Condividi:        

pc lento e si blocca viruss!!!!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

pc lento e si blocca viruss!!!!!!

Postdi Danivan » 29/03/10 17:09

come letto in alcuni topic ho provato a fare Hijackthis e questo e il risultato, sapete darmi la soluzione,o cosa fare
grazie


Logfile of HijackThis v1.99.1
Scan saved at 18:08, on 2010-03-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\NOTEPAD.EXE
D:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll
O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: sarpbho Class - {28457FA7-4AB0-4DE2-925F-8E49DB98A3FF} - c:\windows\system32\sarp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Programmi\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Stop Dialers.lnk.disabled
O4 - Startup: wkcalrem.LNK.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{752EB091-24CF-4E49-BE44-1AB6269ED10F}: NameServer = 213.21.141.2 213.21.164.2
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Programmi\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programmi\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Sponsor
 

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 29/03/10 17:35

ciao

la versione cha hai di hijackthis e' obsoleta, scarica la nuova versione da qui

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua una alla volta le voci indicate sotto e premi ''kill process'' :

C:\Programmi\Search Settings\SearchSettings.dll

c:\windows\system32\sarp.dll


Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e dopo esserti disconnesso da internet ed aver chiuso tutti i programmi aperti premi ''fix checked'' :

Codice: Seleziona tutto
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll

O2 - BHO: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)

O2 - BHO: sarpbho Class - {28457FA7-4AB0-4DE2-925F-8E49DB98A3FF} - c:\windows\system32\sarp.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\Search Settings\SearchSettings.dll

O4 - HKLM\..\Run: [SearchSettings] C:\Programmi\Search Settings\SearchSettings.exe




scarica e installa malwarebytes

Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 29/03/10 19:37

ecco il risultato

Malwarebytes' Anti-Malware 1.44
Versione del database: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-29 20:34:17
mbam-log-2010-03-29 (20-33-48).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 139946
Tempo trascorso: 9 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 20
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\sarp.sarpbho (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\sarp.sarpbho.1 (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{12bd7c4f-ccdd-448f-a5b2-f0aaf68cba37} (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5c7e7a8c-aab4-4d2e-a356-2ec02b8aa880} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> No action taken.
HKEY_CLASSES_ROOT\AppID\sarp.DLL (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\MSSAR32.dll (Trojan.Agent) -> No action taken.
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 29/03/10 19:55

ciao scusa devi ripetere la scansione, quella che hai fatto non e' completa
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 30/03/10 08:34

ecco qua la scnsione completa,



Malwarebytes' Anti-Malware 1.44
Versione del database: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-30 09:30:08
mbam-log-2010-03-30 (09-29-47).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 245083
Tempo trascorso: 58 minute(s), 52 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 20
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\sarp.sarpbho (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\sarp.sarpbho.1 (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{12bd7c4f-ccdd-448f-a5b2-f0aaf68cba37} (Adware.MatrixSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5c7e7a8c-aab4-4d2e-a356-2ec02b8aa880} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> No action taken.
HKEY_CLASSES_ROOT\AppID\sarp.DLL (Adware.MatrixSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\MSSAR32.dll (Trojan.Agent) -> No action taken.
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 30/03/10 17:09

elimina quello che ha trovato malwarebytes tranne questo

C:\WINDOWS\system32\MSSAR32.dll

controllalo su virustotal
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 31/03/10 07:52

ecco fatto ti riporto una nuova scansione raèida ,ma purtroppo e ancora lento e si blocca

Malwarebytes' Anti-Malware 1.44
Versione del database: 3928
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-03-30 21:02:14
mbam-log-2010-03-30 (21-02-14).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 139873
Tempo trascorso: 9 minute(s), 23 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 20
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\sarp.sarpbho (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sarp.sarpbho.1 (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{12bd7c4f-ccdd-448f-a5b2-f0aaf68cba37} (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5c7e7a8c-aab4-4d2e-a356-2ec02b8aa880} (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f77cdb7-d730-4b5c-a64f-1515df0bfb12} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{28457fa7-4ab0-4de2-925f-8e49db98a3ff} (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{e56b8a14-3f49-4397-a003-316395fe68a7} (Trojan.Dialer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\sarp.DLL (Adware.MatrixSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\MSSAR32.dll (Trojan.Agent) -> Not selected for removal.
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 31/03/10 08:51

scarica combofix sul desktop ed eseguilo
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 31/03/10 17:05

eccoci scansione efettuata con combofix




ComboFix 10-03-29.04 - Omar 2010-03-31 17:53:22.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1014.424 [GMT 2:00]
Eseguito da: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100331-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\sgcqgic.dat
c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\sgcqgic_nav.dat
c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\sgcqgic_navps.dat
c:\programmi\Search Settings
c:\programmi\Search Settings\SearchSettings.exe
c:\programmi\Search Settings\SearchSettingsRes409.dll
c:\windows\gvcasinos.ini
c:\windows\system32\test.ttt
c:\windows\UA000106.DLL

.
original MBR restored successfully !
.
((((((((((((((((((((((((( Files Creati Da 2010-02-28 al 2010-03-31 )))))))))))))))))))))))))))))))))))
.

