Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
* registro e altro
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 10 Feb 2008 20:26    Oggetto: * registro e altro Rispondi citando

clicco opzioni internet,contenuto,a contenuto verificato vi sono "disattiva" e "impostazioni"cliccando sia l'uno che altro,vi trovo dentro a "suggerimento" "tu sei scemo! proprio sopra a "password" Ŕ normale? grazie.


ho anche un problema sul registro..hkey_current_user
printers
connections
DevModePerUser
P¨?(°?
P¨?(°?
SessionInformation
software
ecc....volevo sapere se sono normali quelle 2 cartelle


ho un microsoft windows xp home edition

gia' una volta chiesi per il solito problema ma di cartelle strane ne avevo sei e subito dopo mi Ŕ partito il sistema operativo.grazie x l'aiuto che potete darmi

p.s. ho fatto una scansione on-line con kaspersky e mi ha dato questi 3 virus..ho controllato e uno Ŕ il programma di bearshare..non ho trovato gli altri 2.ecco la scansione
C:\Documents and Settings\Proprietario\Desktop\kaspersky.html
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 10 Feb 2008 21:59    Oggetto: Rispondi citando

Segui le istruzioni di questo topic per postare il log di hijackthis.

Poi, segui le istruzioni di questo topic per postare il log di combofix.

Infine, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 11 Feb 2008 13:22    Oggetto: Rispondi citando

ciao bdoriano..ho windows xp home edition,ho il firewall della microsoft,come antivirus avira antivir e a-squared. ti posto il log di hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.59.01, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programmi\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153583001906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Programmi\GbPlugin\GbpSv.exe

--
End of file - 4624 bytes

il log di combofix

ComboFix 08-02-11.2 - Proprietario 2008-02-11 13.13.47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.411 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-11 al 2008-02-11 )))))))))))))))))))))))))))))))))))
.

2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-05 22:27 . 2008-02-05 22:27 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-29 19:20 . 2008-02-11 12:58 <DIR> d-------- C:\HijackThis
2008-01-22 11:45 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-22 11:44 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-22 11:42 . 2008-01-22 11:42 <DIR> d-------- C:\Programmi\CIF USB Camera
2008-01-22 11:42 . 2006-11-10 13:51 505,984 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-01-22 11:42 . 2006-10-12 18:10 119,296 --a------ C:\WINDOWS\system32\SP207.AX
2008-01-22 11:42 . 2006-11-08 09:54 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2008-01-22 11:42 . 2006-11-14 14:47 518 --a------ C:\WINDOWS\system32\SP207.INI
2008-01-22 11:38 . 2008-01-22 11:38 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\InstallShield
2008-01-19 13:26 . 2008-02-04 18:28 <DIR> d-------- C:\Documents and Settings\Proprietario\.housecall6.6
2008-01-17 13:19 . 2008-01-22 11:41 <DIR> d-------- C:\VideoCAM Express V2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:58 --------- d-----w C:\Programmi\a-squared Free
2008-01-28 12:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-26 21:46 --------- d-----w C:\Programmi\backups
2008-01-21 12:04 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\skypePM
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-10 19:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-09-14 10:36 17,219,376 ----a-w C:\Programmi\a2FreeSetup.exe
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-21 15:15 249896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 23:27 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Programmi\GbPlugin\gbieh.dll [2007-08-08 13:29 209224]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-24 23:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 20:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 18:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 03:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-05-24 16:32]
R2 GbpSv;Gbp Service;C:\Programmi\GbPlugin\GbpSv.exe [2007-08-08 13:29]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 13:14:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-11 13.15.35
ComboFix-quarantined-files.txt 2008-02-11 12:15:20
.
2008-01-09 20:36:35 --- E O F ---
ora faccio la scansione con kaspersky grazie

fatto

http://www.freefilehosting.net/download/3bmkh
ciao
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 12 Feb 2008 17:40    Oggetto: qualcuno pu˛ aiutarmi.mi avete lasciato a metÓ :P Rispondi citando

baciami ha scritto:
ciao bdoriano..ho windows xp home edition,ho il firewall della microsoft,come antivirus avira antivir e a-squared. ti posto il log di hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.59.01, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programmi\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153583001906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Programmi\GbPlugin\GbpSv.exe

--
End of file - 4624 bytes

il log di combofix

ComboFix 08-02-11.2 - Proprietario 2008-02-11 13.13.47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.411 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-11 al 2008-02-11 )))))))))))))))))))))))))))))))))))
.

