1 ora fa ho eseguito un keygen e da quel momento il pc è diventato lentissimo. In teoria non meriterei risposta. Posso ancora rimediare?
Cosa posso fare?
1 ora fa ho eseguito un keygen e da quel momento il pc è diventato lentissimo. In teoria non meriterei risposta. Posso ancora rimediare?
Cosa posso fare?
ciao cubalibre prova a fare questa scansione
scarica combofix sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt
come usare correttamente combofix
ComboFix 14-02-16.01 - Administrator 17/02/2014 21.15.17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.241 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
C:\Programmi\WinRAR\Leggimi.Txt
C:\Programmi\WinRAR\Leggimi_1a.Txt
C:\Programmi\WinRAR\Licenza.Txt
C:\Programmi\WinRAR\Ordin.htm
C:\Programmi\WinRAR\Ordina.htm
((((((((((((((((((((((((( Files Creati Da 2014-01-17 al 2014-02-17 )))))))))))))))))))))))))))))))))))
2014-02-17 13:17:20 . 2014-02-17 13:18:48 -------- d-----w- C:\Access97
2014-02-17 08:17:36 . 2014-02-17 15:04:20 -------- d-----w- C:\Download
2014-02-17 07:59:36 . 2014-02-17 15:28:32 -------- d-----w- C:\Aclewin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
2014-02-05 23:20:05 . 2013-07-20 20:02:06 920064 ----a-w- C:\WINDOWS\system32\wininet.dll
2014-02-05 23:19:30 . 2013-07-20 20:01:57 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2014-02-05 23:19:29 . 2013-07-20 20:01:54 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2014-02-05 23:18:44 . 2013-07-20 20:01:51 18944 ----a-w- C:\WINDOWS\system32\corpol.dll
2014-02-05 22:25:56 . 2013-07-20 20:01:52 385024 ----a-w- C:\WINDOWS\system32\html.iec
2014-01-04 03:12:52 . 2013-07-20 20:02:05 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2013-12-05 11:26:03 . 2013-07-20 20:01:00 1172992 ----a-w- C:\WINDOWS\system32\msxml3.dll
2013-11-27 20:21:06 . 2013-07-20 20:01:01 40960 ----a-w- C:\WINDOWS\system32\drivers\ndproxy.sys
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
[-] 2013-07-20 20:02:59 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\system32\drivers\tcpip.sys
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMware User Process"="C:\Programmi\VMware\VMware Tools\vmtoolsd.exe" [2013-10-17 18:10:34 63056]
"EaseUS EPM tray"="C:\Programmi\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe" [2013-03-29 16:07:22 2081792]
"MSC"="c:\Programmi\Microsoft Security Client\msseces.exe" [2013-10-23 13:55:28 948440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2013-10-17 17:25:14 628048 ----a-w- C:\WINDOWS\system32\TPSvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VMUpgradeAtShutd own]
2013-10-17 18:10:34 104528 ----a-w- C:\WINDOWS\system32\VMUpgradeAtShutdownWXP.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 mv61xxmm;mv61xxmm;C:\WINDOWS\system32\drivers\mv61 xxmm.sys [20/07/2013 20.24.17 14184]
R0 mv64xxmm;mv64xxmm;C:\WINDOWS\system32\drivers\mv64 xxmm.sys [20/07/2013 20.24.18 5632]
R0 mvxxmm;mvxxmm;C:\WINDOWS\system32\drivers\mvxxmm.s ys [20/07/2013 20.24.18 14184]
R0 vmci;VMware VMCI Bus Driver;C:\WINDOWS\system32\drivers\vmci.sys [08/10/2013 18.20.50 71888]
R0 VMSCSI;VMware Storage Controller Driver;C:\WINDOWS\system32\drivers\vmscsi.sys [15/02/2014 21.56.50 14232]
R0 vsock;vSockets Driver;C:\WINDOWS\system32\drivers\vsock.sys [15/02/2014 21.32.39 63824]
R1 MpKslec28cbe8;MpKslec28cbe8;C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Microsoft Antimalware\Definition Updates\{258DCE2B-4013-4362-BD72-A26C1257BD58}\MpKslec28cbe8.sys [17/02/2014 20.57.26 40392]
R1 vmhgfs;VMware Host Guest Client Redirector;C:\WINDOWS\system32\drivers\vmhgfs.sys [15/02/2014 21.32.42 156752]
R2 MBAMScheduler;MBAMScheduler;C:\Programmi\Malwareby tes' Anti-Malware\mbamscheduler.exe [17/02/2014 16.05.27 418376]
R2 MBAMService;MBAMService;C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe [17/02/2014 16.05.27 701512]
R2 VMMEMCTL;Driver controllo memoria;C:\Programmi\File comuni\VMware\Drivers\memctl\vmmemctl.sys [17/10/2013 19.07.42 17872]
R2 VMTools;VMware Tools;C:\Programmi\VMware\VMware Tools\vmtoolsd.exe [17/10/2013 19.10.34 63056]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;C:\Programmi\VMware\VMware Tools\vmacthlp.exe [17/10/2013 19.05.38 429648]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\dr ivers\mbam.sys [17/02/2014 16.05.10 22856]
R3 TPAutoConnSvc;TP AutoConnect Service;C:\Programmi\VMware\VMware Tools\TPAutoConnSvc.exe [17/10/2013 18.25.14 378192]
R3 vmmouse;VMware Pointing Device;C:\WINDOWS\system32\drivers\vmmouse.sys [17/10/2013 19.08.00 11800]
R3 vmusbmouse;VMware USB Pointing Device;C:\WINDOWS\system32\drivers\vmusbmouse.sys [17/10/2013 19.08.20 11928]
R3 vmx_svga;vmx_svga;C:\WINDOWS\system32\drivers\vmx_ svga.sys [17/10/2013 19.14.46 62160]
R3 vmxnet;VMware Ethernet Adapter Driver;C:\WINDOWS\system32\drivers\vmxnet.sys [17/10/2013 19.12.20 30064]
S3 epmntdrv;epmntdrv;C:\WINDOWS\system32\epmntdrv.sys [17/02/2014 11.40.12 13896]
S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\system32\EuGdiDrv.sys [17/02/2014 11.40.12 9160]
S3 TPVCGateway;TP VC Gateway Service;C:\Programmi\VMware\VMware Tools\TPVCGateway.exe [17/10/2013 18.25.12 406864]
--- Altri Servizi/Drivers In Memoria ---
*NewlyCreated* - MPKSLEC28CBE8
Contenuto della cartella 'Scheduled Tasks'
2014-02-17 C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\Programmi\Microsoft Security Client\MpCmdRun.exe [2013-10-23 14:01:10 . 2013-10-23 14:01:10]
2014-02-17 C:\WINDOWS\Tasks\MpIdleTask.job
- c:\Programmi\Microsoft Security Client\MpCmdRun.exe [2013-10-23 14:01:10 . 2013-10-23 14:01:10]
------- Scansione supplementare -------
uStart Page = https://www.google.it/
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
il log e' incompleto, controlla meglio, lo trovi in C: come combofix.txt
per caso hai problemi di connessione?
Eccomi di nuovo scusami ho avuto proprio problemi con la ADSL
ComboFix 14-02-16.01 - Administrator 26/02/2014 16.21.55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.547.276 [GMT 1:00]
Eseguito da: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
c:\windows\IsUn0410.exe
.
---- Esecuzione precedente -------
.
c:\programmi\WinRAR\Leggimi.Txt
c:\programmi\WinRAR\Leggimi_1a.Txt
c:\programmi\WinRAR\Licenza.Txt
c:\programmi\WinRAR\Ordin.htm
c:\programmi\WinRAR\Ordina.htm
.
.
((((((((((((((((((((((((( Files Creati Da 2014-01-26 al 2014-02-26 )))))))))))))))))))))))))))))))))))
.
.
2014-02-18 16:20 . 2014-02-18 16:26 -------- d-----w- C:\Office2010
2014-02-18 16:13 . 2014-02-18 16:13 -------- d-----r- C:\MSOCache
2014-02-17 13:17 . 2014-02-17 13:18 -------- d-----w- C:\Access97
2014-02-17 08:17 . 2014-02-17 22:02 -------- d-----w- C:\Download
2014-02-17 07:59 . 2014-02-18 22:24 -------- d-----w- C:\Aclewin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2014-02-05 23:20 . 2013-07-20 20:02 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 23:19 . 2013-07-20 20:01 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-05 23:19 . 2013-07-20 20:01 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-05 23:18 . 2013-07-20 20:01 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-05 22:25 . 2013-07-20 20:01 385024 ----a-w- c:\windows\system32\html.iec
2014-01-04 03:12 . 2013-07-20 20:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-05 11:26 . 2013-07-20 20:01 1172992 ----a-w- c:\windows\system32\msxml3.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-07-20 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMware User Process"="c:\programmi\VMware\VMware Tools\vmtoolsd.exe" [2013-10-17 63056]
"EaseUS EPM tray"="c:\programmi\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe" [2013-03-29 2081792]
"MSC"="c:\programmi\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
2013-10-17 17:25 628048 ----a-w- c:\windows\system32\TPSvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VMUpgradeAtShutd own]
2013-10-17 18:10 104528 ----a-w- c:\windows\system32\VMUpgradeAtShutdownWXP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61 xxmm.sys [20/07/2013 20.24.17 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64 xxmm.sys [20/07/2013 20.24.18 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.s ys [20/07/2013 20.24.18 14184]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [08/10/2013 18.20.50 71888]
R0 VMSCSI;VMware Storage Controller Driver;c:\windows\system32\drivers\vmscsi.sys [15/02/2014 21.56.50 14232]
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [15/02/2014 21.32.39 63824]
R1 vmhgfs;VMware Host Guest Client Redirector;c:\windows\system32\drivers\vmhgfs.sys [15/02/2014 21.32.42 156752]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwareby tes' Anti-Malware\mbamscheduler.exe [17/02/2014 16.05.27 418376]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [17/02/2014 16.05.27 701512]
R2 VMMEMCTL;Driver controllo memoria;c:\programmi\File comuni\VMware\Drivers\memctl\vmmemctl.sys [17/10/2013 19.07.42 17872]
R2 VMTools;VMware Tools;c:\programmi\VMware\VMware Tools\vmtoolsd.exe [17/10/2013 19.10.34 63056]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service;c:\programmi\VMware\VMware Tools\vmacthlp.exe [17/10/2013 19.05.38 429648]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [17/02/2014 11.40.12 13896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [17/02/2014 16.05.10 22856]
R3 TPAutoConnSvc;TP AutoConnect Service;c:\programmi\VMware\VMware Tools\TPAutoConnSvc.exe [17/10/2013 18.25.14 378192]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\drivers\vmmouse.sys [17/10/2013 19.08.00 11800]
R3 vmusbmouse;VMware USB Pointing Device;c:\windows\system32\drivers\vmusbmouse.sys [17/10/2013 19.08.20 11928]
R3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_ svga.sys [17/10/2013 19.14.46 62160]
R3 vmxnet;VMware Ethernet Adapter Driver;c:\windows\system32\drivers\vmxnet.sys [17/10/2013 19.12.20 30064]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [17/02/2014 11.40.12 9160]
S3 TPVCGateway;TP VC Gateway Service;c:\programmi\VMware\VMware Tools\TPVCGateway.exe [17/10/2013 18.25.12 406864]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - DMADMIN
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-02-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\programmi\Microsoft Security Client\MpCmdRun.exe [2013-10-23 14:01]
.
.
------- Scansione supplementare -------
.
uStart Page = https://www.google.it/
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0410.EXE
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-02-26 16:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
************************************************** ************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1450960922-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,45,d3 ,aa,fd,cd,da,4b,9a,83,70,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:0 1,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,45,d3 ,aa,fd,cd,da,4b,9a,83,70,\
.
Ora fine scansione: 2014-02-26 16:45:05
ComboFix-quarantined-files.txt 2014-02-26 15:44
.
Pre-Run: 2.313.949.184 byte disponibili
Post-Run: 2.326.425.600 byte disponibili
.
- - End Of File - - 5A74C9F847A38E1117E59ACEE6CBE0CD
828E02D5C4A4FBE53441EE9DBEE51F43
Permessi di invio
Rispondi quotando