2010-03-29 18:22 . 2010-01-07 14:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 18:22 . 2010-03-29 18:22 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2010-03-29 18:22 . 2010-01-07 14:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 17:09 . 2010-03-29 17:09 388096 ----a-r- c:\documents and settings\Omar\Dati applicazioni\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-29 17:09 . 2010-03-29 17:09 -------- d-----w- c:\programmi\TrendMicro
2010-03-29 09:09 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-29 09:01 . 2010-03-29 09:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\CA
2010-03-28 21:04 . 2010-03-28 21:04 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-22 08:36 . 2010-03-22 08:36 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\Search Settings
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\windows\system32\config\systemprofile\Dati applicazioni\Application Updater
2010-03-22 08:33 . 2010-03-22 08:33 -------- d-----w- c:\programmi\Application Updater
2010-03-20 15:22 . 2009-01-22 13:28 290816 ----a-w- c:\windows\system32\decdll.dll
2010-03-20 15:22 . 2010-03-22 08:32 -------- d-----w- c:\programmi\Free Video Converter
2010-03-20 15:22 . 2010-03-20 15:22 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\FreeVideoConverter
2010-03-19 20:26 . 2010-03-19 20:26 -------- d-----w- C:\Program Files
2010-03-19 18:32 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\documents and settings\Omar\Impostazioni locali\Dati applicazioni\PCHealth
2010-03-19 17:13 . 2010-03-19 17:13 -------- d-----w- c:\programmi\Windows Defender
2010-03-16 20:04 . 2010-03-16 20:04 -------- d-----w- c:\documents and settings\Omar\.drdivx2
2010-03-09 19:28 . 2010-02-12 10:03 293376 ----a-w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 07:53 . 2006-08-23 03:14 93736 ----a-w- c:\windows\system32\perfc010.dat
2010-03-28 07:53 . 2006-08-23 03:14 510532 ----a-w- c:\windows\system32\perfh010.dat
2010-03-22 08:31 . 2007-01-22 18:04 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-03-22 08:29 . 2007-01-22 18:04 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2010-03-10 21:08 . 2008-07-09 19:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-02-28 15:43 . 2006-08-23 15:50 -------- d-----w- c:\programmi\Google
2010-02-20 17:44 . 2006-08-23 15:47 -------- d-----w- c:\programmi\File comuni\Adobe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 -c--a-w- c:\windows\system32\GPhotos.scr
2010-02-19 20:20 . 2010-02-19 20:20 -------- d-----w- c:\documents and settings\Omar\Dati applicazioni\3M
2010-02-19 20:19 . 2010-02-19 20:19 -------- d-----w- c:\programmi\3M
2010-02-19 16:48 . 2008-12-20 14:02 93640 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-19 08:11 . 2006-08-23 13:39 -------- d--h--w- c:\programmi\InstallShield Installation Information
2010-02-19 08:11 . 2009-10-03 13:15 -------- d-----w- c:\programmi\Alice MOBILE
2010-02-03 20:59 . 2006-12-25 18:05 -------- d-----w- c:\programmi\Microsoft Works
2009-12-31 16:50 . 2006-08-23 03:14 353792 ------w- c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-08-21 202024]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-28 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\programmi\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"AzMixerSel"="c:\programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe" [2006-08-10 217088]
"Switcher.exe"="c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"FLMOFFICE4DMOUSE"="c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe" [2006-12-25 370176]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2005-06-13 192512]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]

