Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

probabile virus??? spesso si blocca il pc

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

probabile virus??? spesso si blocca il pc

Postdi monoscopio » 25/08/08 18:49

Salve a tutti,
mi capita che alcune volte mi si blocca il pc, ...la freccia del mouse mi rimane immobile, e la tastiera non risponde, non posso far altro che resettare, e ripartire.

non so se ho qualche virus nascosto, ho awg8 come antivirus free, è meglio metterne uno a pagamento?

ho letto vari post, ed ho fatto una scansione con Combofix che allego, grazie per un eventuale controllo.

ComboFix 08-08-24.03 - ser 2008-08-25 19.10.24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.597 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ser\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
D:\InfoSat.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Creati Da 2008-07-25 al 2008-08-25 )))))))))))))))))))))))))))))))))))
.

2008-08-24 19:30 . 2008-08-24 19:30 <DIR> d-------- C:\Programmi\Scorpio Software
2008-08-24 19:30 . 2008-08-24 19:30 <DIR> d-------- C:\Programmi\File comuni\scosoft.com
2008-08-22 18:53 . 2008-08-22 18:53 <DIR> d-------- C:\Programmi\Sun
2008-08-18 22:23 . 2008-08-18 22:30 <DIR> d-------- C:\Programmi\AusLogics Registry Defrag
2008-08-18 19:51 . 2008-08-18 19:58 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-18 19:26 . 2008-08-25 18:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-18 19:26 . 2008-08-18 19:26 <DIR> d-------- C:\Programmi\AVG
2008-08-18 19:26 . 2008-08-18 22:36 <DIR> d-------- C:\Documents and Settings\ser\Dati applicazioni\AVGTOOLBAR
2008-08-18 19:26 . 2008-08-18 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-08-18 19:26 . 2008-08-24 12:22 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 19:26 . 2008-08-24 12:22 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-18 19:26 . 2008-08-24 12:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 16:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-08-24 17:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-08-22 16:52 --------- d-----w C:\Programmi\Java
2008-07-20 17:47 --------- d-----w C:\Documents and Settings\ser\Dati applicazioni\Skype
2008-07-19 14:00 --------- d-----w C:\Documents and Settings\ser\Dati applicazioni\skypePM
2008-07-19 12:01 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-19 12:01 --------- d-----w C:\Programmi\Sitecom
2008-07-13 15:51 --------- d-----w C:\Programmi\File comuni\Skype
2008-07-06 13:00 1,248 --sha-w C:\zlhtoc3v.sys
2007-12-15 21:51 32 ------w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-10-02 20:48 25,736 -c----w C:\Documents and Settings\ser\Dati applicazioni\GDIPFONTCACHEV1.DAT
.
Codice: Seleziona tutto
<pre>
----a-w           356,352 2006-12-29 15:52:50  C:\CLARKE-TECH\27 marzo\programmi\ctechup 1.8.7 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 21:31 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCam Go Plus Sti Service Application"="Wcgopsvc" [X]
"RoxioEngineUtility"="C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"D-Link AirPlus XtremeG"="C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-08-04 21:13 1294336]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49 49152]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RoxioDragToDisc"="C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2006-09-24 23:57 868352]
"Cobian Backup 8 interface"="C:\Programmi\Cobian Backup 8\cbInterface.exe" [2007-03-21 00:35 2424320]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"HydraVisionDesktopManager"="C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00 270336]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"Sitecom"="C:\Programmi\Sitecom\Sitecom.exe" [2006-02-23 11:52 200795]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-24 12:23 1232152]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 01:22 577536 C:\WINDOWS\soundman.exe]
"VTTimer"="VTTimer.exe" [N/A]
"VTTrayp"="VTtrayp.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\ser\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Ritaglio schermata e avvio di OneNote 2007.lnk - C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\D-Link\Software Bluetooth\BTTray.exe [2004-11-30 14:30:00 565309]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-09-25 22:47:43 136192]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 14:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.CJPG"= ctwbjpg.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"D:\\StubInstaller.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"C:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule : TCP in ingresso
"4672:UDP"= 4672:UDP:eMule : UDP in ingresso

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-24 12:22]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-18 19:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-18 19:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-24 12:22]
R2 NwSapAgent;Agente SAP;C:\WINDOWS\system32\svchost.exe [2004-08-19 15:39]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2005-07-26 14:32]
R3 WCGOPHAL;WCGOPHAL;C:\WINDOWS\system32\DRIVERS\Wcgophal.sys [2001-12-19 02:02]
R3 WCGOPVID;Video Blaster WebCam Go Plus (WDM);C:\WINDOWS\system32\DRIVERS\Wcgopvid.sys [2002-01-08 02:04]
S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-05 00:00]
S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-05 00:00]
S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-05 00:00]
S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-05 00:00]
S3 ATHFMWDL;D-Link predator Bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2005-07-26 14:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{108e0eba-e4a8-11dc-809c-0013467884a3}]
\Shell\AutoRun\command - F:\winPenPack.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{653c4984-c538-11dc-8054-0013467884a3}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f244cc-f21c-11dc-80bd-0019661e6c39}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ser\Dati applicazioni\Mozilla\Firefox\Profiles\hy6nea72.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://it.start.mozilla.com/firefox?cli ... t:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 19:17:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Cobian Backup 8\cbService.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-08-25 19:25:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-25 17:25:44

Pre-Run: 61,360,492,544 byte disponibili
Post-Run: 61,341,007,872 byte disponibili

164 --- E O F --- 2008-08-24 17:56:45



Monoscopio.
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Sponsor
 

Torna a Sicurezza e Privacy


Topic correlati a "probabile virus??? spesso si blocca il pc":

probabile infezione
Autore: giadamusi
Forum: Software Windows
Risposte: 1
PC SI BLOCCA
Autore: sparrov
Forum: Assistenza Hardware
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti