Olimpo Informatico

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

ho visto le istruzioni per rimuovere il problema ma credo di avere bisogno di aiuto. ecco il log di hijackthis, ho già fixato qualche voce controllando le istruzioni su qualche sito...

Logfile of HijackThis v1.99.1
Scan saved at 20.06.49, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\StopDialers\StopDialers.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Programmi\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

in installazione applicazioni ho effetivamente la cartella linkoptimizer,inoltre ho notato nelle cartella sistema/avanzate/profili utente/impostazioni, un secondo profilo utente con un nome similie al mio che mi è stato consigliato di eliminare.
in c/documents and settings ho 3 cartelle:una all users creata nel 2004,una default users creata nel 2004 e una col mio nome creata nel 2005.

questo è quello che riguarda lo scan col tabrootkit di gmer:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-22 20:39:19
Windows 5.1.2600 Service Pack 2

---- Registry - GMER 1.0.10 ----

Reg \Registry\USER\S-1-5-21-2654569403-3922930991-2556117688-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\ZVPURYR INYYV\Qrfxgbc\PUVGNEEN - nppbeqv,pbefb, cebtenzzn pbairefvbar nppbeqv fgenavrev,pnambavrer\PUVGNEEN - nppbeqv,pbefb, cebtenzzn pbairefvbar nppbeqv fgenavrev,pnambavrer\[ CEBT VGN] Pbairegv nppbeqv\Pbairegv nppbeqv.rkr 0xBC 0x00 0x00 0x00 ...

---- Files - GMER 1.0.10 ----

File C:\WINDOWS\lpt4.aqo
File C:\WINDOWS\ohrda1.dll

---- EOF - GMER 1.0.10 ----

questa invece è la scansione col tab autostart:

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-22 20:41:46
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = \\?\C:\WINDOWS\lpt4.aqo

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
anbmService /*Notebook Manager Service*/@ = C:\Acer\eManager\anbmServ.exe
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@LaunchAppAlaunch = Alaunch
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@LtMohC:\Programmi\ltmoh\Ltmoh.exe = C:\Programmi\ltmoh\Ltmoh.exe
@SynTPLprC:\Programmi\Synaptics\SynTP\SynTPLpr.exe = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
@SynTPEnhC:\Programmi\Synaptics\SynTP\SynTPEnh.exe = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
@RemoteControlC:\Programmi\CyberLink\PowerDVD\PDVDServ.exe = C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@MSPY2002C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@EPM-DMc:\acer\epm\epm-dm.exe = c:\acer\epm\epm-dm.exe
@ePowerManagementC:\Acer\ePM\ePM.exe boot = C:\Acer\ePM\ePM.exe boot
@LManagerC:\PROGRA~1\LAUNCH~1\LManager.EXE = C:\PROGRA~1\LAUNCH~1\LManager.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Programmi\Synaptics\SynTP\SynTPCpl.dll = C:\Programmi\Synaptics\SynTP\SynTPCpl.dll
@{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} /*EPM-PO Shell Extension*/epm-po.dll = epm-po.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{46E22146-59C0-4136-9233-52E412E2B428} /*EzCddax extension*/C:\Programmi\Easy CD-DA Extractor 9\ezcddax9.dll = C:\Programmi\Easy CD-DA Extractor 9\ezcddax9.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Cartelle Web*/ = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
EzCddax@{46E22146-59C0-4136-9233-52E412E2B428} = C:\Programmi\Easy CD-DA Extractor 9\ezcddax9.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.libero.it/ = http://www.libero.it/

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.libero.it/

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Microsoft Office.lnk = Microsoft Office.lnk
WinZip Quick Pick.lnk = WinZip Quick Pick.lnk

---- EOF - GMER 1.0.10 ----

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Ciao Michele Smile

Per favore fai attenzione a non aprire un nuovo topic, ma clicca "rispondi".

Scusa se non ti ho risposto subito, ma ieri sera c'era un concerto al quale non potevo mancare, magari hai già risolto Rolling Eyes

scarica ATFCleaner da Atribune e salvalo sul desktop

scarica The Avenger ed estrai l'eseguibile sul desktop.

Seleziona con il mouse il contenuto di questo riquadro qui sotto e premi (CTRL+C) per metterlo negli appunti

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

no, purtroppo non ho risolto, per il ritardo non c'è problema,anzi spero il concerto sia stato bello, nella mia città è così raro vedere buona musica dal vivo!!!
purtroppo però stamattina ho trovato il pc spento, non sono in casa solo...
devo rimandarti le scansioni?

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

No, la nuova scansione servirebbe per eventuali file con nomi random reati in C:/programmi o in C:/windows/temp o in C:/windows/system

Tu non me ne hai parlato e quindi immagino che non ci siano. Fai pure quella procedura

Ciao Smile

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

non ho nessuna cartella linkoptimizer

ecco qua il contenuto dei due file di testo:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xsnhusnk

*******************

Script file located at: \??\C:\WINDOWS\gfmdmvom.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\lpt4.aqo replaced with dummy successfully.
File C:\WINDOWS\ohrda1.dll replaced with dummy successfully.
File C:\WINDOWS\lpt4.aqo deleted successfully.
File C:\WINDOWS\ohrda1.dll deleted successfully.
Folder C:\WINDOWS\Temp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Completed script processing.

*******************

Finished! Terminate.

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "ohrda1.dll" 23/07/2006 16.09.56

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B67F5E14-7CA0-360B-9B70-604BA494A22D}\InprocServer32]
@="C:\\WINDOWS\\ohrda1.dll"

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Ok, bene. Il computer dovrebbe già essere praticamente a posto Smile

Salva in un file di testo il contenuto del riquadro qui sotto e chiama il file con estensione reg. Salvalo sul desktop e avvialo con il doppio click. Accetta rispondendo OK alla domanda.

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

Direi che è tutto ok.
Devo fare qualche verifica?

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

Fai una scansione online con Panda e poi posta il log. Per salvarlo clicca al termine su See report

Disabilita il tuo AV temporaneamente prima della scansione online.

Ciao

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

Purtroppo al momento sto andando col modem a 56k, per scansionare il pc con Panda ci vorrà un bel pò.
Nel frattempo ieri ho scaricato e aggiornato virit-lt e mi ha trovato qualche file infetto:

VirIT eXplorer Lite Log

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
23/07/2006 - 16:50:01

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
SCANSIONE DELLA MEMORIA
OK
SCANSIONE DELLA MEMORIA
OK
SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
23/07/2006 - 18:34:51

[SCANSIONE DEL REGISTRO]
{2ee25147-37d4-4640-832c-fccfac8b21d9} Infetto da BHO.Agent.AR
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

SCANSIONE DELLA MEMORIA
OK
--------------------------------------------------------
23/07/2006 - 21:07:33

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\WINDOWS\system32\ayaa.dll Infetto da Trojan.Win32.Agent.ABV
* * * RIMOSSO * * *
C:\Programmi\File comuni\System\lpt7.exe Infetto da Trojan.Win32.Agent.ABK
* * * RIMOSSO * * *
C:\Avenger\lpt4.aqo Infetto da Trojan.Win32.RootKit.E
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 3.
Files Sospetti: 0.
Files Analizzati: 26841.
Files Totali: 26841.
Chiavi Registro rimosse: 0.
Virus Rimossi: 3.

Ciao

lynch · Mortale pio Registrato: 22/07/06 19:08 Messaggi: 20

Ho fatto una scansione on line con bitdefender e ho trovato qualche altro file infetto:

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Jul 29, 2006 - 01:07:10

--------------------------------------------------------------------------------

Scan Info

Scanned Files
361580

Infected Files
8

Virus Detected

Macro.VBA
7

Exploit.Html.Codebase.Exec.Gen
1

--------------------------------------------------------------------------------

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

devo considerare il pc ok o no?
Ciao

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

E´ normale che un antivirus ti trovi delle cose che sfuggano ad un altro, l´importante è che questi virus/trojan non siano attivi sul PC.

Con un log di HijackThis a posto, una scansione antirootkit a posto, un firewall attivato che non segnala connessioni e un antivirus aggiornato, io mi sentirei tranquilla. Secondo me puoi stare tranquillo

Smile