si spegne il computer durante la scansione

[ennesimo]

ciao,
ho un problema con l'antivirus AVG (molto più probabilmente con un virus più che con l'antivirus!): durante la scansione si spegne il computer e nel resoconto di AVG riporta un errore. ho provato, dopo aver visitato il forum di AVG, a disinstallarlo, scaricarlo e installarlo di nuovo. non è stato utile. ho controlalto facendo scansioni separate del computer che si spegne mentre analizza la cartella di windows. cosa posso fare? esiste una soluzione o devo formattare il computer?
grazie

[THECAPITAN]

Ciao. Prova con un nuovo antivirus, ad esempio AntiVir, e fai una bella scansione con alcuni di questi programmi prelevabili da qui: http://www.pc-facile.com/forum/viewtopic.php?f=7&t=49521
In particolare fai un pò di pulizia con CCleaner e SuperAntispyware . Prova anche Gmer

Se il problema si ripresenta salva i file che ti interessano e passa direttamente alla formattazione.
Ciao.

[ennesimo]

grazie provo con quello allora.
ciao

[shel]

ciao

prova a fare una scansione con combofix

Disattiva l'antivirus e disconnettiti da internet

scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Se hai delle icone di collegamento a programmi sul desktop, crea una cartella apposita e copiale al suo interno

Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

[ennesimo]

mi è venuto fuori questo. e non so se ho fatto quello che dovevo fare... riconosco di essere abbastanza imbranato ma d'altronde ognuno ha la sua croce...