2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-05 22:27 . 2008-02-05 22:27 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-29 19:20 . 2008-02-11 12:58 <DIR> d-------- C:\HijackThis
2008-01-22 11:45 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-22 11:44 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-22 11:42 . 2008-01-22 11:42 <DIR> d-------- C:\Programmi\CIF USB Camera
2008-01-22 11:42 . 2006-11-10 13:51 505,984 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-01-22 11:42 . 2006-10-12 18:10 119,296 --a------ C:\WINDOWS\system32\SP207.AX
2008-01-22 11:42 . 2006-11-08 09:54 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2008-01-22 11:42 . 2006-11-14 14:47 518 --a------ C:\WINDOWS\system32\SP207.INI
2008-01-22 11:38 . 2008-01-22 11:38 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\InstallShield
2008-01-19 13:26 . 2008-02-04 18:28 <DIR> d-------- C:\Documents and Settings\Proprietario\.housecall6.6
2008-01-17 13:19 . 2008-01-22 11:41 <DIR> d-------- C:\VideoCAM Express V2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:58 --------- d-----w C:\Programmi\a-squared Free
2008-01-28 12:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-26 21:46 --------- d-----w C:\Programmi\backups
2008-01-21 12:04 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\skypePM
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-10 19:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-09-14 10:36 17,219,376 ----a-w C:\Programmi\a2FreeSetup.exe
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-21 15:15 249896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 23:27 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Programmi\GbPlugin\gbieh.dll [2007-08-08 13:29 209224]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-24 23:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 20:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 18:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 03:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-05-24 16:32]
R2 GbpSv;Gbp Service;C:\Programmi\GbPlugin\GbpSv.exe [2007-08-08 13:29]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 13:14:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-11 13.15.35
ComboFix-quarantined-files.txt 2008-02-11 12:15:20
.
2008-01-09 20:36:35 --- E O F ---
ora faccio la scansione con kaspersky grazie

fatto

http://www.freefilehosting.net/download/3bmkh
ciao
Razz
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 15 Feb 2008 07:07    Oggetto: Rispondi citando

Combofix ha eliminato un paio di voci. Kaspersky, apparentemente, non rileva oggetti pericolosi.

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 15 Feb 2008 19:01    Oggetto: Rispondi citando

allego ..
http://www.freefilehosting.net/download/3c4d0
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 25 Feb 2008 20:09    Oggetto: Rispondi citando

ho fatto anche una scansione con virit

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/02/2008 - 19:41:12

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\GbPlugin\gbieh.dll Possibile variante da BHO.Agent.AJ

[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[F:]


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 30862.
Files Totali: 30862.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

non si elimina neanche manualmente .. fa parte del banco do brasil..Ŕ nella stessa cartella dove c'Ŕ "gbpsv g-buster browser defense service...la cosa strana Ŕ che danno la stessa data di scaricamento. ho molti problemi..chi perde un po di tempo da me..grazie
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 25 Feb 2008 20:55    Oggetto: Rispondi citando

Crea un file di testo con le seguenti istruzioni:
Citazione:
File::
C:\Programmi\GbPlugin\GbpSv.exe
C:\Programmi\GbPlugin\gbieh.dll

Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:

Rifai la scansione con hijackthis.

PS: per cortesia, non creare nuovi thread se prima non finiamo con questo.
Se non ricevi risposta in tempi brevi, puoi sempre aggiungere un nuovo post al tuo vecchio thread (verrÓ portato in testa automaticamente).
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 25 Feb 2008 23:23    Oggetto: Rispondi citando

sei un genio..cmq se poi qcn mi aiuta x il resto dico grazie.
prima di mandarti il log volevo dirti se posso eliminare la cartella GbPlugin con dentro

gbieh.gmd

Bb.gpc

gbpdist.dll

ecco il log

ComboFix 08-02-25.3 - Proprietario 2008-02-25 23:01:59.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.517 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Programmi\GbPlugin\gbieh.dll
C:\Programmi\GbPlugin\GbpSv.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\GbPlugin\gbieh.dll
C:\Programmi\GbPlugin\GbpSv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-01-25 al 2008-02-25 )))))))))))))))))))))))))))))))))))
.

