Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer ancora lento...troppo lento...

Computer ancora lento...troppo lento... Opzioni
Topic Precedente · Topic Sucessivo
alesgiov
Inviato: Monday, April 26, 2010 6:48:46 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
Nonostante la pulizia di pochi mesi fa il computer è tornato lentissimo...Attendo consulenza grazie mille
Torna in alto
 
Sponsor
Inviato: Monday, April 26, 2010 6:48:46 PM

 
Torna in alto
 
paolopa
Inviato: Monday, April 26, 2010 6:58:21 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
magari se posti un log di hijack e spieghi che hai fatto....(come scansioni intendo)
Torna in alto
 
alesgiov
Inviato: Tuesday, April 27, 2010 1:06:07 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
Ho eseguito consigli di r16 (varie scansioni con MBAM, HJT e ComboFix).

Ecco il log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.06.14, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ecosia.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ecosia Plugin - {7E783154-F54B-4af6-8C01-0A3E744B5DC8} - C:\Programmi\Ecosia\ecosia.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programmi\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ecosia Search - {C8F48FC8-3CA1-42B9-8609-F75D7C8B4493} - C:\Programmi\Ecosia\ecosia.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate1c98c21930495f0) (gupdate1c98c21930495f0) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5347 bytes
Torna in alto
 
paolopa
Inviato: Tuesday, April 27, 2010 5:39:50 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
il log non presenta problemi rilevanti,e se hai gia eseguito le scansionio con mbam e combofix credo che si possano escludere infezioni.potrebbe essere un conflitto tra programmi,ma vai a sapere quali...
a me zone allarm(quando lo avevo)creava qualche problemino,potresti provare a riattivare temporaneamente il firewall di windows e disattivare zone allarm,per vedere se migliora qualcosa.
Torna in alto
 
r16
Inviato: Tuesday, April 27, 2010 9:29:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Per verificare se ci sono ancora infezioni, bisognerebbe vedere i log delle scansioni che hai fatto.
In particolare, quella di Combofix. (meglio se, è una scansione recente)

P.S:
Sei un ecologista? (Ecosia)
Torna in alto
 
alesgiov
Inviato: Friday, April 30, 2010 2:58:01 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
ComboFix 10-04-26.05 - Alessandro 30/04/2010 14.37.48.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.511.247 [GMT 2:00]
Eseguito da: c:\documents and settings\Alessandro\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {FFFFFFFC-0002-0000-6008-B00D4CEE1200}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alessandro\Dati applicazioni\avdrn.dat
c:\recycler\S-1-5-21-1960408961-1580436667-839522115-1011
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Temp
c:\windows\system32\Temp\Kara_K5V.dll

.
((((((((((((((((((((((((( Files Creati Da 2010-03-28 al 2010-04-30 )))))))))))))))))))))))))))))))))))
.

