www.MegaLab.it

da **onekef** » dom lug 04, 2010 10:48 pm

Ciao a tutti,ho un pc fisso con xp che fa le bizze,qualche giorno fa aprendo un file da un cd Avira mi ha rivelato un paio di virus che però pensavo aver rimosso,ma da come si comporta il pc pare proprio di no,succede questo: rallentamento generale,per aprire il browser firefox ci vuogliono circa 30 sec,a volte quando lo spengo non si spegne,in pratica va via il segnale video sul monitor ma si sentono le ventole che vanno e il led rimane acceso e son costretto a spegnere brutalmente,a volte si spegne poi spengo l'interruttore per la corrente che c'è dietro,ma quando lo riaccendo (l'interruttore non il pc) il pc si avvia senza che io schiacci accensione,a volte si accende ma non c'è segnale video,mi si bloccano i programmi in generale dopo un tot crashano e si puo anche riavviare il pc,da solo,oggi mi è capitato durante un'ulteriore scansione con avira. dai per adesso è gia troppo,vorrei solo fare un po di pulizia generale e dare una controllata come si deve a cosa c'è in questa macchina che non va,uso gia avira antivir,pc tools firewall plus e a volte gli faccio fare un giro anche a Malware Anti-bytes,ma logicamente i migliori antivirus siamo noi utenti :) vi ringrazio

da **crazy.cat** » lun lug 05, 2010 7:13 am

Io mi preoccuperei dei vari spegnimenti e mancate riaccensioni.
Comincia a pulire l'interno del pc dalla polvere, provare a staccare le ram magari provandone una alla volta se ne hai due, vedi se poi cambia qualcosa.
Poi se non risolvi niente farei un pensiero all'alimentatore prima di tutto.

Per eventuali virus dovresti dirci cosa ha trovato avira e in quali file e mostrare un log della scansione di combofix.

da **onekef** » sab lug 10, 2010 4:33 pm

ciao cat :)
inanzitutto grazie

Comincia a pulire l'interno del pc dalla polvere, provare a staccare le ram magari provandone una alla volta se ne hai due, vedi se poi cambia qualcosa

ho aperto il pc e pulito dalla (non poca) polvere,per staccare e riattacare le ram devo aspettare un'attimo perché non lo ho mai fatto e aprendo il pc era tutto agganciato con un certo casino quindi non lo posso fare in 5 minuti appena ho uin'attimo lo faccio.
questo è il risultato di combofix

