PC lumaca:che succede? - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC lumaca:che succede?

PC lumaca:che succede?

Opzioni

Topic Precedente · Topic Sucessivo

amicoingrato

Inviato: Saturday, November 15, 2008 11:53:20 PM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822

Grosso guaio in casa.
Oggi a mia figlia si è bloccato due volte il portatile mentre navigava,mostrando due schermate blu che davano l'errore 0x00000077.Dal quel momento è diventato lentissimo e quando si riesce ad accendere,dopo 15/20 minuti riappare la schermata blu.Il PC Ha già fatto da solo uno scandisk ma senza risolvere niente.
posto un log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.34.19, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PmProxy] C:\Programmi\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Programmi\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_04\bin\npjpi160_04.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219855153567
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Programmi\TOSHIBA\TME3\Tmesbs32.exe

--
End of file - 5441 bytes

Torna in alto

Sponsor

Inviato: Saturday, November 15, 2008 11:53:20 PM

Torna in alto

amicoingrato

Inviato: Sunday, November 16, 2008 1:19:29 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822

Posto anche un log di combofix

ComboFix 08-11-13.02 - emma 2008-11-16 0.37.23.1 - NTFSx86
Eseguito da: G:\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_003537_.tmp.dll
c:\windows\system32\_003539_.tmp.dll
c:\windows\system32\_003540_.tmp.dll
c:\windows\system32\_003541_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-10-15 al 2008-11-15 )))))))))))))))))))))))))))))))))))
.

2008-11-16 00:07 . 2008-08-30 12:11 40,960 --a------ c:\windows\system32\drivers\VIRAGTLT.SYS
2008-11-16 00:06 . 2008-11-16 00:27 <DIR> d-------- C:\VEXPLITE
2008-11-15 23:29 . 2003-01-22 10:00 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-11-15 23:29 . 2003-01-22 08:42 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di stampa
2008-11-15 23:29 . 2003-01-22 08:42 <DIR> d--h----- c:\documents and settings\Administrator\Risorse di rete
2008-11-15 23:29 . 2003-01-22 08:56 <DIR> dr------- c:\documents and settings\Administrator\Preferiti
2008-11-15 23:29 . 2003-01-22 08:42 <DIR> d--h----- c:\documents and settings\Administrator\Modelli
2008-11-15 23:29 . 2003-01-22 08:42 <DIR> dr------- c:\documents and settings\Administrator\Menu Avvio
2008-11-15 23:29 . 2008-11-16 00:45 <DIR> d--h----- c:\documents and settings\Administrator\Impostazioni locali
2008-11-15 23:29 . 2003-01-22 08:56 <DIR> dr------- c:\documents and settings\Administrator\Documenti
2008-11-15 23:29 . 2003-01-22 09:52 <DIR> d-------- c:\documents and settings\Administrator\Dati applicazioni\InterTrust
2008-11-15 23:29 . 2008-11-15 23:49 <DIR> dr-h----- c:\documents and settings\Administrator\Dati applicazioni
2008-11-15 23:29 . 2008-11-15 23:29 <DIR> d-------- c:\documents and settings\Administrator
2008-11-15 23:12 . 2008-11-15 23:12 <DIR> d-------- c:\programmi\Trend Micro
2008-11-15 23:11 . 2008-11-15 23:11 <DIR> d-------- c:\programmi\hijack
2008-11-12 17:13 . 2008-11-12 17:13 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 16:23 . 2008-09-04 18:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 16:23 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 10:12 . 2008-11-11 10:12 <DIR> d-------- c:\programmi\K-Lite Codec Pack
2008-11-11 10:12 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll
2008-10-28 12:08 . 2008-10-28 12:08 <DIR> d-------- c:\documents and settings\emma\Dati applicazioni\Friday's games
2008-10-28 12:08 . 2008-10-29 15:19 <DIR> d-a------ c:\documents and settings\All Users\Dati applicazioni\TEMP
2008-10-28 11:57 . 2008-10-28 12:02 241 --a------ c:\windows\QSync.INI
2008-10-28 11:55 . 2002-06-10 14:25 69,632 --a------ c:\windows\system32\lvcoinst.dll
2008-10-28 11:55 . 2002-06-10 14:20 12,112 --a------ c:\windows\system32\drivers\LVUSBSta.sys
2008-10-28 11:55 . 2002-06-10 14:16 5,187 --a------ c:\windows\system32\lvcoinst.ini
2008-10-28 11:54 . 2008-10-28 11:54 <DIR> d-------- c:\programmi\Windows Media Components
2008-10-28 11:53 . 2008-10-28 12:02 <DIR> d--h----- c:\windows\msdownld.tmp
2008-10-28 11:37 . 2001-08-17 22:05 351,616 --a------ c:\windows\system32\drivers\OVCodek2.sys
2008-10-28 11:35 . 2008-10-31 20:00 38 --a------ c:\windows\RealityFusion.ini
2008-10-28 11:32 . 2002-06-10 14:20 414,720 --a------ c:\windows\system32\drivers\lvcodek2.dll
2008-10-28 11:32 . 2002-06-10 14:22 167,936 --a------ c:\windows\system32\lvcodec2.dll
2008-10-28 11:32 . 2002-06-10 14:23 110,592 --a------ c:\windows\system32\LVUI2.dll
2008-10-28 11:32 . 2002-06-10 14:21 102,400 --a------ c:\windows\system32\LVComS.exe
2008-10-28 11:32 . 2002-06-10 14:23 73,728 --a------ c:\windows\system32\LVUI2RC.dll
2008-10-28 11:32 . 2002-06-10 14:20 66,560 --a------ c:\windows\system32\drivers\lvcam2.dll
2008-10-28 11:32 . 2002-06-10 14:21 57,344 --a------ c:\windows\system32\LVComC.dll
2008-10-28 11:32 . 2002-06-10 14:20 39,936 --a------ c:\windows\system32\drivers\lvcd.sys
2008-10-28 11:30 . 2008-10-28 11:30 <DIR> d-------- c:\programmi\Reality Fusion
2008-10-28 11:29 . 2008-10-28 11:53 <DIR> d-------- c:\programmi\Logitech
2008-10-28 11:29 . 2008-10-28 11:56 <DIR> d-------- c:\programmi\File comuni\Logitech
2008-10-28 11:28 . 2008-11-11 09:10 <DIR> d-------- c:\programmi\File comuni\Real
2008-10-28 11:28 . 2008-10-28 11:28 <DIR> d-------- C:\My Music
2008-10-28 11:28 . 2008-10-28 11:56 1,280 --a------ c:\windows\_delis32.ini
2008-10-27 09:44 . 2008-11-15 16:53 <DIR> d-------- c:\programmi\a-squared Free
2008-10-26 13:51 . 2008-10-26 13:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-10-26 13:51 . 2008-10-26 13:51 1,409 --a------ c:\windows\QTFont.for
2008-10-26 11:18 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-10-26 11:18 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-10-26 11:18 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-26 10:56 . 2008-10-26 10:56 4,096 --a------ c:\windows\d3dx.dat
2008-10-25 19:51 . 1996-09-08 23:00 212,480 --a------ c:\windows\system32\PCDLIB32.DLL
2008-10-25 19:51 . 1997-03-03 14:38 192,512 --a------ c:\windows\system32\LTKRN60N.DLL
2008-10-25 19:51 . 1997-03-03 14:38 141,824 --a------ c:\windows\system32\LFCMP60N.DLL
2008-10-25 19:51 . 1997-03-03 14:38 43,008 --a------ c:\windows\system32\LTFIL60N.DLL
2008-10-25 19:51 . 1997-03-03 14:38 22,016 --a------ c:\windows\system32\LFBMP60N.DLL
2008-10-25 19:51 . 1994-09-16 13:00 20,976 --a------ c:\windows\system32\CTL3D.DLL
2008-10-25 19:51 . 2008-10-25 19:51 70 --a------ c:\windows\pixworks.ini
2008-10-25 19:45 . 2008-10-25 19:45 30 --a------ c:\windows\RESULT.QTW
2008-10-25 13:38 . 2008-10-25 13:38 <DIR> d-------- c:\programmi\Microsoft Silverlight
2008-10-25 13:07 . 2008-10-25 13:07 <DIR> d-------- c:\documents and settings\emma\Contacts
2008-10-25 13:05 . 2008-10-25 13:05 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-10-25 13:02 . 2008-10-25 13:06 <DIR> d-------- c:\programmi\Windows Live
2008-10-25 13:02 . 2008-10-25 13:03 <DIR> d--hsc--- c:\programmi\File comuni\WindowsLiveInstaller
2008-10-25 13:01 . 2008-10-25 13:01 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-10-25 11:24 . 2008-10-25 11:24 0 --ah----- c:\windows\SwSys2.bmp
2008-10-25 11:24 . 2008-10-25 11:24 0 --ah----- c:\windows\SwSys1.bmp
2008-10-25 11:06 . 2008-10-25 11:09 <DIR> d-------- C:\Downloads
2008-10-25 10:54 . 2008-10-25 10:54 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Trymedia
2008-10-25 10:47 . 2008-10-15 17:36 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 15:25 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 15:24 . 2008-08-14 14:22 2,192,896 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 15:24 . 2008-08-14 14:22 2,148,864 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:24 . 2008-08-14 14:22 2,069,760 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:24 . 2008-08-14 14:22 2,027,520 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 15:24 . 2008-09-15 16:24 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:23 --------- d-----w c:\documents and settings\emma\Dati applicazioni\OpenOffice.org2
2008-11-15 20:18 --------- d-----w c:\documents and settings\emma\Dati applicazioni\SiteAdvisor
2008-11-11 16:25 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-11 09:48 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-09 14:45 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Barbie Fashion Show
2008-10-27 08:26 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-03 16:58 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 17:33 --------- d-----w c:\programmi\programma musica
2008-09-26 09:30 --------- d-----w c:\documents and settings\emma\Dati applicazioni\.clamwin
2008-09-26 09:29 --------- d-----w c:\programmi\ClamWin
2008-09-15 15:24 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 07:14 --------- d-----w c:\programmi\QuickTime
2008-09-15 07:14 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\QuickTime
2008-09-15 07:11 --------- d-----w c:\programmi\File comuni\Vivendi Universal Games
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 17:26 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-08-27 08:57 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\programmi\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PmProxy"="c:\programmi\Analog Devices\SoundMAX\PmProxy.exe" [2002-11-14 40960]
"00THotkey"="c:\windows\System32\00THotkey.exe" [2003-01-15 08:49 249856]
"TMESBS.EXE"="c:\programmi\TOSHIBA\TME3\TMESBS32.EXE" [2003-01-08 57344]
"TosHKCW.exe"="c:\programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-09-09 49152]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2002-12-04 126976]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-12-10 4866048]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"VIRIT LITE MONITOR"="c:\vexplite\MONLITE.EXE" [2008-10-16 249856]
"nwiz"="nwiz.exe" [2003-12-10 c:\windows\system32\nwiz.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 c:\windows\system32\000StTHK.exe]
"Tpwrtray"="TPWRTRAY.EXE" [2003-01-17 c:\windows\system32\TPWRTRAY.EXE]
"TFncKy"="TFncKy.exe" [BU]
"TFNF5"="TFNF5.exe" [2001-09-04 c:\windows\system32\TFNF5.exe]

c:\documents and settings\emma\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk.disabled [2008-09-01 848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Reality Fusion GameCam SE.lnk]
backup=c:\windows\pss\Reality Fusion GameCam SE.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\programmi\DAEMON Tools Lite\daemon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\programmi\DAEMON Tools Lite\daemon.exe" -autorun
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"SynTPEnh"=c:\programmi\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_04\bin\jusched.exe"
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" -atboottime
"ClamWin"="c:\programmi\ClamWin\bin\ClamTray.exe" --logon
"TouchED"=c:\programmi\TOSHIBA\TouchED\TouchED.Exe
"LogitechGalleryRepair"=c:\programmi\Logitech\ImageStudio\ISStart.exe
"LogitechImageStudioTray"=c:\programmi\Logitech\ImageStudio\LogiTray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-27 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-08-27 76040]
R2 Tmesbs;Tmesbs32;c:\programmi\TOSHIBA\TME3\Tmesbs32.exe /Service [2003-01-22 57344]
R2 viritsvclite;Virit eXplorer Lite;c:\vexplite\viritsvc.exe [2007-10-10 57344]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-27 875288]

*Newly Created Service* - PROCEXP90
*Newly Created Service* - VIRITSVCLITE
.
Contenuto della cartella 'Scheduled Tasks'

2008-11-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\emma\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe []
.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\emma\Dati applicazioni\Mozilla\Firefox\Profiles\4rzgi9nm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://stardoll.girlsgogames.com/it/user/
FF -: plugin - c:\programmi\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 00:47:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-11-16 0.58.00
ComboFix-quarantined-files.txt 2008-11-15 23:57:12

Pre-Run: 12.168.496.640 byte disponibili
Post-Run: 12,164,775,424 byte disponibili

207 --- E O F --- 2008-11-12 16:16:36

Torna in alto

pidue

Inviato: Sunday, November 16, 2008 9:28:46 AM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332

Il log è pulito, ComboFix qualcosa ha eliminato, ma non è un problema di virus, Leggi qui:
http://iblog.webprojectsolution.com/2008/04/24/soluzione-bsod-stop-0x00000077-kernel_stack_inpage_error/

qui:
http://support.microsoft.com/kb/315266/it

e qui.
http://forum.swzone.it/showthread.php?t=88102

Torna in alto

amicoingrato

Inviato: Sunday, November 16, 2008 11:31:24 AM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822

Grazie Pidue,adesso mi metto al lavoro.

Torna in alto

amicoingrato

Inviato: Monday, November 17, 2008 1:56:42 PM

Rank: AiutAmico

Iscritto dal : 10/13/2007
Posts: 822

Ho aggiornato la scheda video come consigliato dai siti che hai postato e il problema è stato risolto.Persiste la lentezza disarmante all'accensione del PC ma data la sua età lo posso anche tollerare.Grazie.

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC lumaca:che succede?

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded