|
| Precedente :: Successivo |
| Autore |
Messaggio |
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
 Inviato: 14 Lug 2008 08:49 Oggetto: Infezione penso win32 anche per me! |
 |
|
Salve a tutti.
Da giovedì ho un virus nel pc(portatile Toshiba)
Ecco i sintomi:
All'avvio mi si accendo lo scudetto rosso degli aggiornamenti di Windows e mi dice che non è attivato l'aggiornamento automatico di windows, che invece è attivato.
Il pc è stralento...
Se voglio andare nella pagina internet Windows update non ci va.
Se voglio ripristinare il pc ad una configurazione più vecchia non posso, e mi da come opzione solo quella di giovedì, il giorno del virus...
Ho notato anche che nel task manager mi viene il processo rundll32 anche 3 o 4 volte di seguito.
Premetto che tutto è partito da quando ho installato un'immagine di gioco con Daemon tool...
Come anti virus ho Trend Micro che non mi trova niente, allora ho messo Avast e mi ha trovat un Trojan, il win32.
PLS HELP ME...
Metto il log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 12.27.09, on 11/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\VT26E1.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe
C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\joker\Impostazioni locali\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {2F55A1E9-EE3D-4B19-8B5F-378DEB2F893C} - C:\WINDOWS\system32\cbXQijIA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {8890b5c9-5c33-d678-4c94-f5fb4f202fab} - {baf202f4-bf5f-49c4-876d-33c59c5b0988} - C:\WINDOWS\system32\youugy.dll
O2 - BHO: (no name) - {EEC63E95-5DF2-422B-AEB1-9508B3606C20} - C:\WINDOWS\system32\pmnoPfDu.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HPWPTOOLBOX] C:\Programmi\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe "-i"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e8a47732] rundll32.exe "C:\WINDOWS\system32\ixflxgre.dll",b
O4 - HKLM\..\Run: [BMeb9744ae] Rundll32.exe "C:\WINDOWS\system32\knskkrsc.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://catwoman.ferraritechnology.local:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://catwoman.ferraritechnology.local:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://catwoman.ferraritechnology.local:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://catwoman.ferraritechnology.local:4343/SMB/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://catwoman.ferraritechnology.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: bw20 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {B08491F3-CDF6-436B-8B61-D5F623F47189} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: cbXQijIA - C:\WINDOWS\SYSTEM32\cbXQijIA.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LBTWlgn - c:\programmi\file comuni\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winmmt32 - winmmt32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Scansione in tempo reale di Trend Micro Client-Server Security Agent (ntrtscan) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Personal Firewall di Trend Micro Client-Server Security Agent (OfcPfwSvc) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programmi\File comuni\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Trend Micro Client-Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Programmi\Trend Micro\Client Server Security Agent\tmlisten.exe
Grazie a tutti
Foofanto |
|
| Top |
|
 |
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 14 Lug 2008 09:05 Oggetto: |
|
|
Dimenticavo, quando apro internet, mi apre una seconda pagina con indirizzo a volte di ebay, oppure altri siti.
Grazie |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 14 Lug 2008 09:50 Oggetto: |
|
|
Ciao foofanto, 
Fai queste operazioni:
- Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
- Fai una scansione con Norman Malware Cleaner.
- Riavvia il computer in modalità normale
- Segui le istruzioni di questo topic per eseguire combofix.
- Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
- Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio
PS: se vuoi, puoi presentarti qui |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 14 Lug 2008 10:01 Oggetto: |
|
|
Ciao bdoriano grazie mille della risposta, ho provveduto alla presentazione......
Adesso provo a fare quello che mi hai suggerito poi posto tutto.
Grazie mille
Foofanto |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 14 Lug 2008 13:26 Oggetto: |
|
|
Aggiornamento:
Dopo vari spegnimenti del pc perchè mi si bloccava e non andava più niente, sono riuscito a far partire l'ATF, dopo di chè ho fatto partire il NORMAN.
All'inizio quando esamina i processi mi dice che molti sono infectede with Vundo.gen188 oppure .192
Mi si è bloccato anche questo dopo una buona mezz'ora che andava, allora ho rispento il pc, ho riavviato l'ATF e mi ha trovato più di 100Mb di file temporanei che avevo tolto anche prima...