Codice: Seleziona tutto: ComboFix 10-07-09.02 - nomeutente 10/07/2010 17.94.02.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.39.1040.18.512.283 [GMT 2:00] Eseguito da: c:\documents and settings\nomeutente\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} * Creato nuovo punto di ripristino . ((((((((((((((((((((((((((((((((((((( Altre eliminazioni ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programmi\WinPCap c:\programmi\WinPCap\daemon_mgm.exe c:\programmi\WinPCap\INSTALL.LOG c:\programmi\WinPCap\NetMonInstaller.exe c:\programmi\WinPCap\npf_mgm.exe c:\programmi\WinPCap\rpcapd.exe c:\programmi\WinPCap\Uninstall.exe c:\windows\start.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Driver/Servizi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Creati Da 2010-06-10 al 2010-07-10 ))))))))))))))))))))))))))))))))))) . 2010-07-10 14:48 . 2010-07-10 14:47 398336 ----a-w- c:\windows\system32\CF14214.exe 2010-06-19 17:04 . 2010-05-06 10:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-10 15:07 . 2008-10-03 13:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP 2010-07-10 15:04 . 2009-05-23 11:08 -------- d-----w- c:\documents and settings\JESSICA\Dati applicazioni\WTablet 2010-07-10 14:38 . 2010-03-14 23:04 -------- d-----w- c:\programmi\Crawler 2010-07-04 11:57 . 2008-11-17 16:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Bluetooth 2010-06-30 16:45 . 2003-04-08 12:00 79292 ----a-w- c:\windows\system32\perfc010.dat 2010-06-30 16:45 . 2003-04-08 12:00 478808 ----a-w- c:\windows\system32\perfh010.dat 2010-06-06 14:00 . 2009-02-20 12:23 -------- d-----w- c:\programmi\PokerStars.IT 2010-05-30 17:16 . 2009-02-09 09:58 -------- d-----w- c:\programmi\Full Tilt Poker 2010-05-25 17:09 . 2010-05-25 17:09 503808 ----a-w- c:\documents and settings\JESSICA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65ca6979-n\msvcp71.dll 2010-05-25 17:09 . 2010-05-25 17:09 499712 ----a-w- c:\documents and settings\JESSICA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65ca6979-n\jmc.dll 2010-05-25 17:09 . 2010-05-25 17:09 61440 ----a-w- c:\documents and settings\JESSICA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ed7bce7-n\decora-sse.dll 2010-05-25 17:09 . 2010-05-25 17:09 348160 ----a-w- c:\documents and settings\JESSICA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65ca6979-n\msvcr71.dll 2010-05-25 17:09 . 2010-05-25 17:09 12800 ----a-w- c:\documents and settings\JESSICA\Dati applicazioni\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ed7bce7-n\decora-d3d.dll 2010-05-20 14:56 . 2009-03-06 09:37 -------- d-----w- c:\programmi\Google 2010-05-20 14:44 . 2004-11-07 22:40 -------- d-----w- c:\programmi\File comuni\Adobe 2010-05-20 14:13 . 2009-03-08 10:16 -------- d-----w- c:\programmi\CCleaner 2010-05-17 22:35 . 2010-05-17 22:35 -------- d-----w- c:\programmi\Veoh Networks 2010-05-17 17:35 . 2010-05-17 17:35 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\WTablet 2010-05-17 14:07 . 2005-01-02 13:42 26000 ----a-w- c:\documents and settings\JESSICA\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT 2010-05-17 14:06 . 2010-05-17 14:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\FLEXnet 2010-05-17 13:40 . 2010-05-17 13:40 -------- d-----w- c:\programmi\Adobe Media Player 2010-05-12 17:04 . 2009-01-09 15:40 -------- d-----w- c:\programmi\Java 2010-05-06 10:32 . 2006-06-23 11:28 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 08:06 . 2003-04-08 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:30 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 15:29 . 2010-05-12 17:04 411368 ----a-w- c:\windows\system32\deployJava1.dll 2009-03-02 21:48 . 2009-03-02 21:48 311287 ----a-w- c:\programmi\uploader.zip 2009-03-02 21:47 . 2009-03-02 21:47 870066 ----a-w- c:\programmi\SoftickPPP234-en.zip 2005-01-02 13:19 . 2005-01-02 13:19 261 ---ha-w- c:\programmi\hpothb07.tif 2005-01-02 13:19 . 2005-01-02 13:19 148 ---ha-w- c:\programmi\hpothb07.dat . ((((((((((((((((((((((((((((((((((((( Punti Reg Caricati )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* i valori vuoti & legittimi/default non sono visualizzati. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2008-10-01 07:40 192960 ------w- c:\programmi\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00PCTFW"="c:\programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056] "SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-02-18 248040] "avgnt"="c:\programmi\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyDocs"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^JESSICA^Menu Avvio^Programmi^Esecuzione automatica^Adobe Gamma.lnk] path=c:\documents and settings\JESSICA\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-02-15 17:07 141608 ----a-w- c:\programmi\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programmi\\eMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programmi\\Bonjour\\mDNSResponder.exe"= "c:\\Programmi\\iTunes\\iTunes.exe"= "c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"= R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [10/03/2009 13.04.28 159600] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programmi\Avira\AntiVir Desktop\sched.exe [24/02/2010 15.42.31 108289] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [10/03/2009 13.04.29 73840] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [23/05/2009 13.07.16 1373480] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [10/03/2009 13.03.37 95640] R3 Tunx00;FunTV Video Capture;c:\windows\system32\drivers\Tunx00.sys [08/11/2004 0.35.30 302720] R3 TxTuner;FunTV TV Tuner;c:\windows\system32\drivers\TxTuner.sys [13/11/2004 12.48.09 26880] S2 gupdate;Servizio di Google Update (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [25/02/2010 3.04.01 135664] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programmi\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 14.49.20 227232] . Contenuto della cartella 'Scheduled Tasks' 2006-04-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8100293262.job - c:\programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52] 2010-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-25 01:03] 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programmi\Google\Update\GoogleUpdate.exe [2010-02-25 01:03] . . ------- Scansione supplementare ------- . uStart Page = hxxp://it.msn.com uInternet Settings,ProxyServer = <local> uInternet Settings,ProxyOverride = <local>;*.local IE: Blocca informazioni personali da questo sito - file://c:\programmi\GhostSurf\info.block.html IE: Blocca popups in questo sito - file://c:\programmi\GhostSurf\popup.block.html IE: Blocca questa pubblicità - file://c:\programmi\GhostSurf\menu.blockimg.html IE: Crawler Search - tbr:iemenu IE: Google Sidewiki... - c:\programmi\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Permetti alle informazioni personali di raggiungere questo sito - file://c:\programmi\GhostSurf\info.allow.html IE: Permetti popups in questo sito - file://c:\programmi\GhostSurf\popup.allow.html IE: Permetti questa pubblicità - file://c:\programmi\GhostSurf\menu.allowimg.html IE: {{4B21E152-BA59-4ebf-B522-8C55B265EE1A} - c:\programmi\PartyItalia\PartyPokerIt\RunApp.exe IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe TCP: {15176DD8-9E80-459C-9F94-7CE3C257A2D5} = 192.168.1.1 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmi\Crawler\ctbr.dll DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\documents and settings\JESSICA\Dati applicazioni\Mozilla\Firefox\Profiles\1jkgijvz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.it FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=it-IT&FORM=MICIW1&q= FF - component: c:\programmi\Crawler\firefox\components\xcomm.dll FF - component: c:\programmi\Crawler\firefox\components\xshared.dll FF - component: c:\programmi\Crawler\firefox\components\xsupport.dll FF - component: c:\programmi\Crawler\firefox\components\xwsg.dll FF - plugin: c:\programmi\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\programmi\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programmi\Mozilla Firefox\plugins\npdeployJava1.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programmi\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programmi\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - CHIAVI ORFANE RIMOSSE - - - - MSConfigStartUp-SoftickPPP - c:\programmi\Softick\PPP\Bin\PPPGate.exe AddRemove-Virgin Poker - c:\poker\Virgin Poker\_SetupPoker.exe_a12148.exe AddRemove-WinPcapInst - c:\programmi\WinPcap\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-10 17:06 Windows 5.1.2600 Service Pack 3 NTFS scansione processi nascosti ... scansione entrate autostart nascoste ... Scansione files nascosti ... Scansione completata con successo Files nascosti: 0 ************************************************************************** . --------------------- Dlls caricate dai processi in esecuzione --------------------- - - - - - - - > 'explorer.exe'(2656) c:\windows\system32\WININET.dll c:\windows\system32\webcheck.dll . ------------------------ Altri processi in esecuzione ------------------------ . c:\programmi\Avira\AntiVir Desktop\avguard.exe c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programmi\Bonjour\mDNSResponder.exe c:\programmi\Java\jre6\bin\jqs.exe c:\programmi\PC Tools Firewall Plus\FWService.exe c:\windows\system32\WTablet\Pen_TabletUser.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Ora fine scansione: 2010-07-10 17:17:25 - Il pc è stato riavviato ComboFix-quarantined-files.txt 2010-07-10 15:17 Pre-Run: 45.102.333.952 byte disponibili Post-Run: 45.285.527.552 byte disponibili - - End Of File - - C15BDE0B51A1168E5B545CECBF79A0E9

