Olimpo Informatico

[baciami]

clicco opzioni internet,contenuto,a contenuto verificato vi sono "disattiva" e "impostazioni"cliccando sia l'uno che altro,vi trovo dentro a "suggerimento" "tu sei scemo! proprio sopra a "password" è normale? grazie.


ho anche un problema sul registro..hkey_current_user
printers
connections
DevModePerUser
Pù?(ø?
Pù?(ø?
SessionInformation
software
ecc....volevo sapere se sono normali quelle 2 cartelle


ho un microsoft windows xp home edition

gia' una volta chiesi per il solito problema ma di cartelle strane ne avevo sei e subito dopo mi è partito il sistema operativo.grazie x l'aiuto che potete darmi

p.s. ho fatto una scansione on-line con kaspersky e mi ha dato questi 3 virus..ho controllato e uno è il programma di bearshare..non ho trovato gli altri 2.ecco la scansione
C:\Documents and Settings\Proprietario\Desktop\kaspersky.html

[bdoriano]

Segui le istruzioni di questo topic per postare il log di hijackthis.

Poi, segui le istruzioni di questo topic per postare il log di combofix.

Infine, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[baciami]

ciao bdoriano..ho windows xp home edition,ho il firewall della microsoft,come antivirus avira antivir e a-squared. ti posto il log di hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.59.01, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Programmi\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153583001906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Programmi\GbPlugin\GbpSv.exe

--
End of file - 4624 bytes

il log di combofix

ComboFix 08-02-11.2 - Proprietario 2008-02-11 13.13.47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.411 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-11 al 2008-02-11 )))))))))))))))))))))))))))))))))))
.

2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-05 22:27 . 2008-02-05 22:27 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-29 19:20 . 2008-02-11 12:58 <DIR> d-------- C:\HijackThis
2008-01-22 11:45 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-22 11:44 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-22 11:42 . 2008-01-22 11:42 <DIR> d-------- C:\Programmi\CIF USB Camera
2008-01-22 11:42 . 2006-11-10 13:51 505,984 --a------ C:\WINDOWS\system32\drivers\PFC027.SYS
2008-01-22 11:42 . 2006-10-12 18:10 119,296 --a------ C:\WINDOWS\system32\SP207.AX
2008-01-22 11:42 . 2006-11-08 09:54 6,656 --a------ C:\WINDOWS\system32\CoInst.dll
2008-01-22 11:42 . 2006-11-14 14:47 518 --a------ C:\WINDOWS\system32\SP207.INI
2008-01-22 11:38 . 2008-01-22 11:38 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\InstallShield
2008-01-19 13:26 . 2008-02-04 18:28 <DIR> d-------- C:\Documents and Settings\Proprietario\.housecall6.6
2008-01-17 13:19 . 2008-01-22 11:41 <DIR> d-------- C:\VideoCAM Express V2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 19:58 --------- d-----w C:\Programmi\a-squared Free
2008-01-28 12:42 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-26 21:46 --------- d-----w C:\Programmi\backups
2008-01-21 12:04 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\skypePM
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-01-10 19:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-09-14 10:36 17,219,376 ----a-w C:\Programmi\a2FreeSetup.exe
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-21 15:15 249896]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 23:27 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Programmi\GbPlugin\gbieh.dll [2007-08-08 13:29 209224]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-24 23:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 20:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 18:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 03:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-05-24 16:32]
R2 GbpSv;Gbp Service;C:\Programmi\GbPlugin\GbpSv.exe [2007-08-08 13:29]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 13:14:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-11 13.15.35
ComboFix-quarantined-files.txt 2008-02-11 12:15:20
.
2008-01-09 20:36:35 --- E O F ---
ora faccio la scansione con kaspersky grazie

fatto

http://www.freefilehosting.net/download/3bmkh
ciao

[baciami]

[bdoriano]

Combofix ha eliminato un paio di voci. Kaspersky, apparentemente, non rileva oggetti pericolosi.

Fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.

[baciami]

allego ..
http://www.freefilehosting.net/download/3c4d0

[baciami]

ho fatto anche una scansione con virit

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/02/2008 - 19:41:12

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\GbPlugin\gbieh.dll Possibile variante da BHO.Agent.AJ

[E:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[F:]


Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 30862.
Files Totali: 30862.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

non si elimina neanche manualmente .. fa parte del banco do brasil..è nella stessa cartella dove c'è "gbpsv g-buster browser defense service...la cosa strana è che danno la stessa data di scaricamento. ho molti problemi..chi perde un po di tempo da me..grazie

[bdoriano]

Crea un file di testo con le seguenti istruzioni:

[baciami]

sei un genio..cmq se poi qcn mi aiuta x il resto dico grazie.
prima di mandarti il log volevo dirti se posso eliminare la cartella GbPlugin con dentro

gbieh.gmd

Bb.gpc

gbpdist.dll

ecco il log

ComboFix 08-02-25.3 - Proprietario 2008-02-25 23:01:59.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.517 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Programmi\GbPlugin\gbieh.dll
C:\Programmi\GbPlugin\GbpSv.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\GbPlugin\gbieh.dll
C:\Programmi\GbPlugin\GbpSv.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-01-25 al 2008-02-25 )))))))))))))))))))))))))))))))))))
.

2008-02-25 23:03 . 2004-08-19 14:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-25 23:03 . 2008-02-25 23:03 268 --ah----- C:\sqmdata00.sqm
2008-02-25 23:03 . 2008-02-25 23:03 244 --ah----- C:\sqmnoopt00.sqm
2008-02-25 17:26 . 2008-02-25 17:26 <DIR> d-------- C:\Programmi\Avira
2008-02-25 17:26 . 2008-02-25 17:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-02-24 20:49 . 2008-02-24 21:11 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-02-23 20:50 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Nokia
2008-02-23 20:50 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Datalayer
2008-02-23 20:47 . 2008-02-23 20:50 <DIR> d-------- C:\Documents and Settings\Proprietario\Phone Browser
2008-02-23 20:47 . 2008-02-23 20:47 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\PC Suite
2008-02-23 20:46 . 2008-02-23 20:47 <DIR> d-------- C:\Programmi\Nokia
2008-02-23 20:46 . 2008-02-23 20:46 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-02-23 20:46 . 2008-02-23 20:46 <DIR> d-------- C:\Programmi\File comuni\Nokia
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-10 19:01 . 2008-02-10 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-05 22:27 . 2008-02-05 22:27 <DIR> d-------- C:\WINDOWS\PixArt
2008-01-29 19:20 . 2008-02-24 19:50 <DIR> d-------- C:\HijackThis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 22:03 --------- d-----w C:\Programmi\GbPlugin
2008-02-25 19:28 --------- d-----w C:\Programmi\Yahoo!
2008-02-23 19:47 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-02-14 20:04 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-02-12 13:04 --------- d-----w C:\Programmi\Unlocker
2008-01-29 19:58 --------- d-----w C:\Programmi\a-squared Free
2008-01-26 21:46 --------- d-----w C:\Programmi\backups
2008-01-22 10:42 --------- d-----w C:\Programmi\CIF USB Camera
2008-01-22 10:38 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\InstallShield
2008-01-10 19:44 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-09-14 10:36 17,219,376 ----a-w C:\Programmi\a2FreeSetup.exe
2007-09-13 20:10 9,679,815 ----a-w C:\Programmi\vlc-0.8.6c-win32.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 09:30 1106944]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-25 17:33 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:39 15360]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2004-11-24 23:27 32768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"= C:\Programmi\GbPlugin\gbieh.dll [ ]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]
--a------ 2006-03-20 20:43 331776 C:\Programmi\AGEIA Technologies\TrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2004-11-24 23:27 32768 C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-24 20:10 344064 C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
--a------ 2003-05-28 18:11 94208 C:\Programmi\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
--a------ 2006-11-03 11:01 319488 C:\WINDOWS\PixArt\PAC207\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 09:39 167936 C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 09:57 847872 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2002-03-21 03:23 46592 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 C:\Programmi\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"GbpSv"=2 (0x2)
"NMIndexingService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-02-14 21:04]
R3 PAC207;CIF USB Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2006-11-10 13:51]
R3 WLAN FVNETusb(R);WLAN FVNETusb(R) Service for ATMEL USB FastVNET (AR);C:\WINDOWS\system32\DRIVERS\vnetusbr.sys [2002-08-06 16:38]
S2 GbpSv;Gbp Service;C:\Programmi\GbPlugin\GbpSv.exe []
S3 mbr;mbr;C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\mbr.sys []
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 23:04:44
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-25 23:07:03 - machine was rebooted [Proprietario]
ComboFix-quarantined-files.txt 2008-02-25 22:06:54
ComboFix2.txt 2008-02-18 12:33:24
ComboFix3.txt 2008-02-11 12:15:36
.
2008-02-14 00:17:20 --- E O F ---

[baciami]

mi sono aumentate le cartelle strane aiuto!!!!!


problema sul registro..hkey_current_user
printers
connections
DevModePerUser
Pù?(ø?
Pù?(ø?
Pù{(ø{
PùÈ(øÈ
Pù?(ø?
SessionInformation
software
ecc....

[bdoriano]

Prova a fare queste operazioni di pulizia:

• cancellare i files temporanei con ATF-Cleaner
  
• ripulire il file di registro
  
• deframmentare il disco

Mi sa più di problema di Windows che di virus...