Poi ho fatto ripartire il NORMAN
Questa volta di processi infetti ce ne sono solo 6, di cui uno .196 me l'ha cancellato.
Adesso spero non si blocchi ancora, cosa faccio se si blocca posto ugualmente il log del NORMAN?
Grazie ancora
Foofanto |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 14 Lug 2008 13:34 Oggetto: |
|
|
Ciao foofanto,
Visto che con Norman continua a bloccarsi, segui le istruzioni di questo topic per usare MBAM. Carica il log su WikiSend e posta il Forum Link che ti viene assegnato.
Dopodiché, rifai il passaggio con Norman e procedi con il resto.  |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 14 Lug 2008 14:10 Oggetto: |
|
|
Veramente gentile grazie, per adesso il Norman va, se si blocca procedo col l'altra opzione.
Grazie ancora
Foofanto |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 15 Lug 2008 08:06 Oggetto: |
|
|
Buon giorno intanto, ieri sera sono riuscito a procedere col la prima sequenza di programmi, quindi ho usato l'ATF, poi il norman e il combo-fix.
Ecco il link di WikiSend:
NFix_2008-07-14_13-17-00.log
Di seguito metto il log di Combo-Fix:
ComboFix 08-07-13.9 - joker 2008-07-14 22.27.50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1478 [GMT 2:00]
Eseguito da: C:\Documents and Settings\joker\Desktop\COMBAT.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMeb9744ae.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bdceKkkj.ini
C:\WINDOWS\system32\bdceKkkj.ini2
C:\WINDOWS\system32\bvtovldl.ini
C:\WINDOWS\system32\cbXQijIA.dll
C:\WINDOWS\system32\elsfty.dll
C:\WINDOWS\system32\ergxlfxi.ini
C:\WINDOWS\system32\jkkKecdb.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\tklnqjml.ini
C:\WINDOWS\system32\uDfPonmp.ini
C:\WINDOWS\system32\uDfPonmp.ini2
C:\WINDOWS\system32\xxlrplqs.ini
C:\WINDOWS\wr.txt
.
((((((((((((((((((((((((( Files Creati Da 2008-06-14 al 2008-07-14 )))))))))))))))))))))))))))))))))))
.
2008-07-14 13:03 . 2008-07-14 22:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 13:03 . 2008-07-14 13:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-14 09:47 . 2008-07-14 09:47 <DIR> d-------- C:\VundoFix Backups
2008-07-12 12:28 . 2008-07-12 12:28 268 --ah----- C:\sqmdata05.sqm
2008-07-12 12:28 . 2008-07-12 12:28 244 --ah----- C:\sqmnoopt05.sqm
2008-07-11 14:01 . 2008-07-11 14:01 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-10 16:34 . 2008-07-14 07:52 110,419 --a------ C:\WINDOWS\BMeb9744ae.xml
2008-07-10 08:44 . 2008-07-10 08:44 <DIR> d-------- C:\Programmi\ScanSoft
2008-07-10 08:41 . 2008-07-10 08:42 <DIR> d-------- C:\Programmi\Microsoft AutoRoute
2008-07-09 10:01 . 2008-07-09 10:01 <DIR> d-------- C:\ProgramData
2008-07-09 10:01 . 2008-07-09 18:07 4,496 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-02 15:11 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb
2008-07-02 15:11 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-26 17:40 . 2008-06-26 18:00 <DIR> d-------- C:\Programmi\proeWildfire 4.0
2008-06-26 17:14 . 2008-06-26 17:31 <DIR> d-------- C:\Temp\Wildfire4_M010_win32
2008-06-26 17:14 . 2008-06-26 17:14 <DIR> d-------- C:\Temp
2008-06-23 08:25 . 2008-07-10 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TrackMania
2008-06-20 19:46 . 2008-06-20 19:46 247,296 --a--c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:46 . 2008-06-20 19:46 147,968 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --a--c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --a--c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 08:26 . 2008-06-23 08:25 <DIR> d-------- C:\Programmi\TmUnitedForever
2008-06-17 12:05 . 2008-06-17 12:06 <DIR> d-------- C:\!KillBox
2008-06-16 14:55 . 2008-06-16 17:31 <DIR> d-------- C:\Fraps
2008-06-16 14:55 . 2008-06-16 18:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:45 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd4461.sys
2008-07-11 12:35 --------- d-----w C:\Programmi\DAEMON Tools
2008-07-10 14:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-10 14:27 --------- d-----w C:\Programmi\Electronic Arts
2008-07-02 07:02 199,984 -c--a-w C:\Documents and Settings\joker\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-06-26 16:13 --------- d-----w C:\Programmi\Java
2008-06-23 07:25 --------- d-----w C:\Programmi\Avanquest update
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 06:10 --------- d-----w C:\Programmi\TrackMania Nations ESWC
2008-06-17 10:31 --------- d-----w C:\Programmi\Windows Live
2008-06-17 10:25 --------- d-----w C:\Programmi\Tornos
2008-06-17 10:13 --------- d-----w C:\Programmi\Easy GDR Creater For Series 60
2008-06-14 17:32 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 08:43 --------- d-----w C:\Programmi\DivX
2008-06-09 06:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-06-07 16:34 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\Nokia
2008-06-07 16:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-06-07 15:53 --------- d-----w C:\Programmi\Pinnacle
2008-06-05 07:50 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\Sony
2008-06-05 07:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-06-05 07:47 --------- d-----w C:\Programmi\Sony Ericsson
2008-06-05 07:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-05 07:27 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-05 07:27 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-05 07:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Ericsson
2008-06-05 07:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-05-29 09:42 --------- d-----w C:\Programmi\NCH Swift Sound
2008-05-29 09:42 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\NCH Swift Sound
2008-05-29 09:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-04-14 02:14 70,144 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 02:14 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 02:14 286,720 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 02:14 151,552 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 02:14 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 02:14 1,036,288 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 02:13 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 02:13 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 02:13 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 02:13 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 02:13 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 02:13 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 02:13 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-01-03 13:20 32 -c--a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:14 65536]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-01 11:06 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"Sony Ericsson PC Suite"="C:\Programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:20 360448]
"PMCRemote"="C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-01-18 17:14 263440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608]
"CeEKEY"="C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04 671744]
"TPNF"="C:\Programmi\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 19:11 53248]
"HWSetup"="C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"SVPWUTIL"="C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:33 118784]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 12:36 1077329]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 22:05 344064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HPWPTOOLBOX"="C:\Programmi\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-10-21 03:31 327680]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"OfficeScanNT Monitor"="C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-12-16 09:01 372813]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 10:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 11:58 266240 C:\WINDOWS\system32\TPSMain.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 11:33:31 113664]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2003-05-23 18:41:18 356352]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-01 11:06:45 450560]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2007-05-28 14:30:14 784912]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Pinnacle Streaming Server.lnk - C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-03 16:39:26 599312]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 12:18:22 10872]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-06-16 21:01:56 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programmi\\TrackMania United\\TmUnited.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Programmi\\Hewlett-Packard\\HP Business Inkjet 2800 series\\Toolbox\\HPWPTBX.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\TmUnitedForever\\TmForever.exe"=
"C:\\Programmi\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\nms\\nmsd.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\obj\\xtop.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-05 09:27]
S3 MODRC;DiBcom Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-10-19 15:32]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0dc5a8-2c62-11dc-96a2-00166f7a90a8}]
\Shell\AutoRun\command - F:\browsercall.exe intro pen drive.doc
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-09 10:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2007-03-08 21:30:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\smmss.exe
"2007-12-07 21:30:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\wudupdate.exe
"2008-02-15 21:30:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\wuauclt10.exe
"2008-07-14 05:50:50 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7350D0F0-8C37-4C7D-AA74-73EB18D92C57}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{DA359DEE-DA0B-4CD3-A8BA-CC7BF8282BA9} - C:\WINDOWS\system32\pmnoPfDu.dll
HKLM-Run-BMeb9744ae - C:\WINDOWS\system32\obldayjm.dll
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-NDSTray.exe - NDSTray.exe
Notify-winmmt32 - winmmt32.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 22:48:07
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Toshiba\ConfigFree\CFSvcs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Trend Micro\Client Server Security Agent\NTRtScan.exe
C:\Programmi\Trend Micro\Client Server Security Agent\TmListen.exe
C:\Programmi\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Temp\GT2B43.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-14 23:02:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 21:01:10
26 Directory 36,180,013,056 byte disponibili
29 Directory 36,045,664,256 byte disponibili
252 --- E O F --- 2008-07-10 12:16:33
Ho notato un pò di cose dopo tutte le operazioni.