2010-04-27 20:21 . 2010-04-27 20:20 398336 ----a-w- c:\windows\system32\CF8274.exe
2010-04-27 19:27 . 2010-04-27 19:27 -------- d-----w- c:\programmi\SigmaTel
2010-04-26 14:59 . 2010-04-26 15:08 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Audacity
2010-04-26 14:58 . 2010-04-26 14:58 -------- d-----w- c:\programmi\Audacity 1.3 Beta (Unicode)
2010-04-23 16:42 . 2010-04-23 16:46 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Software Informer
2010-04-23 16:42 . 2010-04-23 16:42 -------- d-----w- c:\programmi\Software Informer
2010-04-17 20:09 . 2010-04-17 20:09 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\Creative
2010-04-17 20:08 . 2010-04-17 20:08 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\muvee Technologies
2010-04-17 20:06 . 2010-04-17 20:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-17 13:27 . 2007-02-13 01:00 122880 ----a-r- c:\windows\system32\V0420Vfw.dll
2010-04-17 13:27 . 2007-04-30 01:00 32768 ----a-w- c:\windows\V0420Mon.exe
2010-04-17 13:27 . 2007-04-29 01:00 24576 ----a-r- c:\windows\V0420Cfg.exe
2010-04-17 13:26 . 2007-05-14 01:00 262144 ----a-r- c:\windows\system32\V0420CVW.dll
2010-04-17 13:26 . 2007-05-31 01:32 99648 ----a-r- c:\windows\system32\drivers\V0420Vid.sys
2010-04-17 13:26 . 2007-05-31 01:00 36864 ----a-w- c:\windows\system32\V0420Pin.dll
2010-04-17 13:26 . 2007-05-14 01:00 32768 ----a-r- c:\windows\system32\V0420Hwx.dll
2010-04-17 13:20 . 2006-08-30 05:10 158456 ------w- c:\windows\system32\pxwma.dll
2010-04-17 13:19 . 2010-04-17 13:19 -------- d-----w- c:\programmi\File comuni\muvee Technologies
2010-04-17 13:19 . 2010-04-17 13:19 -------- d-----w- c:\programmi\muvee Technologies
2010-04-16 06:49 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-15 12:10 . 2010-03-10 06:15 420352 -c----w- c:\windows\system32\dllcache\vbscript.dll
2010-04-12 12:56 . 2010-04-12 12:56 -------- d-----w- c:\programmi\EA GAMES
2010-04-12 12:56 . 2004-08-18 08:34 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-04-08 14:19 . 2008-04-13 09:40 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-04-08 14:19 . 2008-04-13 09:40 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-04-08 14:18 . 2008-04-13 09:41 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-04-08 14:18 . 2008-04-13 09:41 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-04-08 14:17 . 2008-04-13 09:41 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-04-08 14:17 . 2008-04-13 09:41 8192 ----a-w- c:\windows\system32\drivers\changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 11:53 . 2010-04-30 11:53 26452 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_29_20_46_26_small.dmp.zip
2010-04-30 11:53 . 2010-04-30 11:53 25621 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_29_20_45_27_small.dmp.zip
2010-04-29 18:45 . 2009-02-11 08:18 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2010-04-29 18:44 . 2010-04-29 18:44 26389 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_29_17_59_32_small.dmp.zip
2010-04-29 18:44 . 2010-04-29 18:44 25916 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_29_17_58_59_small.dmp.zip
2010-04-29 15:58 . 2010-04-29 15:58 26227 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_29_15_40_32_small.dmp.zip
2010-04-29 13:39 . 2010-04-29 13:39 26393 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_28_20_22_06_small.dmp.zip
2010-04-29 13:39 . 2010-04-29 13:39 10347774 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_28_20_21_13_full.dmp.zip
2010-04-28 18:20 . 2010-04-28 18:20 25528 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2010_04_28_19_11_49_small.dmp.zip
2010-04-28 17:46 . 2010-04-28 18:22 1248768 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-04-27 19:27 . 2005-11-28 18:43 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-04-27 19:23 . 2010-04-27 19:43 10316 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1040.dat
2010-04-27 16:02 . 2009-03-02 11:31 -------- d-----w- c:\programmi\CCleaner
2010-04-27 15:42 . 2009-12-18 18:41 1 ----a-w- c:\documents and settings\Alessandro\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-24 18:35 . 2010-01-18 20:37 1 ----a-w- c:\documents and settings\ANNA\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-23 16:49 . 2009-02-10 12:42 -------- d-----w- c:\programmi\Creative
2010-04-20 15:05 . 2010-04-20 15:30 1221120 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-04-20 15:05 . 2010-04-20 15:30 93184 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-04-20 10:55 . 2008-10-28 18:09 -------- d-----w- c:\programmi\Google
2010-04-17 20:08 . 2005-12-05 17:59 80136 -c--a-w- c:\documents and settings\Alessandro\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-04-16 18:32 . 2010-04-16 18:42 1355776 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-04-14 18:21 . 2010-04-14 18:34 1208320 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-04-12 14:03 . 2009-01-14 13:32 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\uTorrent
2010-04-08 14:14 . 2010-04-08 14:14 8 ----a-w- c:\documents and settings\LocalService\Dati applicazioni\jasltw.dat
2010-04-05 09:39 . 2010-02-13 12:34 -------- d-----w- c:\programmi\Glary Utilities
2010-04-05 08:14 . 2010-01-11 13:18 -------- d-----w- c:\programmi\SokkerViewer
2010-03-29 13:12 . 2001-12-04 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat
2010-03-29 13:12 . 2001-12-04 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat
2010-03-25 20:34 . 2010-03-25 20:34 -------- d-----w- c:\programmi\Ecosia
2010-03-22 19:16 . 2009-01-14 13:32 -------- d-----w- c:\programmi\uTorrent
2010-03-12 15:07 . 2010-03-12 15:03 -------- d-----w- c:\programmi\File comuni\AVSMedia
2010-03-12 15:07 . 2010-03-12 15:03 -------- d-----w- c:\programmi\AVS4YOU
2010-03-12 15:07 . 2008-09-01 16:01 -------- d-----w- c:\programmi\Idoru
2010-03-12 15:04 . 2010-03-12 15:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\AVS4YOU
2010-03-12 15:04 . 2010-03-12 15:04 -------- d-----w- c:\documents and settings\Alessandro\Dati applicazioni\AVS4YOU
2010-03-10 06:15 . 2001-12-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 20:04 . 2010-03-08 20:08 85504 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-03-07 20:12 . 2010-03-07 19:52 1 ----a-w- c:\documents and settings\Luca Giova\Dati applicazioni\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-07 19:51 . 2010-03-07 19:51 -------- d-----w- c:\documents and settings\Luca Giova\Dati applicazioni\OpenOffice.org
2010-03-02 17:27 . 2010-03-03 14:38 89088 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-03-02 17:27 . 2010-03-03 14:38 1144320 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-03-02 17:19 . 2010-03-02 17:19 -------- d-----w- c:\programmi\One-click Multimedia Jukebox
2010-02-28 16:00 . 2010-02-28 16:06 23040 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-02-28 16:00 . 2010-02-28 16:06 1135616 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-02-27 20:42 . 2010-02-28 13:57 119296 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2010-02-25 06:16 . 2001-12-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-12-04 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 16:09 . 2010-02-18 13:34 295424 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2010-02-17 16:09 . 2010-02-18 13:34 1121792 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2010-02-17 12:05 . 2001-12-04 12:00 2193664 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2001-08-30 21:33 2070528 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2001-12-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-12-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-09 14:40 . 2010-02-09 14:40 79744 ----a-w- c:\documents and settings\Luca Giova\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2010-02-02 15:18 . 2010-02-04 13:12 1100800 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2010-02-02 15:18 . 2010-02-04 13:12 24576 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2010-02-01 12:21 . 2010-02-01 19:54 469504 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2010-02-01 12:21 . 2010-02-01 19:54 1099776 ----a-w- c:\windows\Internet Logs\xDB6.tmp
.

------- Sigcheck -------

[-] 2009-03-23 . 90F406811EE1EEE294792D00E21CA16C . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-13 . 9259170D29B5A256735FCB8B80280857 . 510464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2005-11-28 . 1DBD3966123AC2F6ADE783F7F17F8C7F . 504832 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-04-01 17:16 193472 ------w- c:\programmi\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Zone Labs Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-14 755472]
"V0420Mon.exe"="c:\windows\V0420Mon.exe" [2007-04-30 32768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\ANNA\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Luca Giova\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 3.1.lnk - c:\programmi\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
2007-04-30 01:00 32768 ----a-w- c:\windows\V0420Mon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSN"=c:\programmi\MSN\MSNCoreFiles\MSN6.EXE -email
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [08/01/2006 21.18.39 164992]
R2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [08/01/2006 21.18.38 12544]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [17/04/2010 15.26.58 99648]
S2 gupdate1c98c21930495f0;Google Update Service (gupdate1c98c21930495f0);c:\programmi\Google\Update\GoogleUpdate.exe [11/02/2009 10.20.13 133104]
S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wadv11nt.sys [27/11/2005 20.43.23 11935]
S3 mousesystems;Windows Serial MouseSystems Mouse;c:\windows\system32\drivers\mousesys.sys [17/10/2006 19.24.14 14225]
S3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\drivers\netr73.sys [15/11/2008 14.33.03 256000]
S3 zlportio;zlportio;\??\c:\documents and settings\Alessandro\Desktop\Ale\ultrastardx-101a-full\ultrastardx-101a-full\zlportio.sys --> c:\documents and settings\Alessandro\Desktop\Ale\ultrastardx-101a-full\ultrastardx-101a-full\zlportio.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/01/2009 21.07.56 721904]
.
Contenuto della cartella 'Scheduled Tasks'