2008-02-25 23:03 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-25 23:03 . 2008-02-25 23:03 268 --ah----- C:\sqmdata00.sqm
2008-02-25 23:03 . 2008-02-25 23:03 244 --ah----- C:\sqmnoopt00.sqm
2008-02-25 17:26 . 2008-02-25 17:26 <DIR> d-------- C:\Programmi\Avira
2008-02-25 17:26 . 2008-02-25 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-02-24 20:49 . 2008-02-24 21:11 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-02-23 20:50 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-02-23 20:50 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Datalayer
2008-02-23 20:47 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Phone Browser
2008-02-23 20:47 . 2008-02-23 20:47 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-02-23 20:46 . 2008-02-23 20:47 <DIR> d-------- C:\Programmi\Nokia
2008-02-23 20:46 . 2008-02-23 20:46 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-02-23 20:46 . 2008-02-23 20:46 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-05 22:27 . 2008-02-05 22:27 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-29 19:20 . 2008-02-24 19:50 <DIR> d-------- C:\HijackThis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 22:03 --------- d-----w C:\Programmi\GbPlugin
2008-02-25 19:28 --------- d-----w C:\Programmi\Yahoo!
2008-02-23 19:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-14 20:04 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-02-12 13:04 --------- d-----w C:\Programmi\Unlocker
2008-01-29 19:58 --------- d-----w C:\Programmi\a-squared Free
2008-01-26 21:46 --------- d-----w C:\Programmi\backups
2008-01-22 10:42 --------- d-----w C:\Programmi\CIF USB Camera
2008-01-22 10:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\InstallShield
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-14 10:36 17,219,376 ----a-w C:\Programmi\a2FreeSetup.exe
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-25 17:33 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 23:27 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Programmi\GbPlugin\gbieh.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-24 23:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 20:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 18:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 03:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-02-14 21:04]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S2 GbpSv;Gbp Service;C:\Programmi\GbPlugin\GbpSv.exe []
S3 mbr;mbr;C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\mbr.sys []
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 23:04:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-25 23:07:03 - machine was rebooted [Proprietario]
ComboFix-quarantined-files.txt 2008-02-25 22:06:54
ComboFix2.txt 2008-02-18 12:33:24
ComboFix3.txt 2008-02-11 12:15:36
.
2008-02-14 00:17:20 --- E O F ---
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 26 Feb 2008 17:16    Oggetto: Rispondi citando

mi sono aumentate le cartelle strane Confused aiuto!!!!!


problema sul registro..hkey_current_user
printers
connections
DevModePerUser
P¨?(°?
P¨?(°?
P¨{(°{
P¨╚(°╚
P¨?(°?
SessionInformation
software
ecc....
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 26 Feb 2008 17:19    Oggetto: Rispondi citando

Prova a fare queste operazioni di pulizia:

Mi sa pi¨ di problema di Windows che di virus... Think
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 26 Feb 2008 18:10    Oggetto: Rispondi citando

ho fatto tutto ma il problema resta Confused se pensi sia windows..che mi consigli..grazie bdoriano
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 27 Feb 2008 19:51    Oggetto: Rispondi citando

la cosa strana Ŕ che sembra che quelle cartelle siano in pi¨..perchŔ prima era cosý

printers
connections
DevModePerUser
P¨?(°?
P¨?(°?
SessionInformation
software
ecc....

e ora Ŕ cosý

printers
connections
DevModePerUser
P¨?(°?
P¨?(°?
P¨{(°{
P¨╚(°╚
P¨?(°?
SessionInformation
software
ecc..

mi ricapito' tempo fa e mi partý il sistema operativo..non so' se Ŕ dipeso da questo.help!!!!!
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 27 Feb 2008 22:05    Oggetto: trojan horse Rispondi citando

ho fatto una scansione e mi ha trovato queste 4 varianti del trojan horse. allego il report

AntiVir PersonalEdition Classic
Report file date: mercoledý 27 febbraio 2008 21:32

Scanning for 1126829 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Proprietario
Computer name: PIOMBINO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:33:51
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 16:33:51
ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 27/02/2008 20:29:28
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 25/02/2008 16:33:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 25/02/2008 16:33:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledý 27 febbraio 2008 21:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DataLayer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <Winxp>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Programmi\GbPlugin\gbieh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482eca8d.qua'!
C:\QooBox\Quarantine\C\Programmi\GbPlugin\GbpSv.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4835ca90.qua'!
C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP205\A0039866.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47f5cad6.qua'!
C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP205\A0039867.exe
[DETECTION] Is the Trojan horse TR/Killav.28714
[INFO] The file was moved to '47f5cada.qua'!
Begin scan in 'E:\' <Copia>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Periferica non pronta.

Begin scan in 'F:\' <N6630>


End of the scan: mercoledý 27 febbraio 2008 21:51
Used time: 18:59 min

The scan has been done completely.

