Condividi:
Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!
Moderatori: m.paolo, kadosh, Luke57
di pepper70 » 04/02/13 15:15
Salve a tutti, da qualche giorno avviando Google Chrome si aprono contemporaneamente due schede.
In pratica due pagine Google gemelle, l'unica differenza è che nella prima scheda soltanto compare il simbolino del lucchetto. Sarà solo casualità ma da quando ho notato questo particolare il mio sistema è rallentato notevolmente, l' avvio è una tragedia, tempi biblici pur avendo hd quasi vuoto.Non vorrei ci fosse un virus visto che Microsoft essenzial non riusciva ad aggiornarsi.Nel dubbio l'ho disinstallato e ho messo su Avira, ho scansionato ance in modalità provvisoria e, pur non rilevando virus l'avvio è lentissimo.
Potreste gentilmente aiutarmi a capire? Il mio So è Xp Prof service pack 3. Grazie.
-
pepper70
- Utente Senior
-
- Post: 111
- Iscritto il: 20/03/09 15:17
di pepper70 » 04/02/13 15:58
Salve, sperando di esservi d'aiuto posto il report di Combofix.
Ringrazio anticipatamente chiunque voglia dargli un'occhiata e farmi sapere in che modo procedere.
Ancora grazie e buon lavoro
- Codice: Seleziona tutto
ComboFix 13-02-03.03 - Administrator 04/02/2013 15.33.44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.510.222 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Documenti\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((( Files Creati Da 2013-01-04 al 2013-02-04 )))))))))))))))))))))))))))))))))))
.
.
2013-02-01 17:18 . 2013-02-01 17:18 -------- d-----w- c:\programmi\CCleaner
2013-01-31 16:20 . 2012-06-02 14:18 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-01-30 12:09 . 2013-01-30 12:09 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Avira
2013-01-30 12:04 . 2013-01-30 12:04 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2013-01-30 12:04 . 2013-01-30 12:04 -------- d-----r- c:\documents and settings\LocalService\Preferiti
2013-01-30 12:02 . 2013-01-30 11:52 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-30 12:02 . 2013-01-30 11:51 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-30 12:02 . 2013-01-30 11:51 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-30 12:02 . 2013-01-30 12:02 -------- d-----w- c:\programmi\Avira
2013-01-30 12:02 . 2013-01-30 12:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Avira
2013-01-30 12:01 . 2013-01-30 12:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-01-30 11:33 . 2013-01-30 11:33 -------- d-----w- c:\windows\system32\KB905474
2013-01-30 11:13 . 2013-01-30 11:37 -------- d-----w- c:\windows\ie8updates
2013-01-30 09:18 . 2012-11-01 12:17 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-01-30 09:18 . 2012-11-01 12:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-01-30 09:18 . 2012-11-01 12:17 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-01-30 09:18 . 2012-11-01 12:17 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-01-30 09:18 . 2012-11-01 12:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-01-30 09:18 . 2012-11-01 12:17 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-01-30 09:18 . 2012-11-01 12:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-01-30 09:18 . 2012-11-01 12:17 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-01-30 09:13 . 2008-06-14 17:32 272768 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-01-30 09:05 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-01-30 09:05 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-01-30 09:04 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-01-30 08:59 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-01-30 08:53 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-01-30 08:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-01-30 08:44 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-01-30 08:42 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-01-30 08:41 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-01-30 08:41 . 2009-10-15 16:29 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-01-30 08:40 . 2008-05-01 14:34 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-01-30 08:39 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-01-30 08:33 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2013-01-30 08:33 . 2009-03-06 14:19 286208 -c----w- c:\windows\system32\dllcache\pdh.dll
2013-01-30 08:33 . 2009-02-09 11:22 111104 -c----w- c:\windows\system32\dllcache\services.exe
2013-01-30 08:33 . 2009-02-09 10:51 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2013-01-30 08:33 . 2009-02-09 10:51 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2013-01-30 08:33 . 2009-02-09 10:51 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll
2013-01-30 08:33 . 2009-02-09 10:51 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2013-01-30 08:25 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-01-30 08:21 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2013-01-30 08:07 . 2012-05-28 18:17 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2013-01-30 08:05 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-01-30 08:04 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-01-30 07:49 . 2010-12-09 15:15 739840 -c----w- c:\windows\system32\dllcache\ntdll.dll
2013-01-30 07:49 . 2012-08-23 06:27 2152448 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-01-30 07:49 . 2012-08-23 06:27 2196608 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-01-30 07:49 . 2012-08-23 06:27 2031104 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-01-30 07:49 . 2012-08-23 06:27 2073344 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-01-30 07:47 . 2010-07-16 12:02 221696 -c----w- c:\windows\system32\dllcache\wordpad.exe
2013-01-30 07:46 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-01-30 07:46 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-01-30 07:46 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-01-30 07:43 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-01-30 07:41 . 2010-08-16 08:44 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-01-28 19:02 . 2013-01-30 19:20 -------- d-----w- c:\windows\system32\NtmsData
2013-01-28 16:35 . 2008-04-13 18:14 294912 ------w- c:\programmi\Windows Media Player\dlimport.exe
2013-01-28 16:34 . 2008-04-13 18:14 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-01-25 19:44 . 2013-01-25 19:44 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\Malwarebytes
2013-01-25 19:43 . 2013-01-25 19:43 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2013-01-25 19:43 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-25 19:43 . 2013-01-25 20:12 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2013-01-24 19:34 . 2013-01-15 01:49 6991832 ------w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{5BBC1F59-9C59-4F3D-B7D9-8DF1A61CEC42}\mpengine.dll
2013-01-19 18:21 . 2012-05-08 17:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-01-19 17:21 . 2010-11-26 17:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-01-19 13:57 . 2013-01-14 16:25 23376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-19 13:22 . 2013-01-19 13:22 -------- d-----w- c:\documents and settings\Administrator\AppData
2013-01-19 13:19 . 2013-01-19 13:19 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-19 13:19 . 2013-01-19 18:21 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\IObit
2013-01-19 13:19 . 2013-01-19 17:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\IObit
2013-01-19 13:19 . 2013-01-20 21:19 -------- d-----w- c:\programmi\IObit
2013-01-18 21:18 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-18 20:36 . 2013-01-18 20:36 -------- d-----w- c:\programmi\uTorrent
2013-01-18 20:33 . 2013-01-29 08:13 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\uTorrent
2013-01-18 20:10 . 2013-01-27 19:51 -------- d-----w- c:\programmi\Microsoft Security Client
2013-01-18 19:41 . 2013-01-31 16:26 -------- d--h--w- c:\windows\$hf_mig$
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 12:23 . 2004-08-19 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 11:55 . 2004-08-19 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\programmi\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-14 491856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2013-01-30 384800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [19/01/2013 18.21.30 14776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [30/01/2013 13.02.34 36552]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\programmi\IObit\Advanced SystemCare 6\ASCService.exe [19/01/2013 14.19.09 465232]
R2 AntiVirSchedulerService;Avira Pianificatore;c:\programmi\Avira\AntiVir Desktop\sched.exe [30/01/2013 13.02.39 85280]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [25/01/2013 20.43.28 398184]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [25/01/2013 20.43.28 682344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2013 20.43.25 21104]
S3 i740;i740;c:\windows\system32\drivers\i740nt5.sys [14/12/2012 12.14.08 58592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 12:35 1607120 ----a-w- c:\programmi\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-02-01 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\programmi\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-19 16:24]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2002-08-24 03:28]
.
2013-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2002-08-24 03:28]
.
2013-02-01 c:\windows\Tasks\SmartDefragUpdate.job
- c:\programmi\IObit\Smart Defrag 2\AutoUpdate.exe [2013-01-19 10:06]
.
2013-02-01 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\programmi\IObit\Smart Defrag 2\SmartDefrag.exe [2013-01-19 14:11]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyServer = tmg:8080
uInternet Settings,ProxyOverride = hxxp://www.update.microsoft.com;<local>
TCP: DhcpNameServer = 217.12.180.19 217.12.181.97
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-04 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,0f,48,f3,74,27,e2,44,b9,75,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,0f,48,f3,74,27,e2,44,b9,75,27,\
.
[HKEY_USERS\S-1-5-21-725345543-436374069-2146997909-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,2d,69,53,d3,ce,06,4d,85,10,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7f,2d,69,53,d3,ce,06,4d,85,10,5f,\
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2013-02-04 15:45:03
ComboFix-quarantined-files.txt 2013-02-04 14:44
.
Pre-Run: 31.973.777.408 byte disponibili
Post-Run: 31.940.825.088 byte disponibili
.
- - End Of File - - 332116F8FA288F902B7873B6B732585C
Moderazione: sposto nella sezione adatta.
-
pepper70
- Utente Senior
-
- Post: 111
- Iscritto il: 20/03/09 15:17
di Luke57 » 06/02/13 08:26
Ciao, casualmente ho visto che hai chiesto assistenza anche a un altro forum; del tutto legittimo ma al fine di sovrapporre procedure e consigli, continua là e per adesso chiudo la discussione.
-
Luke57
- Moderatore
-
- Post: 6413
- Iscritto il: 11/08/05 19:10
Torna a Sicurezza e Privacy
Topic correlati a "Apertura Google con due schede.Virus?":
Chi c’è in linea
Visitano il forum: Nessuno e 16 ospiti