Il computer è decisamente più veloce finalmente, però all'avvio mi da un pop-up di errore che mi dice:
Errore durante il caricamento di C:\WINDOWS\SYSTEM32\obldayjm,dll
impossibile trovare il modulo.
Un'altra cosa, mi ha fatto un collegamento di internet explorer nuovo su desktop.
Altra cosa, mi sembra che i processi occupino ancora un pò più di RAM di prima, invece di 380MB circa sono a 410MB senza usare programmi.
Come procedo?
Grazie di tutto
Foofanto |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 15 Lug 2008 08:37 Oggetto: |
|
|
Ciao foofanto,
vedo con piacere che Norman e Combofix hanno ripulito parecchie schifezzuole.
Apri il Blocco note e crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Temp\GT2B43.EXE
C:\WINDOWS\system32\smmss.exe
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\system32\wuauclt10.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix.
Dopo, fai queste altre operazioni:
- Disabilita il tuo antivirus
- Collegati a BitDefender (con IE) e fai la scansione completa.
- Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato TXT), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
|
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 15 Lug 2008 12:47 Oggetto: |
|
|
Allora, sì il pc va decisamente meglio, ho quasi finito la scansione con bitdefender e dopo passerò a Kaspersky,
Cosa mi dici del collegamento di internet explorer nuovo che mi ha fatto sul desktop?
Altra cosa, il mio portatile Toshiba M70 ha 6 tasti veloci alla destra della tastiera che comandano internet e Windows media player, prima per andare in internet per eseguire la scansione, ho premuto il tasto veloce per internet ma non è partito....mhmhmhm...
Comunque grazie tanto per la disponibilità ^^
Dopo posterò il log
Foofanto |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 07:57 Oggetto: |
|
|
Buogiorno, dopo la scansione del bitdefender e del kaspersky ecco i risultati.
Mi sono sbagliato e il file di kasper l'ho salvato in html, comunque lo metto qui.
Bitdefender:
BitDefender Online Scanner - Real Time Virus Report
Generated at: Tue, Jul 15, 2008 - 14:16:37
--------------------------------------------------------------------------------
Scan Info
Scanned Files
2358444
Infected Files
20
Virus Detected
SymbOS.Trojan.Fontal.A
2
Trojan.Downloader.Java.Openconnection.AO
1
Trojan.Wfpdis.A
1
Trojan.Generic.317357
2
Trojan.Symbos.Frontal.D
1
Trojan.Vundo.EWZ
4
Trojan.Exploit.Byteverify.AC
1
Spyware.Hideprocess.A
1
Application.Findkeyxp.B
1
Trojan.Exploit.Byteverify.V
1
Trojan.Vundo.DVS
1
Trojan.Vundo.EWS
4
--------------------------------------------------------------------------------
This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
Kaspersky:
Tuesday, July 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 15, 2008 13:39:58
Records in database: 955772
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
Scan statistics
Files scanned 271203
Threat name 7
Infected objects 10
Suspicious objects 0
Duration of the scan 04:21:50
File name Threat name Threats count
C:\Fanto\Digital\Programmi\Magical Jelly Bean Keyfinder v1.5b3.rar Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Fanto\Digital\Programmi\Magical Jelly Bean Keyfinder v1.5b3.rar Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania Color Coder.exe Infected: Constructor.Win32.IDL.l 1
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania_Color_Coder.zip Infected: Constructor.Win32.IDL.l 1
C:\Programmi\Trend Micro\Client Server Security Agent\Backup\jar_cache36439.RB0 Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Programmi\Trend Micro\Client Server Security Agent\Backup\jar_cache36439.RB0 Infected: Trojan.Java.ClassLoader.au 1
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277758.exe Infected: Trojan.Win32.Monderc.gen 1
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277759.exe Infected: Trojan.Win32.Monderc.gen 1
C:\WINDOWS\Resources\Themes\Ubuntu\Icons\Super_Turbo_Tango_Patcher_7_05_by_vertigosity.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
The selected area was scanned.
Ciao
Foofanto |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Lug 2008 09:14 Oggetto: |
|
|
| foofanto ha scritto: | | Cosa mi dici del collegamento di internet explorer nuovo che mi ha fatto sul desktop? |
Sarebbe da "vedere"... 
Dovresti fare uno screenshot della tua videata e postare l'immagine ottenuta nel tuo prossimo messaggio.
| foofanto ha scritto: | | Altra cosa, il mio portatile Toshiba M70 ha 6 tasti veloci alla destra della tastiera che comandano internet e Windows media player, prima per andare in internet per eseguire la scansione, ho premuto il tasto veloce per internet ma non è partito....mhmhmhm.. |
Per poter far funzionare quei tasti, è necessario caricare il software specifico della Toshiba e configurarlo correttamente.
Solitamente è già presente e installato all'acquisto del pc.
Può darsi che sia stato disinstallato o disattivato.
Occupiamoci dei rimasugli vari.
Apri il Blocco note e crea un file di testo con le seguenti istruzioni:
| Codice: | File::
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania Color Coder.exe
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania_Color_Coder.zip
C:\Programmi\Trend Micro\Client Server Security Agent\Backup\jar_cache36439.RB0
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277758.exe
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277759.exe
C:\WINDOWS\Resources\Themes\Ubuntu\Icons\Super_Turbo_Tango_Patcher_7_05_by_vertigosity.exe |
Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix. |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 10:42 Oggetto: |
|
|
Ecco lo screen del desktop:
E poi il log di Combofix:
ComboFix 08-07-13.9 - joker 2008-07-16 9.53.37.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1460 [GMT 2:00]
Eseguito da: C:\Documents and Settings\joker\Desktop\COMBAT.exe
Command switches used :: C:\Documents and Settings\joker\Desktop\CFScript.txt
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania Color Coder.exe
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania_Color_Coder.zip
C:\Programmi\Trend Micro\Client Server Security Agent\Backup\jar_cache36439.RB0
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277758.exe
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277759.exe
C:\WINDOWS\Resources\Themes\Ubuntu\Icons\Super_Turbo_Tango_Patcher_7_05_by_vertigosity.exe
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator.FANTO\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\joker\Impostazioni locali\Dati applicazioni\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania Color Coder.exe
C:\Fanto\Digital\Trackmania Nations\QuiD\TrackMania_Color_Coder.zip
C:\Programmi\Trend Micro\Client Server Security Agent\Backup\jar_cache36439.RB0
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277758.exe
C:\System Volume Information\_restore{B5D84D74-1FE7-4DBF-89BF-34A77346AF82}\RP660\A0277759.exe
C:\WINDOWS\Resources\Themes\Ubuntu\Icons\Super_Turbo_Tango_Patcher_7_05_by_vertigosity.exe
.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.
2008-07-15 09:58 . 2008-07-15 14:16 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-15 08:25 . 2008-07-16 09:09 547 --a------ C:\Bluetooth Manager.lnk
2008-07-14 13:03 . 2008-07-16 07:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 13:03 . 2008-07-14 13:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 12:28 . 2008-07-12 12:28 268 --ah----- C:\sqmdata05.sqm
2008-07-12 12:28 . 2008-07-12 12:28 244 --ah----- C:\sqmnoopt05.sqm
2008-07-11 14:01 . 2008-07-11 14:01 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-10 08:44 . 2008-07-10 08:44 <DIR> d-------- C:\Programmi\ScanSoft
2008-07-10 08:41 . 2008-07-10 08:42 <DIR> d-------- C:\Programmi\Microsoft AutoRoute
2008-07-09 10:01 . 2008-07-09 10:01 <DIR> d-------- C:\ProgramData
2008-07-09 10:01 . 2008-07-09 18:07 4,496 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-02 15:11 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb
2008-07-02 15:11 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-26 17:40 . 2008-06-26 18:00 <DIR> d-------- C:\Programmi\proeWildfire 4.0
2008-06-26 17:14 . 2008-06-26 17:31 <DIR> d-------- C:\Temp\Wildfire4_M010_win32
2008-06-26 17:14 . 2008-06-26 17:14 <DIR> d-------- C:\Temp
2008-06-23 08:25 . 2008-07-10 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\TrackMania
2008-06-20 19:46 . 2008-06-20 19:46 247,296 --a--c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:46 . 2008-06-20 19:46 147,968 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 --a--c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 --a--c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 08:26 . 2008-06-23 08:25 <DIR> d-------- C:\Programmi\TmUnitedForever
2008-06-17 12:05 . 2008-06-17 12:06 <DIR> d-------- C:\!KillBox
2008-06-16 14:55 . 2008-06-16 17:31 <DIR> d-------- C:\Fraps
2008-06-16 14:55 . 2008-06-16 18:46 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:45 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd4461.sys
2008-07-11 12:35 --------- d-----w C:\Programmi\DAEMON Tools
2008-07-10 14:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-10 14:27 --------- d-----w C:\Programmi\Electronic Arts
2008-07-09 15:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-02 07:02 199,984 -c--a-w C:\Documents and Settings\joker\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-06-26 16:13 --------- d-----w C:\Programmi\Java
2008-06-23 07:25 --------- d-----w C:\Programmi\Avanquest update
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 06:10 --------- d-----w C:\Programmi\TrackMania Nations ESWC
2008-06-17 10:31 --------- d-----w C:\Programmi\Windows Live
2008-06-17 10:25 --------- d-----w C:\Programmi\Tornos
2008-06-17 10:13 --------- d-----w C:\Programmi\Easy GDR Creater For Series 60
2008-06-14 17:32 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 08:43 --------- d-----w C:\Programmi\DivX
2008-06-09 06:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-06-07 16:34 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\Nokia
2008-06-07 16:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Pinnacle
2008-06-07 15:53 --------- d-----w C:\Programmi\Pinnacle
2008-06-05 07:50 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\Sony
2008-06-05 07:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony
2008-06-05 07:47 --------- d-----w C:\Programmi\Sony Ericsson
2008-06-05 07:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-05 07:27 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-05 07:27 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-05 07:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Sony Ericsson
2008-06-05 07:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\BVRP Software
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-29 09:42 --------- d-----w C:\Programmi\NCH Swift Sound
2008-05-29 09:42 --------- d-----w C:\Documents and Settings\joker\Dati applicazioni\NCH Swift Sound
2008-05-29 09:42 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\NCH Swift Sound
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-03 13:20 32 -c--a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.
((((((((((((((((((((((((((((( snapshot@2008-07-14_23.00.50.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-15 07:59:02 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-15 07:59:03 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-15 07:59:03 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-15 07:59:06 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-15 07:59:06 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-15 07:59:03 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-07-16 05:50:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_70c.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:14 65536]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-01 11:06 32768]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"Sony Ericsson PC Suite"="C:\Programmi\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:20 360448]
"PMCRemote"="C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-01-18 17:14 263440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Programmi\Apoint2K\Apoint.exe" [2004-03-24 07:40 196608]
"CeEKEY"="C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe" [2005-09-06 14:04 671744]
"TPNF"="C:\Programmi\TOSHIBA\TouchPad\TPTray.exe" [2005-08-25 19:11 53248]
"HWSetup"="C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"SVPWUTIL"="C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"SmoothView"="C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 13:33 118784]
"PadTouch"="C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe" [2005-08-30 12:36 1077329]
"Tvs"="C:\Programmi\TOSHIBA\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 22:05 344064]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Programmi\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"DAEMON Tools"="C:\Programmi\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HPWPTOOLBOX"="C:\Programmi\Hewlett-Packard\HP Business Inkjet 2800 series\Toolbox\HPWPTBX.exe" [2004-10-21 03:31 327680]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"OfficeScanNT Monitor"="C:\Programmi\Trend Micro\Client Server Security Agent\pccntmon.exe" [2005-12-16 09:01 372813]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 10:10 88358 C:\WINDOWS\agrsmmsg.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-22 16:49 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TPSMain"="TPSMain.exe" [2005-08-12 11:58 266240 C:\WINDOWS\system32\TPSMain.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-26 11:33:31 113664]
Bluetooth Manager.lnk - C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2003-05-23 18:41:18 356352]
Logitech Desktop Messenger.lnk - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-01 11:06:45 450560]
Logitech SetPoint.lnk - C:\Programmi\Logitech\SetPoint\SetPoint.exe [2007-05-28 14:30:14 784912]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
Pinnacle Streaming Server.lnk - C:\Programmi\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-03 16:39:26 599312]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - C:\Programmi\File comuni\Autodesk Shared\acstart16.exe [2005-03-05 12:18:22 10872]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-06-16 21:01:56 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Programmi\File comuni\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programmi\\TrackMania United\\TmUnited.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\msiexec.exe"=
"C:\\Programmi\\Hewlett-Packard\\HP Business Inkjet 2800 series\\Toolbox\\HPWPTBX.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\TmUnitedForever\\TmForever.exe"=
"C:\\Programmi\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Programmi\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\nms\\nmsd.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\obj\\pro_comm_msg.exe"=
"C:\\Programmi\\proeWildfire 4.0\\i486_nt\\obj\\xtop.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
S3 BTCAMDRV;Mobiola Web Camera driver;C:\WINDOWS\system32\DRIVERS\BTCamDrv.sys [2005-06-02 19:19]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-05 09:27]
S3 MODRC;DiBcom Infrared Receiver;C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-10-19 15:32]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0dc5a8-2c62-11dc-96a2-00166f7a90a8}]
\Shell\AutoRun\command - F:\browsercall.exe intro pen drive.doc
.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-09 10:14:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-07-15 08:01:17 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7350D0F0-8C37-4C7D-AA74-73EB18D92C57}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 09:58:16
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
**************************************************************************
.
Ora fine scansione: 2008-07-16 10:03:16
ComboFix-quarantined-files.txt 2008-07-16 08:02:11
ComboFix2.txt 2008-07-14 21:02:21
25 Directory 35,969,593,344 byte disponibili
27 Directory 35,980,210,176 byte disponibili
247 --- E O F --- 2008-07-10 12:16:33
Ho riprovato i tasti di avvio veloce e funzionano, quindi np per quelli...
Foofanto |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Lug 2008 11:25 Oggetto: |
|
|
L'icona che hai sul desktop è proprio quella originale di Internet Explorer 7, quindi nessun pericolo.
Se non vuoi vederla sul desktop, dovrebbe essere possibile in questa maniera (almeno, funzionava con IE6):
- vai in Proprietà - Schermo
- Desktop
- Personalizza desktop...
- togli il segno di spunta a fianco della dicitura Internet Explorer
- Clicca Ok
Facciamo le pulizie generali del pc:
- Pulizia dei files temporanei con ATF-Cleaner e/o CCleaner
- Pulizia del registro con EUsingFreeRegistryCleaner o Wise Registry Cleaner e, infine, una passata con Auslogics Registry Defrag
- Deframmentazione del disco
|
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 12:17 Oggetto: |
|
|
Ok bene, sto usando eusing Free Registry Cleaner, dopo la scansione cosa devo fare...?
Devo fare repair?
Un'ultima cosa, io sto facendo dei modelli 3D con Proeengineer, e li devo passare ad altre persone, c'è il rischio che siano infetti?
Posso andare tranquillo, il pc è "sano"?
Grazie mille
Foofanto |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 12:29 Oggetto: |
|
|
| foofanto ha scritto: | Ok bene, sto usando eusing Free Registry Cleaner, dopo la scansione cosa devo fare...?
Devo fare repair?
|
Niente ho fatto grazie...sry...
Ora procedo col resto
Foofanto |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 12:52 Oggetto: |
|
|
Ok ho fatto tutto adesso farò il defrag.
Tutti i programmi installati e i file delle scansioni ecc... li posso togliere o mi consigli di lasciarli?
Mi sai dire anche se i file che faccio e li scambio con altri possono avere delle infezioni?
Grazie mille di tutto veramente non so come ringraziare...
Foofanto |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Lug 2008 15:47 Oggetto: |
|
|
Se non riscontri altri problemi, in teoria, il pc è pulito.
Puoi cancellare Norman e disinstallare ComboFix:
Clicca Start
Clicca Esegui
digita: Combofix /u
Clicca ok
Ti consiglierei di cambiare antivirus, passando da Avast! ad AntiVir o AVG (purtroppo, entrambi in inglese ma molto più efficaci, IMHO).
Puoi trovare maggiori informazioni qui. |
|
| Top |
|
|
foofanto
Mortale adepto
Registrato: 14/07/08 08:39
Messaggi: 38
Residenza: Sant'agata Bolognese (BOLOGNA)
|
| Inviato: 16 Lug 2008 17:03 Oggetto: |
 |
|
Ti ringrazio molto ti devo un favore, se posso dimmi pure...
Ok allora tengo avast tanto è gratis.
Ancora mille grazie bdoriano^^
Foofanto |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