3628 Scanning directories
107348 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
107344 Files not concerned
986 Archives were scanned
1 Warnings
0 Notes

posto anche il log di hijak

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.00.20, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\programmi\avira\antivir personaledition classic\avscan.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153583001906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 4963 bytes
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
Riverside
Ban a tempo indeterminato
Ban a tempo indeterminato


Registrato: 29/02/08 21:32
Messaggi: 4396
Residenza: Riverside House

MessaggioInviato: 01 Mar 2008 03:09    Oggetto: Rispondi citando

Ciao.
Il log di Hthis Ŕ pulito (dovresti, comunque, aggiornare Adobe Reader e il JavaSun).
Per quanto riguarda questo:
baciami ha scritto:
sono entrato in modalitÓ provvisoria (dopo aver disattivato il ripristino di sistema) ho aperto avira..ho eliminato dalla quarantena i virus..ho fatto la scansione e non me li ha trovati pi¨..ho fatto casino?

sarebbe stato interessante vedere il log dopo la scansione in modalitÓ provvisoria.
Visto che hai problemi a completare le scansioni online e se ritieni di avere dei dubbi (se hai giÓ risolto il problema lascia perdere e scusami), disattiva il Ripristino configurazione di sistema e:

Scarica ed KASPERSKY VIRUS REMOVAL TOOL: clicca qui per il download
scarica la versione del tool pi¨ aggiornata rispetto alla data ed ora di pubblicazione
● verrÓ creata una apposta cartella sul Desktop
● all?interno della cartella Ŕ presente la classica icona (una K) di Kaspersky
clicca sull?icona per lanciare il tool
● imposta le aree che intendi scansionare (Startup Objects e Disk boot sector sono impostate di default)
● al termine della scansione sarÓ possibile rimuovere i file infetti rilevati
salva il ed allega il log che verrÓ rilasciato
Nota 1: ● Il tool Ŕ incompatibile se si hanno giÓ prodotti Kaspersky installati

Procedura per disinstallare KASPERSKY VIRUS REMOVAL TOOL:
clicca sull?icona per lanciare il tool
● nella finestra principale, in basso, clicca sulla voce Complete Virus Protection
● verrÓ visualizzato un messaggio: clicca su Ok
chiudi la pagina web che verrÓ aperta
● nel messaggio successivo, clicca su SI per avviare la disinstallazione
● al termine, verrÓ richiesto di riavviare il P.C.
Esegui la disinstallazione, una volta risolto il probema
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 01 Mar 2008 09:28    Oggetto: Rispondi citando

@baciami

dovresti, cortesemente, evitare di continuare ad aprire nuovi topic quando non ricevi risposte in tempi brevi. Al limite, accodi un nuovo messaggio al tuo topic e vedrai che, magicamente, viene portato in cima agli altri.
Ti ringrazio per la collaborazione.
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 01 Mar 2008 18:15    Oggetto: Rispondi citando

grazie riverside..non ha trovato niente..cmq allego il report..
scusa bdoriano..avevo aperto un altro topic xchŔ avevo un altra situazione e non volevo confondere le 2 cose..puoi fare qcs x il mio registro? ti ringrazio anticipamente.

Scan
----
Scanned: 214063
Detected: 0
Untreated: 0
Start time: 01/03/2008 14.00.08
Duration: 01.12.07
Finish time: 01/03/2008 15.12.15


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 11:05
Messaggi: 14159
Residenza: 3░ pianeta del sistema solare... (Barzotti)

MessaggioInviato: 01 Mar 2008 19:24    Oggetto: Rispondi citando

Ciao baciami,

sinceramente, non so cos'altro consigliarti. Rolling Eyes
Sarebbe da scoprire come e quando vengono create quelle cartelle nel file di registro, utilizzando uno dei tools della (ex)SysInternals. Think
Ma non Ŕ un'operazione semplice.

Fai un backup completo usando uno dei programmi di clonazione dei dischi e, poi, prova a eliminare dal registro quelle voci sospette. Vediamo che succede. Razz
Top
Profilo Invia messaggio privato
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 01 Mar 2008 23:22    Oggetto: Rispondi citando

ciao bdoriano..ho fatto il backup con drive imagine xml ho eliminato quelle 5 cartelle strane e sembra che niente di grave sia accaduto..che faccio ora..posso eliminare il backup e il programma? grazie del tuo aiuto Smile
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
baciami
Semidio
Semidio


Registrato: 02/09/07 14:40
Messaggi: 287
Residenza: toscana

MessaggioInviato: 01 Mar 2008 23:33    Oggetto: Rispondi

il backup da eliminare l 'ho trovato in "documenti" una serie di "file" di circa 672.000 kb aspetto il tuo consenso prima di farlo.ciao e grazie di tutto
Top
Profilo Invia messaggio privato HomePage Yahoo MSN
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 1 ora
Vai a 1, 2  Successivo
Pagina 1 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi