Ho un virus che mi rallenta il computer?

**notturlabio** · 03-06-2007, 20:54

Salve,ho rispettato tutti i punti che consigliate,con ottimi risultati!sono riuscito ad estirpare almeno cinque"oggetti dannosi".
I software che ho al momento sono:CClean,Ad-Aware,Antivir Personal Edition Classic.
Mi consigliate altri sofware?Magari migliori?
Ritenevo ottimo Kaspersky,ma mi è scaduto,l'ho rimpiazzato con Antivir,che ne dite?
Non mi pare all'altezza,mi pare incomparabile!
Cmq sia,attraverso il Kaspersky Online sono riuscito a trovare vari virus o file infetti,ma non sono in grado di eliminarli poichè protetti.
Questo è il mio Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 20.49.21, on 03/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 XE.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\palmOne\Hotsync.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\Paolo\IMPOST~1\Temp\Rar$EX00.703\Hijac kThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301. 3558\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 XE.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleTo olbarNotifier.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Programmi\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://classetrentaquattro.spaces.li...d/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{074DC5E4-71B3-46D3-AA7D-BE3DD071A4AB}: NameServer = 85.37.17.39 85.38.28.71
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

Cosa mi consigliate di FIXARE?

Grazie anticipatamente

**bootzenn** · 03-06-2007, 21:19

ciao

nel log l'unica cosa dubbia e che non conosco è
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9 XE.EXE

ma prima di fixarla prova a fare la scansione del file su
http://www.virustotal.com/en/indexf.html

con la scansione on line di kaspersky cosa trovi di infetto?
nel log della scansione on line di kaspersky si trovano dei file "bloccati" che non analizza perchè di sistema ma non sono file infetti, purtroppo kaspersky on-line non rimuove le infezioni

se vuoi provare una scansione on-line che rimuove anche i file infetti puoi usare la scansione online di bitdefender

cmq antivir è un buon antivirus

**BilloKenobi** · 03-06-2007, 21:38

sembra un driver della stampante

**tognazzi** · 03-06-2007, 22:05

Originariamente inviato da BilloKenobi
sembra un driver della stampante

quoto.

**notturlabio** · 04-06-2007, 15:37

Con kaspersky ho trovato questi file,ma sono tutti bloccati,non so eliminarli..Non sono stato in grado di eliminarli nemmeno con un ottimo programma che mi consigliaste tempo fa,di cui non ricordo il nome,però.
Grazie infinite,proverò a fare la scansione Online attraverso quell'altro sito.Grazie ancora.

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20070602-185506-A68EBE36.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20070602-185514-A870088F.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20070602-191436-A040CB01.LOG Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20070602-185506-A68E9DA8\AVSCAN-00000A28 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20070602-185514-A86FEB86\AVSCAN-00000A28 Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20070602-191436-A040AE19\001_system Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Paolo\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Paolo\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Paolo\Impostazioni locali\Cronologia\History.IE5\MSHist01200706022007 0603\index.dat Object is locked skipped

C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Paolo\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Paolo\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Paolo\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Paolo\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Paolo\UserData\index.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\hlpefifp.exe Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Tasks\agifkx.job Object is locked skipped

C:\WINDOWS\Tasks\cqjkin.job Object is locked skipped

C:\WINDOWS\Tasks\dmfeukqk.job Object is locked skipped

C:\WINDOWS\Tasks\fkrniaf.job Object is locked skipped

C:\WINDOWS\Tasks\fpwnyjvb.job Object is locked skipped

C:\WINDOWS\Tasks\itsg.job Object is locked skipped

C:\WINDOWS\Tasks\izvqrjv.job Object is locked skipped

C:\WINDOWS\Tasks\mgnsfeko.job Object is locked skipped

C:\WINDOWS\Tasks\psaqyul.job Object is locked skipped

C:\WINDOWS\Tasks\qvta.job Object is locked skipped

C:\WINDOWS\Tasks\qxftfh.job Object is locked skipped

C:\WINDOWS\Tasks\tyoxdsu.job Object is locked skipped

C:\WINDOWS\Tasks\ugwprt.job Object is locked skipped

C:\WINDOWS\Tasks\xmoydiz.job Object is locked skipped

C:\WINDOWS\Tasks\zcxqai.job Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Discussione: Ho un virus che mi rallenta il computer?

Strumenti discussione

Ricerca discussione

Visualizza

Ho un virus che mi rallenta il computer?

I miei file infetti per Kaspersky online

Permessi di invio