[baciami]

ho fatto tutto ma il problema resta se pensi sia windows..che mi consigli..grazie bdoriano

[baciami]

la cosa strana è che sembra che quelle cartelle siano in più..perchè prima era così

printers
connections
DevModePerUser
Pù?(ø?
Pù?(ø?
SessionInformation
software
ecc....

e ora è così

printers
connections
DevModePerUser
Pù?(ø?
Pù?(ø?
Pù{(ø{
PùÈ(øÈ
Pù?(ø?
SessionInformation
software
ecc..

mi ricapito' tempo fa e mi partì il sistema operativo..non so' se è dipeso da questo.help!!!!!

[baciami]

ho fatto una scansione e mi ha trovato queste 4 varianti del trojan horse. allego il report

AntiVir PersonalEdition Classic
Report file date: mercoledì 27 febbraio 2008 21:32

Scanning for 1126829 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Proprietario
Computer name: PIOMBINO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:33:51
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 16:33:51
ANTIVIR3.VDF : 7.0.2.203 88064 Bytes 27/02/2008 20:29:28
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 25/02/2008 16:33:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 25/02/2008 16:33:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 27 febbraio 2008 21:32

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'DataLayer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
30 processes with 30 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '29' files ).


Starting the file scan:

Begin scan in 'C:\' <Winxp>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\Programmi\GbPlugin\gbieh.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '482eca8d.qua'!
C:\QooBox\Quarantine\C\Programmi\GbPlugin\GbpSv.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4835ca90.qua'!
C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP205\A0039866.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '47f5cad6.qua'!
C:\System Volume Information\_restore{076107CF-1A0D-4F9E-900C-C2650A59E993}\RP205\A0039867.exe
[DETECTION] Is the Trojan horse TR/Killav.28714
[INFO] The file was moved to '47f5cada.qua'!
Begin scan in 'E:\' <Copia>
Begin scan in 'A:\'
Search path A:\ could not be opened!
Periferica non pronta.

Begin scan in 'F:\' <N6630>


End of the scan: mercoledì 27 febbraio 2008 21:51
Used time: 18:59 min

The scan has been done completely.

3628 Scanning directories
107348 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
107344 Files not concerned
986 Archives were scanned
1 Warnings
0 Notes

posto anche il log di hijak

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.00.20, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\programmi\avira\antivir personaledition classic\avscan.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153583001906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

--
End of file - 4963 bytes

[Riverside]

Ciao.
Il log di Hthis è pulito (dovresti, comunque, aggiornare Adobe Reader e il JavaSun).
Per quanto riguarda questo:

[bdoriano]

@baciami

dovresti, cortesemente, evitare di continuare ad aprire nuovi topic quando non ricevi risposte in tempi brevi. Al limite, accodi un nuovo messaggio al tuo topic e vedrai che, magicamente, viene portato in cima agli altri.
Ti ringrazio per la collaborazione.

[baciami]

grazie riverside..non ha trovato niente..cmq allego il report..
scusa bdoriano..avevo aperto un altro topic xchè avevo un altra situazione e non volevo confondere le 2 cose..puoi fare qcs x il mio registro? ti ringrazio anticipamente.

Scan
----
Scanned: 214063
Detected: 0
Untreated: 0
Start time: 01/03/2008 14.00.08
Duration: 01.12.07
Finish time: 01/03/2008 15.12.15


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------


Statistics
----------
Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted
------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------


Settings
--------
Parameter Value
--------- -----
Security Level Recommended
Action Prompt for action when the scan is complete
Run mode Manually
File types Scan all files
Scan only new and changed files No
Scan archives All
Scan embedded OLE objects All
Skip if object is larger than No
Skip if scan takes longer than No
Parse email formats No
Scan password-protected archives No
Enable iChecker technology No
Enable iSwift technology No
Show detected threats on "Detected" tab Yes


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----

[bdoriano]

Ciao baciami,

sinceramente, non so cos'altro consigliarti.
Sarebbe da scoprire come e quando vengono create quelle cartelle nel file di registro, utilizzando uno dei tools della (ex)SysInternals.
Ma non è un'operazione semplice.

Fai un backup completo usando uno dei programmi di clonazione dei dischi e, poi, prova a eliminare dal registro quelle voci sospette. Vediamo che succede.

[baciami]

ciao bdoriano..ho fatto il backup con drive imagine xml ho eliminato quelle 5 cartelle strane e sembra che niente di grave sia accaduto..che faccio ora..posso eliminare il backup e il programma? grazie del tuo aiuto

[baciami]

il backup da eliminare l 'ho trovato in "documenti" una serie di "file" di circa 672.000 kb aspetto il tuo consenso prima di farlo.ciao e grazie di tutto