c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\
Ritaglio schermata e avvio di OneNote 2007.lnk - c:\programmi\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
wkcalrem.LNK.disabled [2007-1-22 909]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk.disabled [2006-12-27 1748]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 14:11 73728 ------w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk.disabled
backup=c:\windows\pss\Alice ti aiuta.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk.disabled
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk.disabled
backup=c:\windows\pss\BlueSoleil.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Stop Dialers.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Stop Dialers.lnk.disabled
backup=c:\windows\pss\Stop Dialers.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Omar^Menu Avvio^Programmi^Esecuzione automatica^Utilità di avvio Click to DVD Modalità automatica.lnk.disabled]
path=c:\documents and settings\Omar\Menu Avvio\Programmi\Esecuzione automatica\Utilità di avvio Click to DVD Modalità automatica.lnk.disabled
backup=c:\windows\pss\Utilità di avvio Click to DVD Modalità automatica.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 12:38 49152 ----a-w- d:\hp software update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-06-02 09:13 267048 ----a-w- c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:14 1695232 ----a-w- c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 -c--a-w- c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 -c--a-w- c:\programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 13:12 1414144 -c--a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 08:50 413696 ----a-w- c:\programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 09:04 2879488 -c--a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-02-28 15:43 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 18:20 866584 ----a-w- c:\programmi\Windows Defender\MSASCui.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"NBJ"="c:\programmi\Ahead\Nero BackItUp\NBJ.exe"
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
"SpybotSD TeaTimer"=c:\programmi\Spybot - Search & Destroy\TeaTimer.exe
"swg"=c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Alcmtr"=ALCMTR.EXE
"Apoint"=c:\programmi\Apoint\Apoint.exe
"AzMixerSel"=c:\programmi\Realtek\InstallShield\AzMixerSel.exe
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe"
"ehTray"=c:\windows\ehome\ehtray.exe
"HP Component Manager"="c:\programmi\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="d:\hp software update\HPWuSchd2.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"FLMOFFICE4DMOUSE"=c:\programmi\Trust\MI-4550XP WIRELESS OPTICAL MINI MOUSE\Mouse32a.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISBMgr.exe"=c:\programmi\Sony\ISB Utility\ISBMgr.exe
"ISTray"="c:\programmi\Spyware Doctor\pctsTray.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"osCheck"="c:\programmi\Norton AntiVirus\osCheck.exe"
"PrepareYourVAIO"=c:\programmi\Sony\Prepare your VAIO\PYVAlert.exe
"QuickTime Task"="c:\programmi\QuickTime\QTTask.exe" -atboottime
"SkyTel"=SkyTel.EXE
"SonyPowerCfg"="c:\programmi\Sony\VAIO Power Management\SPMgr.exe"
"Switcher.exe"=c:\programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
"VAIO Update 2"="c:\programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3788:TCP"= 3788:TCP:Services
"6076:TCP"= 6076:TCP:Services
"4849:TCP"= 4849:TCP:Services
"8198:TCP"= 8198:TCP:Services
"3537:TCP"= 3537:TCP:Services
"5574:TCP"= 5574:TCP:Services

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2006-12-27 5248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-25 114768]
R2 Application Updater;Application Updater;c:\programmi\Application Updater\ApplicationUpdater.exe [2009-12-16 375296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-25 20560]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 WinDefend;Windows Defender;c:\programmi\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-08-23 226304]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2006-12-27 160640]
S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 135664]
S3 EraserUtilDrv10820;EraserUtilDrv10820;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10820.sys [?]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\DRIVERS\ONDAusbnet.sys --> c:\windows\system32\DRIVERS\ONDAusbnet.sys [?]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys --> c:\windows\system32\drivers\SndTAudio.sys [?]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2009-02-11 3768]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\programmi\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-19 20:12]

2010-03-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmi\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-03-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-03-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2010-03-30 c:\windows\Tasks\User_Feed_Synchronization-{9B4D9B71-1724-4584-A902-18A0D53BB988}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Invia a periferica &Bluetooth... - c:\programmi\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
.
------- Associazioni dei file -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-eMuleAutoStart - k:\emule\emule.exe
MSConfigStartUp-LaunchList - i:\pinacle\LaunchList.exe
AddRemove-eMule - k:\emule1\eMule\Uninstall.exe
AddRemove-HijackThis - g:\software\HijackThis\HijackThis.exe
AddRemove-Secured Internet Explorer - k:\emule\Incoming\SECURE~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 17:58
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x86B5A6C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7662f28
\Driver\ACPI -> 0x86b5a6c8
\Driver\atapi -> atapi.sys @ 0xf74497b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> 0x85de3330
PacketIndicateHandler -> NDIS.sys @ 0xf7319a0d
SendHandler -> NDIS.sys @ 0xf732db40
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-126629373-1407123585-1270340193-1006\*! V*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:f0,8e,b4,33,2e,53,c4,00
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\VESWinlogon.dll
.
Ora fine scansione: 2010-03-31 18:00:34
ComboFix-quarantined-files.txt 2010-03-31 16:00