2010-04-30 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-02-13 11:03]

2010-04-30 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-11 23:53]

2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-11 08:19]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-02-11 08:19]

2010-01-26 c:\windows\Tasks\SmartDefrag.job
- c:\programmi\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-01 12:48]

2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{03866F64-E8D2-42A0-B898-5BE3E6C91D3A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2010-04-30 c:\windows\Tasks\Windows Messenger.job
- c:\progra~1\MESSEN~1\msmsgs.exe [2005-11-27 18:14]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://ecosia.org/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\d5pc48v1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\d5pc48v1.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\d5pc48v1.default\extensions\{2bae58c2-79f9-45d1-a286-81f911301c3a}\components\FFAlert.dll
FF - component: c:\documents and settings\Alessandro\Dati applicazioni\Mozilla\Firefox\Profiles\d5pc48v1.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\programmi\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-fsm - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-04-30 14:52:25
ComboFix-quarantined-files.txt 2010-04-30 12:52
ComboFix2.txt 2010-01-26 13:13

Pre-Run: 31.363.444.736 byte disponibili
Post-Run: 31.349.784.576 byte disponibili

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E1F776557EA932F25BAFFA35EE8A1695
Torna in alto
 
alesgiov
Inviato: Saturday, May 01, 2010 5:39:54 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
Ecco sopra il log di Combofix. Gradirei risposte.

P.S.: @ r16: voglio fare il possibile per mantenere un mondo pulito, almeno dal punto di vista ambientale, visto che in quello politico ormai siamo proprio in un mondo sporco e quindi nel mio piccolo faccio quello che posso per salvare il mondo, in questo caso le foreste...Tanto è un semplice gesto che non costa nulla a noi e ci guadagna il mondo...C'è gente che dice che non è vero, ma io rispondo: se non fosse vero amen, non salvi nulla, ma se fosse vero stiamo facendo del bene.
Torna in alto
 
paolopa
Inviato: Saturday, May 01, 2010 6:13:17 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
avevo capito che avevi eseguito combofix e mbam e non ti avevano trovato nulla,invece temo che parlassi di vecchie scansioni...meno male che hai rifatto combo,ti ha levato qualche infezione.
aspettando r16 potresti fare una scansione con mbam e postare quel log:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
se trova infezioni posta il log che ti rilascera'.
ricordati di aggiornarlo,è cambiata anche la versione del programma in questi giorni.
Torna in alto
 
alesgiov
Inviato: Monday, May 03, 2010 12:41:51 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
Ok grazie...Adesso scansiono...Le infezioni trovate le devo cancellare?
Torna in alto
 
paolopa
Inviato: Monday, May 03, 2010 12:45:29 PM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
bè,se ne trova e le metti in quarantena in caso di falsipositivi puoi sempre ripristinerle.
Torna in alto
 
fdaccc
Inviato: Monday, May 03, 2010 2:35:40 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Elimina e basta, non ho mai visto falsi positivi con Malwarebytes.
Torna in alto
 
ecofive
Inviato: Monday, May 03, 2010 3:07:01 PM

Rank: AiutAmico

Iscritto dal : 6/20/2008
Posts: 7,111
Fdaccc, per eliminare c'è sempre tempo. Un po' di prudenza ci deve sempre essere.

Ciao.
Torna in alto
 
alesgiov
Inviato: Wednesday, May 19, 2010 8:33:43 PM
Rank: AiutAmico

Iscritto dal : 1/8/2010
Posts: 38
In ritardo ecco anche MBAM, come suggeritomi da paolopa.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4108

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

17/05/2010 19.12.51
mbam-log-2010-05-17 (19-12-51).txt

Tipo di scansione: Scansione completa (A:\|C:\|D:\|)
Elementi esaminati: 213433
Tempo trascorso: 3 ore, 54 minuti, 25 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)
Torna in alto
 
paolopa
Inviato: Thursday, May 20, 2010 6:19:23 AM

Rank: AiutAmico

Iscritto dal : 10/14/2008
Posts: 2,777
mbam non ha trovato nulla,come ti sembra vada il pc dopo le eliminazioni di combofix?è migliorato?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Computer ancora lento...troppo lento...


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.