ComboFix 09-07-29.01 - simone 29/07/2009 21:07.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.34.3082.18.2046.907 [GMT 2:00]
Running from: c:\users\simone\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1517834744-153602379-611352507-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2314269960-3266757737-2354539000-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\simone\AppData\Local\Temp\catchme.dll
c:\windows\Installer\28b12b3.msi
c:\windows\Installer\ba48d.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 18:50 . 2009-07-29 18:52 -------- d-----w- C:\desk
2009-07-29 17:47 . 2009-07-29 19:20 117760 ----a-w- c:\users\simone\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 17:45 . 2009-07-29 17:45 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-29 17:43 . 2009-07-29 17:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-29 17:43 . 2009-07-29 17:43 -------- d-----w- c:\users\simone\AppData\Roaming\SUPERAntiSpyware.com
2009-07-29 17:39 . 2009-07-29 17:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 17:31 . 2009-07-29 17:31 -------- d-----w- c:\program files\CCleaner
2009-07-22 14:51 . 2009-07-22 14:51 -------- d-----w- c:\windows\Sun
2009-07-22 14:47 . 2009-07-22 14:47 -------- d-----w- c:\users\simone\AppData\Local\AVG Security Toolbar
2009-07-22 14:42 . 2009-07-22 14:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-22 14:42 . 2009-07-22 14:42 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-22 14:42 . 2009-07-22 14:42 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-22 14:42 . 2009-07-29 12:52 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-22 14:42 . 2009-07-22 14:42 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-22 14:42 . 2009-07-22 14:46 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-07-22 14:12 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-22 14:12 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-22 14:12 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-22 14:12 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-22 14:12 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-22 14:12 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-22 14:12 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-22 14:05 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-22 14:02 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-07-16 12:54 . 2009-07-08 14:40 120088 ----a-w- c:\users\simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907083-0-npoctoshape.dll
2009-07-16 12:53 . 2009-07-08 14:40 397824 ----a-w- c:\users\simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907083-0-libOctoshapeClient.dll
2009-07-16 12:53 . 2009-07-08 14:40 124184 ----a-w- c:\users\simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-0907083-0-apoctoshape.dll
2009-07-15 13:04 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:04 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:04 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:04 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 19:16 . 2007-11-30 09:17 1660 ----a-w- c:\windows\bthservsdp.dat
2009-07-29 18:59 . 2008-08-29 10:07 -------- d-----w- c:\programdata\Avg8
2009-07-28 17:23 . 2008-06-17 13:38 -------- d-----w- c:\users\simone\AppData\Roaming\Skype
2009-07-28 15:22 . 2008-06-17 13:28 -------- d-----w- c:\users\simone\AppData\Roaming\skypePM
2009-07-25 19:45 . 2009-02-11 17:48 1 ----a-w- c:\users\simone\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-22 22:16 . 2008-05-07 14:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-22 14:29 . 2006-11-02 15:46 664368 ----a-w- c:\windows\system32\perfh00A.dat
2009-07-22 14:29 . 2006-11-02 15:46 128552 ----a-w- c:\windows\system32\perfc00A.dat
2009-07-22 14:28 . 2009-02-21 15:41 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-15 22:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-21 13:07 . 2008-05-06 18:40 680 ----a-w- c:\users\simone\AppData\Local\d3d9caps.dat
2009-06-14 09:32 . 2009-06-14 09:32 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb9CDC.tmp.exe
2009-06-10 23:06 . 2007-11-30 14:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 22:04 . 2007-11-30 14:08 -------- d-----w- c:\program files\DivX
2009-06-08 22:03 . 2009-04-26 22:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-14 23:07 . 2009-05-14 23:07 576512 ----a-w- c:\users\simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\pmv302-0810271-0-libOctoshapeClient.dll
2009-05-14 19:00 . 2009-05-14 19:00 120088 ----a-w- c:\users\simone\AppData\Roaming\Mozilla\Plugins\npoctoshape.dll
2009-05-09 05:50 . 2009-07-22 14:04 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-07-22 14:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-07-18 18:52 . 2008-08-28 22:19 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-27 12:35 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-27 1008896]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]
"Octoshape Streaming Services"="c:\users\simone\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-30 1838592]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-30 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-20 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-22 1948440]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-04-08 4423680]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-04-08 1822720]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8962E8B2-06B5-429D-9F2B-44C7BBD9B1D5}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{C93D61E3-04D7-45E0-8C6C-6FD9B9BF7EC8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{AF24EC13-3D92-406A-A4ED-1D76274D33B7}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{8D9325AA-1F8C-4082-B94A-E1AEDC5D552F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{37914579-9200-4335-9830-2CC78A336C30}c:\\users\\simone\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\simone\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{1FC74D83-286F-4E78-B9A9-98956414E6C7}c:\\users\\simone\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\simone\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"{087DEBFD-B955-42BF-B548-0FFDA6DC8797}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{FDF93B36-8CCC-4A08-8AFA-9BC72684DF7D}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"TCP Query User{BEE3928F-7C40-4AE6-9382-3FB63CAFABB0}c:\\program files\\streamerone\\streamerone.exe"= UDP:c:\program files\streamerone\streamerone.exe:StreamerOne
"UDP Query User{643C2E8E-6674-4A0E-9E01-F8451AE81B3A}c:\\program files\\streamerone\\streamerone.exe"= TCP:c:\program files\streamerone\streamerone.exe:StreamerOne
"{053C74D9-B772-4796-998E-CC17A181495B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B0CEA01D-4D68-4A5D-B759-13A142529AA7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6410D57C-87DA-4FF1-9F02-AFEFD0D987C3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{381570F7-7528-4ACC-BE58-A55F7085FF14}"= UDP:60130:emule tcp incoming
"{BB72A643-9333-4A46-9E96-2ADF70A7C14A}"= TCP:60140:emule udp incoming
"{8065EB63-562D-44B1-BE65-68AEAFFCF984}"= Disabled:UDP:4662:eMule_TCP
"{6D5E8F9E-5FB6-4BA7-8F65-3323A60F35B3}"= Disabled:UDP:4672:eMule_UDP
"{11048B77-59F6-4313-ABD4-2791A0F681FB}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{BEA22FF0-C4E2-412E-BAF5-630913CA9C9C}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"TCP Query User{6392C6F2-654C-4653-A111-AD2F33CBA4BA}c:\\users\\simone\\appdata\\roaming\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\simone\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"UDP Query User{DCEB99B9-E342-431E-8067-04E56055D0ED}c:\\users\\simone\\appdata\\roaming\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\simone\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe
"{89A2F4DD-EE02-4456-8A2C-191740BF1EFC}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{629EE9D3-8988-471C-8829-C3D7B70EBF88}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{DAA2B81C-E236-42B4-8ED2-B76DF458B8A1}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-11-15 28464]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-07-22 335752]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-07-22 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-07-28 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-07-28 72944]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-07-22 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-07-22 298776]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-29 17920]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-17 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-17 43904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-07-28 7408]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.blackle.com/
IE: Convertir a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir destino de vínculo en archivo Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir selección a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir vínculos seleccionados a Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\simone\AppData\Roaming\Mozilla\Firefox\Profiles\u3ey0d2v.default\
FF - prefs.js: browser.startup.homepage - www.blackle.com
FF - prefs.js: keyword.URL - hxxp://es.yhs.search.yahoo.com/avg/sear ... -web_es&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\simone\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 21:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3540)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\OpenOffice.org 3\program\scalc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2009-07-29 21:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 19:31

Pre-Run: 117.883.248.640 bytes libres
Post-Run: 117.280.432.128 bytes libres

340 --- E O F --- 2009-07-28 13:20


devo fare qualcosa adesso?

[ennesimo]

questo è il risultato della scansione con antivir stasera dopo aver fatto quello che mi avete consigliato.
è tutto nella norma e posso stare tranquillo?
(non ho ancora fatto i dischi di ripristino, in queste condizioni li posso fare?)




Avira AntiVir Personal
Report file date: miércoles, 29 de julio de 2009 21:56

Scanning for 1577820 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SIMONES

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 08:14:47
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 19:54:59
ANTIVIR2.VDF : 7.1.4.253 1779200 Bytes 19/07/2009 19:55:10
ANTIVIR3.VDF : 7.1.5.47 350720 Bytes 29/07/2009 19:55:12
Engineversion : 8.2.0.234
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 10:52:04
AESCRIPT.DLL : 8.1.2.21 450939 Bytes 29/07/2009 19:55:38
AESCN.DLL : 8.1.2.4 127348 Bytes 29/07/2009 19:55:35
AERDL.DLL : 8.1.2.4 430452 Bytes 29/07/2009 19:55:30
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 15:07:20
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 29/07/2009 19:55:28
AEHEUR.DLL : 8.1.0.147 1884536 Bytes 29/07/2009 19:55:27
AEHELP.DLL : 8.1.5.3 233846 Bytes 29/07/2009 19:55:23
AEGEN.DLL : 8.1.1.51 352629 Bytes 29/07/2009 19:55:17
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 29/07/2009 19:55:13
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 09:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: miércoles, 29 de julio de 2009 21:56

Starting search for hidden objects.
'102875' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'scalc.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'scalc.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'OctoshapeClient.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'MarketingTools.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'Switcher.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'avgcsrvx.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'avgemc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'avgnsx.exe' - '1' Module(s) have been scanned
Scan process 'avgrsx.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avgwdsvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
85 processes with 85 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: jueves, 30 de julio de 2009 01:25
Used time: 3:28:25 Hour(s)

The scan has been done completely.

27651 Scanned directories
622475 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
622472 Files not concerned
5510 Archives were scanned
3 Warnings
2 Notes
102875 Objects were scanned with rootkit scan
0 Hidden objects were found

[shel]

apri una pagina del blocco note e copia incolla quanto segue;

killAll
file::

c:\windows\Installer\28b12b3.msi
c:\windows\Installer\ba48d.msi
c:\windows\bthservsdp.dat
c:\windows\system32\perfh00A.dat
c:\windows\system32\perfc00A.dat
c:\users\simone\AppData\Local\d3d9caps.dat
c:\programdata\Google\Google Toolbar\Update\gtb9CDC.tmp.exe

salva la pagina nominandola obligatoriamente in CFScript.txt
a questo punto trascina e lascia il file CFScript.txt sull'icona di combofix
lascialo lavorare fino alla fine e riposta il suo log ...

[ennesimo]

nooooooo
ho portato il computer a formattare pensando che non ci fosse piu nulla da fare...
se in questo modo che mi consigli è sicuro che funzioni forse posso andare domani mattina per vedere che non lo formattino...
dimmi te. è meglio evitarla la formattazione? o è lo stesso?

[shel]

ciao

io non capissco proprio.....prima chiedi assistenza poi porti il pc a formattare per pochi virus?

vedi se riesci a receperare il pc

[ennesimo]

è che non avevo capito che la cosa si poteva risolvere... non avevo capito che la cosa si faceva a tappe... pensavo che avendo seguito il consiglio che mi avevi dato avrebeb gia funzionato. spero di poter recuperare il computer

[ennesimo]

ah, grazie mille.
se domani lo recupero, dopo aver fatto quello che mi hai detto dovrebbe essere risolto o devo fare altre cose?

[shel]

prova a recuperare il pc e continuiamo con le pulizie

sarebbe inutile altrimenti.........(non pensi?)

[ennesimo]

purtroppo sono stati inaspettatamente tempestivi e lo avevano gia formattato da ieri sera...
per la prossima volta lo so e saprò che qui c'è gente gentile ed esperta disposta ad aiutare.
ti ringrazio davvero, in ogni modo.
ora speriamo di non prendere altri virus.in quel caso mi rivolgerei a questo forum sicuramente.
intanto che mi consigli come prevenzione?

[shel]

la prevenzione sta nel visitare siti sicuri e non scaricare mai cio' che non si conosce

come aiuto, puoi usare l'ottimo avira free, che manca della scansione della posta e che puoi avere questa opzione con meno di 20 euro l'anno

poi usa un buon firewall....qui trovi una vasta scelta di accessori per completare la sicureza del tuo pc

http://www.pc-facile.com/download/