Pre-Run: 13,413,937,152 byte disponibili
Post-Run: 13,382,209,536 byte disponibili

- - End Of File - - 1B2059971DBB28638DCF8CBC755A9A1F
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 31/03/10 17:56

scarica mbr.exe direttamente nella Directory C:\

vai in modalita' provvisoria

Da Start - Esegui - digita C:\mbr.exe e clicca su OK

Posta il log che troverai in C:\ come mbr.log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 31/03/10 20:01

ho scaricato mbr.exe l ho eseguito in modalita provvisoria . appare un riquadro nero con delle scritte che non riesco neanche a leggere perche sparisce tutto.poi anche per aprire internet devo cliccare 7-8 volte sull icona per aprirlo -

aiutoooo
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 31/03/10 20:10

vai in C:\ e posta il file mbr. log
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 31/03/10 20:16

questo va bene

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x860b6850
\Driver\atapi -> 0x86bda368
NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> 0x8611c330
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 31/03/10 22:32

elimina il file mbr. log che hai copiato da C:\

sempre da provvisoria

clicca su start => esegui => digita: c:\mbr.exe -f
attenzione!: c'è uno spazio prima di -f >>> semmai fai copia-incolla per non sbagiiare
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 01/04/10 07:45

ho fatto.... e ora.
colgo l occasione del messaggio breve per ringraziarti del tempo dedicatomi . grazie
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 01/04/10 09:02

devi postarmi il log, probabilmente hai un'infezione nel' MBR
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 01/04/10 09:28

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0BA50E41
malicious code @ sector 0x0BA50E44 !
PE file found in sector at 0x0BA50E5A !
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 01/04/10 09:40

scarica Norman SinowalMBR Cleaner

Avvia il pc in modalità provvisoria.

Doppio click sull'icona di Norman SinowalMBR Cleaner.exe

Clicca su Accept >>> poi su start scan

Al termine della scansione, viene generato un log sul desktop chiamandolo NFix_2008-MM-GG_hh-mm-ss.log che dovrai postare
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: pc lento e si blocca viruss!!!!!!

Postdi Danivan » 01/04/10 15:57

ecco il log


Norman SinowalMBR Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/13 16:21:18

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/13 16:21:18, Variants: 0

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 3
Logged on user: DANY-IVAN\Omar

Set registry value: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLS = "00 00 00 00 49 4E 44 4F 57 53 5C 73 79 73 74 65 6D 33 32 5C 75 73 65 72 69 6E 69 74 2E 65 78 65 2C 00 33 00 32 00 5C 00 75 00 73 00 65 00 72 00 69 00 6E 00 69 00 74 00 2E 00 65 00 78 00 65 00 2C 00 00 00 DD 0E 57 80 60 72 5E 80 A6 83 5E 80 E4 4E " -> ""
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 01/04/2010 11:14:55

Scanning bootsectors...

Unable to scan for SinowalMBR hooks

Number of sectors found: 0
Number of sectors scanned: 0
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 985ms


Scanning running processes and process memory...

Number of processes/threads found: 585
Number of processes/threads scanned: 585
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 43s


Scanning file system...

Scanning: C:\*.*

C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img/unknown0 (Error whilst scanning file: I/O Error)
C:\Programmi\Nero\Nero8\Nero BackItUp\BackItUp_ImageTool\root.img (Possible archive bomb)

Scanning: D:\*.*


Running post-scan cleanup routine:

Number of files found: 157804
Number of archives unpacked: 7174
Number of files scanned: 157782
Number of files not scanned: 22
Number of files skipped due to exclude list: 0
Number of infected files found: 1
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 3h 24m 0s
Danivan
Utente Junior
 
Post: 77
Iscritto il: 26/08/08 19:19

Re: pc lento e si blocca viruss!!!!!!

Postdi shel » 01/04/10 18:05

fai girare questo programma e togli quello che trova

scarica drweb cureit

Doppio click su cureit.exe e clicca sull'opzione "Avvia" ti chiederà se vuoi effettuare un controllo rapido rispondi SI(Ok)
Finita la scansione, metti il puntino nella casella "completa scansione" clicca sul tasto "Play" per far partire la scansione, se trova qualcosa di infetto hai la possibilità di rimuoverlo subito oppure a fine scansione, finita la scansione fai rimuovere gli elementi infetti, salva il report di fine scansione clicca su File>Salva lista report, poi posta il report che hai salvato
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "pc lento e si blocca viruss!!!!!!":

Pc si blocca spesso.
Autore: pippocarso!
Forum: Discussioni
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 60 ospiti