nel frattempo faccio nuova scansione con avira e poi posto il risultato.
da quando ti ho scritto non lo avevo ancora acceso il pc e oggi è uscito questo dopo un'avviso che non ho segnato:
''identificativo
BCCode :a BCP1: 00000000 BCP2:00000002 BCP3:00000001 BCP4:804DC11D OSVer: 5_1_2600 SP:3_0 Product : 768_1
Nella segnalazione errori verranno inclusi i seguenti file.
C:\DOCUME''''1\NOMEUTENTE\IMPOST''''1\temp\WERe923.dir00\mini070510-01.dmp

C:\docume'''''1\nome utente\impost'''''1\temp\WERe923.dir00\sysdata.xml

ok appena finisce la scansione avira posto grazie ancora cat :)

da **onekef** » sab lug 10, 2010 5:55 pm

crazycat ecco anche il report di avira

Avira AntiVir Personal
Report file date: sabato 10 luglio 2010 17:46

Scanning for 2329261 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JESSICA-H031UQ8

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09/03/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:45:33
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:45:49
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:45:53
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:14:10
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 21:57:24
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 13:16:01
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 13:16:01
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 13:16:01
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 13:16:01
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 13:16:01
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 13:16:01
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 13:16:01
VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 17:01:36
VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 17:01:38
VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 17:01:40
VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 15:28:46
VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 15:28:47
VBASE018.VDF : 7.10.8.194 133632 Bytes 27/06/2010 15:28:47
VBASE019.VDF : 7.10.8.220 134656 Bytes 29/06/2010 15:28:47
VBASE020.VDF : 7.10.8.252 171520 Bytes 04/07/2010 14:31:33
VBASE021.VDF : 7.10.9.19 131072 Bytes 06/07/2010 14:31:34
VBASE022.VDF : 7.10.9.36 297472 Bytes 07/07/2010 14:31:35
VBASE023.VDF : 7.10.9.37 2048 Bytes 07/07/2010 14:31:35
VBASE024.VDF : 7.10.9.38 2048 Bytes 07/07/2010 14:31:35
VBASE025.VDF : 7.10.9.39 2048 Bytes 07/07/2010 14:31:35
VBASE026.VDF : 7.10.9.40 2048 Bytes 07/07/2010 14:31:35
VBASE027.VDF : 7.10.9.41 2048 Bytes 07/07/2010 14:31:35
VBASE028.VDF : 7.10.9.42 2048 Bytes 07/07/2010 14:31:35
VBASE029.VDF : 7.10.9.43 2048 Bytes 07/07/2010 14:31:36
VBASE030.VDF : 7.10.9.44 2048 Bytes 07/07/2010 14:31:36
VBASE031.VDF : 7.10.9.56 112640 Bytes 09/07/2010 14:31:36
Engineversion : 8.2.4.10
AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 20:43:10
AESCRIPT.DLL : 8.1.3.39 1335674 Bytes 10/07/2010 14:31:38
AESCN.DLL : 8.1.6.1 127347 Bytes 13/05/2010 10:59:10
AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 20:43:11
AERDL.DLL : 8.1.4.6 541043 Bytes 15/04/2010 21:57:36
AEPACK.DLL : 8.2.2.5 430453 Bytes 30/06/2010 15:28:52
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 10/07/2010 14:31:37
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 30/06/2010 15:28:52
AEHELP.DLL : 8.1.11.6 242038 Bytes 30/06/2010 15:28:49
AEGEN.DLL : 8.1.3.13 381300 Bytes 10/07/2010 14:31:37
AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 20:43:05
AECORE.DLL : 8.1.15.3 192886 Bytes 13/05/2010 10:59:08
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 20:43:03
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 24/02/2010 13:46:16
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: sabato 10 luglio 2010 17:46

Starting search for hidden objects.
'50432' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '49' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\System Volume Information\_restore{A19A80DD-0E62-465B-90E5-79916EF8C69A}\RP411\A0131684.exe
[DETECTION] Is the TR/Genome.bjgv Trojan

Beginning disinfection:
C:\System Volume Information\_restore{A19A80DD-0E62-465B-90E5-79916EF8C69A}\RP411\A0131684.exe
[DETECTION] Is the TR/Genome.bjgv Trojan
[NOTE] The file was moved to '4c69a665.qua'!

End of the scan: sabato 10 luglio 2010 18:56
Used time: 1:08:15 Hour(s)

The scan has been done completely.

8554 Scanned directories
166283 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
166281 Files not concerned
1125 Archives were scanned
1 Warnings
2 Notes
50432 Objects were scanned with rootkit scan
0 Hidden objects were found

sono a tua disposizione :) ancora grazie

da **markinson** » sab lug 10, 2010 6:30 pm

Ciao Onekef. [:)]

Ti dispiace se (insieme, ok? [;)]

) mettiamo un po' d'ordine a questo argomento?
Purtroppo il tuo elaboratore ha diversi problemi, però, seguendo gli ultimi interventi, dire di orientarci (almeno in questa prima fase) verso l'aspetto sicurezza.
Allora, facciamo così:

sposto la discussione nella sezione del forum che riguarda questo ambito, la "Sicurezza", appunto;
aggiusto un pochino il titolo, per rendere più chiaro di cosa stiamo discutendo;
per gli altri problemi, ti invito ad aprire altrettanti nuovi argomenti cerchiamo di rispettare la seguente regola una discussione = un argomento così facendo sarà più facile, per chi volesse, fornire un contributo alla causa e, dall'altra parte, risulterà più agevole capire come muoversi.

Tutto per cercare di rispettare il nostro [book]

Regolamento [book]

, ok?

Ultimissima cosa: dalla lettura veloce del log di Avira, sembrerebbe presente un virus/trojan nei punti di ripristino.
Ora, sei nelle mani di crazy.cat che sono eccellenti mani ( [;)]

), ma fin d'ora posso suggerirti di disattivare la creazione dei punti di ripristino sul tuo elaboratore, riavviare tutto, ripetere la scansione, dire ad Avira di rimuovere quello che ha trovato, fare una ulteriore scansione e postare nuovamente il log.
Ok?

da **crazy.cat** » sab lug 10, 2010 6:54 pm

Per il virus, se è solo quello che si vede nel log, segui le istruzioni di markinson e vedi se smette di segnalartelo.

Per il resto combofix ti ha eliminato (non so perché) WinPCap, se è un programma che usi, o se smette di funzionare qualcosa devi reinstallarlo.

per i riavvii ed errori vari, fai pulizia per bene e se si ripetono apri una discussione nella sezione windows (poi eventualmente si sposta in hardware)

da **onekef** » dom lug 11, 2010 11:48 am

ok cercherò di essere piu ordinato e scusatemi.
ora cerco di disattivare la creazione dei punti di ripristino faccio tutto e poi posto il log.
ok in questo 3d parleremo solo dei problemi di sicurezza quindi qualsiasi altra cosa apro altro 3d :)
scusate ancora

da **onekef** » dom lug 11, 2010 1:57 pm

ciao :)
ho disattivato il ripristino di configurazione di sistema e gia penso di aver sbagliato,è la stessa cosa? mi avete detto di disattivare la creazione dei punti di ripristino.

Avira AntiVir Personal
Report file date: domenica 11 luglio 2010 13:22

Scanning for 2329261 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JESSICA-H031UQ8

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 09/03/2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 13:45:33
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 13:45:49
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 13:45:53
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 20:14:10
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 21:57:24
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 13:16:01
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 13:16:01
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 13:16:01
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 13:16:01
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 13:16:01
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 13:16:01
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 13:16:01
VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 17:01:36
VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 17:01:38
VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 17:01:40
VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 15:28:46
VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 15:28:47
VBASE018.VDF : 7.10.8.194 133632 Bytes 27/06/2010 15:28:47
VBASE019.VDF : 7.10.8.220 134656 Bytes 29/06/2010 15:28:47
VBASE020.VDF : 7.10.8.252 171520 Bytes 04/07/2010 14:31:33
VBASE021.VDF : 7.10.9.19 131072 Bytes 06/07/2010 14:31:34
VBASE022.VDF : 7.10.9.36 297472 Bytes 07/07/2010 14:31:35
VBASE023.VDF : 7.10.9.37 2048 Bytes 07/07/2010 14:31:35
VBASE024.VDF : 7.10.9.38 2048 Bytes 07/07/2010 14:31:35
VBASE025.VDF : 7.10.9.39 2048 Bytes 07/07/2010 14:31:35
VBASE026.VDF : 7.10.9.40 2048 Bytes 07/07/2010 14:31:35
VBASE027.VDF : 7.10.9.41 2048 Bytes 07/07/2010 14:31:35
VBASE028.VDF : 7.10.9.42 2048 Bytes 07/07/2010 14:31:35
VBASE029.VDF : 7.10.9.43 2048 Bytes 07/07/2010 14:31:36
VBASE030.VDF : 7.10.9.44 2048 Bytes 07/07/2010 14:31:36
VBASE031.VDF : 7.10.9.56 112640 Bytes 09/07/2010 14:31:36
Engineversion : 8.2.4.10
AEVDF.DLL : 8.1.2.0 106868 Bytes 24/04/2010 20:43:10
AESCRIPT.DLL : 8.1.3.39 1335674 Bytes 10/07/2010 14:31:38
AESCN.DLL : 8.1.6.1 127347 Bytes 13/05/2010 10:59:10
AESBX.DLL : 8.1.3.1 254324 Bytes 24/04/2010 20:43:11
AERDL.DLL : 8.1.4.6 541043 Bytes 15/04/2010 21:57:36
AEPACK.DLL : 8.2.2.5 430453 Bytes 30/06/2010 15:28:52
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 10/07/2010 14:31:37
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 30/06/2010 15:28:52
AEHELP.DLL : 8.1.11.6 242038 Bytes 30/06/2010 15:28:49
AEGEN.DLL : 8.1.3.13 381300 Bytes 10/07/2010 14:31:37
AEEMU.DLL : 8.1.2.0 393588 Bytes 24/04/2010 20:43:05
AECORE.DLL : 8.1.15.3 192886 Bytes 13/05/2010 10:59:08
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 20:43:03
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 24/02/2010 13:46:16
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: domenica 11 luglio 2010 13:22

Starting search for hidden objects.
'50570' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'Pen_TabletUser.exe' - '1' Module(s) have been scanned
Scan process 'Pen_Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '49' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.

End of the scan: domenica 11 luglio 2010 14:26
Used time: 1:04:10 Hour(s)

The scan has been done completely.

8491 Scanned directories
158461 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
158460 Files not concerned
1083 Archives were scanned
1 Warnings
1 Notes
50570 Objects were scanned with rootkit scan
0 Hidden objects were found

questo è il report di avira dopo aver seguito tutti i passi consigliati

da **crazy.cat** » dom lug 11, 2010 3:53 pm

onekef ha scritto:ho disattivato il ripristino di configurazione di sistema e gia penso di aver sbagliato,è la stessa cosa? mi avete detto di disattivare la creazione dei punti di ripristino.

Si, è la stessa cosa.
Pc ripulito per quel che si può vedere.

da **markinson** » dom lug 11, 2010 6:54 pm

onekef ha scritto:scusate ancora

Di nulla, davvero. Tranquillo! [^]

Per il problema virus, come già detto da crazy.cat, sembra risolto.
Adesso, volendo, puoi ri-attivare la creazione dei punti di ripristino.
Inoltre: se vuoi operare un ulteriore controllo, con un antivirus freeware (che non va in conflitto con Avira e non richiede installazione) -->

Kaspersky Virus Removal Tool 2010.
Ho visto che hai aperto un altro thread (e ti ho già dato qualche primo suggerimento). Bene così! [brindisi]

da **onekef** » dom lug 11, 2010 7:50 pm

ok ,proverò a fare la prova del 9 con kasper se proprio è ,tornerò a rompere un po le balle :D
intento vi auguro buona serata
grazie sempre [brindisi]

da **gio!** » lun lug 12, 2010 12:03 pm

Edit. Discussione sbagliata [acc2]

www.MegaLab.it

Avira ha rilevato un paio di virus ... ci saranno ancora?

Avira ha rilevato un paio di virus ... ci saranno ancora?

Re: problemi vari ed eventuali XPazzo

Re: problemi vari ed eventuali XPazzo

Re: problemi vari ed eventuali XPazzo

Re: problemi vari ed eventuali XPazzo

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Re: Avira ha rilevato un paio di virus ... ci saranno ancora

Chi c’è in linea