17.56] C:\Programmi\Servizi in linea
[26/04/2009|15.11] C:\Programmi\Skype
[20/05/2009|16.04] C:\Programmi\Spybot - Search & Destroy
[20/05/2009|16.10] C:\Programmi\Spyware Terminator
[25/04/2009|18.07] C:\Programmi\Uninstall Information
[26/04/2009|18.45] C:\Programmi\VideoLAN
[27/04/2009|10.41] C:\Programmi\VS Revo Group
[25/04/2009|23.10] C:\Programmi\Windows Live
[25/04/2009|21.59] C:\Programmi\Windows Live SkyDrive
[07/05/2009|12.41] C:\Programmi\Windows Media Player
[07/05/2009|12.34] C:\Programmi\Windows NT
[25/04/2009|17.53] C:\Programmi\WindowsUpdate
[30/04/2009|19.48] C:\Programmi\WinRAR
[25/04/2009|17.59] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[46|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[26/04/2009|12.34] C:\Programmi\File comuni\Ahead
[10/05/2009|22.37] C:\Programmi\File comuni\Designer
[25/04/2009|18.52] C:\Programmi\File comuni\InstallShield
[10/05/2009|22.45] C:\Programmi\File comuni\Microsoft Shared
[25/04/2009|17.55] C:\Programmi\File comuni\MSSoap
[25/04/2009|18.44] C:\Programmi\File comuni\ODBC
[26/04/2009|14.56] C:\Programmi\File comuni\Real
[30/04/2009|19.37] C:\Programmi\File comuni\Services
[26/04/2009|15.11] C:\Programmi\File comuni\Skype
[25/04/2009|18.44] C:\Programmi\File comuni\SpeechEngines
[10/05/2009|22.36] C:\Programmi\File comuni\System
[25/04/2009|21.55] C:\Programmi\File comuni\Windows Live
[26/04/2009|14.57] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[15|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 31 Processes )

iexplore.exe ~ [PID:3944]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 15:40:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:6][D:2]-> C:\DOCUME~1\Master\IMPOST~1\Temp
[F:47][D:0]-> C:\DOCUME~1\Master\Cookies
[F:2453][D:5]-> C:\DOCUME~1\Master\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 21/05/2009|15.41 - Option : [1]

--------------------\\ Scan completed at 15.41.42




__________________________________________________________________________________________






--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Processore Intel Pentium III )
BIOS : Award Modular BIOS v4.51PGN
USER : Master ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.26 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:3 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 21/05/2009|15.54 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[07/05/2009|09.38] C:\DOCUME~1\ADMINI~1\DATIAP~1\AVGTOOLBAR
[05/05/2009|18.05] C:\DOCUME~1\ADMINI~1\DATIAP~1\Malwarebytes
[07/05/2009|10.00] C:\DOCUME~1\ADMINI~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\ADMINI~1\DATIAP~1\byte disponibili

[01/05/2009|18.21] C:\DOCUME~1\ALLUSE~1\DATIAP~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[07/05/2009|11.12] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Avira
[25/04/2009|20.00] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Comodo
[01/05/2009|18.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Lavasoft
[30/04/2009|10.59] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[25/04/2009|22.55] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Messenger Plus!
[28/04/2009|22.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[20/05/2009|17.24] C:\DOCUME~1\ALLUSE~1\DATIAP~1\PrevxCSI
[26/04/2009|15.11] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Skype
[20/05/2009|23.22] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[20/05/2009|14.42] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spyware Terminator
[25/04/2009|19.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\SUPERAntiSpyware.com
[28/04/2009|15.32] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[15|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[25/04/2009|17.58] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[07/05/2009|09.38] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[26/04/2009|23.49] C:\DOCUME~1\Master\DATIAP~1\Adobe
[26/04/2009|19.03] C:\DOCUME~1\Master\DATIAP~1\dvdcss
[25/04/2009|18.07] C:\DOCUME~1\Master\DATIAP~1\Identities
[26/04/2009|23.49] C:\DOCUME~1\Master\DATIAP~1\Macromedia
[30/04/2009|11.00] C:\DOCUME~1\Master\DATIAP~1\Malwarebytes
[26/04/2009|12.22] C:\DOCUME~1\Master\DATIAP~1\Media Player Classic
[10/05/2009|22.48] C:\DOCUME~1\Master\DATIAP~1\Microsoft
[10/05/2009|22.33] C:\DOCUME~1\Master\DATIAP~1\Microsoft Web Folders
[26/04/2009|14.59] C:\DOCUME~1\Master\DATIAP~1\Real
[19/05/2009|20.58] C:\DOCUME~1\Master\DATIAP~1\Skype
[19/05/2009|17.58] C:\DOCUME~1\Master\DATIAP~1\skypePM
[20/05/2009|16.10] C:\DOCUME~1\Master\DATIAP~1\Spyware Terminator
[27/04/2009|17.19] C:\DOCUME~1\Master\DATIAP~1\Sun
[30/04/2009|23.30] C:\DOCUME~1\Master\DATIAP~1\SUPERAntiSpyware.com
[26/04/2009|18.52] C:\DOCUME~1\Master\DATIAP~1\vlc
[03/05/2009|23.55] C:\DOCUME~1\Master\DATIAP~1\WinPatrol
[0|File] C:\DOCUME~1\Master\DATIAP~1\byte
[18|Directory] C:\DOCUME~1\Master\DATIAP~1\byte disponibili

[07/05/2009|09.38] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

[02/05/2009|10.59] C:\DOCUME~1\Utente\DATIAP~1\Adobe
[26/04/2009|09.20] C:\DOCUME~1\Utente\DATIAP~1\Identities
[02/05/2009|10.59] C:\DOCUME~1\Utente\DATIAP~1\Macromedia
[07/05/2009|09.38] C:\DOCUME~1\Utente\DATIAP~1\Microsoft
[29/04/2009|08.56] C:\DOCUME~1\Utente\DATIAP~1\Real
[02/05/2009|09.52] C:\DOCUME~1\Utente\DATIAP~1\Spyware Terminator
[0|File] C:\DOCUME~1\Utente\DATIAP~1\byte
[8|Directory] C:\DOCUME~1\Utente\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[18/05/2009 18.24][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[21/05/2009 09.47][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 17.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[26/04/2009|12.34] C:\Programmi\Ahead
[06/05/2009|09.36] C:\Programmi\AVG
[07/05/2009|11.12] C:\Programmi\Avira
[03/05/2009|23.54] C:\Programmi\BillP Studios
[30/04/2009|15.04] C:\Programmi\CCleaner
[25/04/2009|20.43] C:\Programmi\COMODO
[25/04/2009|17.54] C:\Programmi\ComPlus Applications
[08/05/2009|10.56] C:\Programmi\Crawler
[30/04/2009|19.21] C:\Programmi\DustBuster
[30/04/2009|18.14] C:\Programmi\EPSON
[25/04/2009|18.40] C:\Programmi\Fastrate USB 100
[10/05/2009|22.39] C:\Programmi\File comuni
[30/04/2009|19.48] C:\Programmi\HDD Health
[30/04/2009|19.04] C:\Programmi\InstallShield Installation Information
[07/05/2009|12.40] C:\Programmi\Internet Explorer
[27/04/2009|17.23] C:\Programmi\Java
[26/04/2009|18.27] C:\Programmi\K-Lite Codec Pack
[01/05/2009|18.21] C:\Programmi\Lavasoft
[21/05/2009|14.26] C:\Programmi\Malwarebytes' Anti-Malware
[07/05/2009|12.49] C:\Programmi\Messenger
[26/04/2009|12.27] C:\Programmi\Messenger Plus! Live
[10/05/2009|22.32] C:\Programmi\microsoft frontpage
[10/05/2009|22.33] C:\Programmi\Microsoft Office
[07/05/2009|12.40] C:\Programmi\Movie Maker
[25/04/2009|17.53] C:\Programmi\MSN
[25/04/2009|17.53] C:\Programmi\MSN Gaming Zone
[07/05/2009|12.56] C:\Programmi\MSN Messenger
[07/05/2009|12.34] C:\Programmi\NetMeeting
[07/05/2009|12.34] C:\Programmi\Outlook Express
[20/05/2009|17.16] C:\Programmi\Prevx
[25/04/2009|17.56] C:\Programmi\Servizi in linea
[26/04/2009|15.11] C:\Programmi\Skype
[20/05/2009|16.04] C:\Programmi\Spybot - Search & Destroy
[20/05/2009|16.10] C:\Programmi\Spyware Terminator
[25/04/2009|18.07] C:\Programmi\Uninstall Information
[26/04/2009|18.45] C:\Programmi\VideoLAN
[27/04/2009|10.41] C:\Programmi\VS Revo Group
[25/04/2009|23.10] C:\Programmi\Windows Live
[25/04/2009|21.59] C:\Programmi\Windows Live SkyDrive
[07/05/2009|12.41] C:\Programmi\Windows Media Player
[07/05/2009|12.34] C:\Programmi\Windows NT
[25/04/2009|17.53] C:\Programmi\WindowsUpdate
[30/04/2009|19.48] C:\Programmi\WinRAR
[25/04/2009|17.59] C:\Programmi\xerox
[0|File] C:\Programmi\byte
[46|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[26/04/2009|12.34] C:\Programmi\File comuni\Ahead
[10/05/2009|22.37] C:\Programmi\File comuni\Designer
[25/04/2009|18.52] C:\Programmi\File comuni\InstallShield
[10/05/2009|22.45] C:\Programmi\File comuni\Microsoft Shared
[25/04/2009|17.55] C:\Programmi\File comuni\MSSoap
[25/04/2009|18.44] C:\Programmi\File comuni\ODBC
[26/04/2009|14.56] C:\Programmi\File comuni\Real
[30/04/2009|19.37] C:\Programmi\File comuni\Services
[26/04/2009|15.11] C:\Programmi\File comuni\Skype
[25/04/2009|18.44] C:\Programmi\File comuni\SpeechEngines
[10/05/2009|22.36] C:\Programmi\File comuni\System
[25/04/2009|21.55] C:\Programmi\File comuni\Windows Live
[26/04/2009|14.57] C:\Programmi\File comuni\xing shared
[0|File] C:\Programmi\File comuni\byte
[15|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 28 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 16:00:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:6][D:2]-> C:\DOCUME~1\Master\IMPOST~1\Temp
[F:47][D:0]-> C:\DOCUME~1\Master\Cookies
[F:2453][D:5]-> C:\DOCUME~1\Master\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 21/05/2009|15.41 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 21/05/2009|16.02 - Option : [2]

--------------------\\ Scan completed at 16.02.04


_____________________________________________________________________________________________



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.05.57, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HDD Health\HDDHealth.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Master\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Programmi\HDD Health\HDDHealth.exe -wl
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241557581527
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CSIScanner - Prevx - C:\Programmi\Prevx\prevx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 5262 bytes
Torna in alto
 
shapiro
Inviato: Thursday, May 21, 2009 6:18:49 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia malwarebytes, elimina quel file che ha trovato(e' di msn) -

sbaglio o sul pc sono installati due antivirus?

prova a disinstallare prevx da provvisoria(se proprio vuoi toglierlo) e' buono ma secondo me trova troppi falsi positivi
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Firefox e pc lento


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.