Precedente :: Successivo |
Autore |
Messaggio |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 02 Feb 2008 03:45 Oggetto: richiesta aiuto per debellare virus |
|
|
Ciao a tutti, sono nuovo del forum. Ho trovato questo forum girando per internet per trovare una cura a dei virus ( mi dite cosa sono esattamente ? ) che ho preso ieri. Non ricordo il nome ma uno inizia con 88. etc.... e un altro è doginhispen . Me ne sono accorto solo perchè li ho trovati nella cronologia ma il computer funziona correttamente o meglio almeno credo, non ci sono connessioni create da dialer . Mi devo preoccupare e rischio un bolletta salata ? Ho fatto una scansione con Hijackthis, mi date una mano per favore ? :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.38.58, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 7435 bytes |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 02 Feb 2008 10:24 Oggetto: |
|
|
Ciao Jimny
Avvia Hijackthis, seleziona queste righe e clicca poi fix Checked rispondendo si:
Citazione: | O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file) |
Riavvia il PC e rifai il log di HJT; guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato; fai anche una scansione con FindAWF, postando il risultato. |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 02 Feb 2008 14:53 Oggetto: |
|
|
Cia ho fatto le scansioni ( da modalità normale ) ma ho appena visto nella cronologia che ci sono ancora ( devo preoccuparmi per la bolletta ?):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.50.55, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 7280 bytes
ComboFix 08-02.02.5 - Utente 2008-02-02 13.33.33.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.201 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\regsvr32.dll
.
((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.
2008-02-02 03:12 . 2008-02-02 03:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-02 03:12 . 2008-02-02 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-02 02:25 . 2008-02-02 02:25 <DIR> d-------- C:\Programmi\StopDialers
2008-02-02 02:10 . 2008-02-02 02:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-02 02:10 . 2008-02-02 02:11 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 23:31 . 2008-02-01 23:31 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-02-01 23:31 . 2008-02-01 23:31 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\PC Tools
2008-02-01 23:31 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-01 23:31 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-01 23:31 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-01 23:31 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-01 23:24 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-01 23:16 . 2008-02-01 23:16 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Talkback
2008-02-01 23:16 . 2008-02-01 23:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-01 23:13 . 2008-02-01 23:13 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-02-01 22:56 . 2008-02-01 22:56 <DIR> d-------- C:\Programmi\Google
2008-02-01 22:56 . 2008-02-01 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-02-01 22:25 . 2008-02-01 22:25 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-01-31 21:20 . 2008-01-31 21:21 <DIR> d-------- C:\Programmi\Avira
2008-01-31 21:20 . 2008-01-31 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-01-31 21:12 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-31 21:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\myxttnuxnmpl.sys
2008-01-31 21:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BSplayer Pro
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BSplayer
2008-01-31 18:36 . 2008-01-31 18:36 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-31 18:36 . 2008-01-31 18:36 <DIR> d-------- C:\WINDOWS\bak
2008-01-21 13:22 . 2008-01-21 13:22 <DIR> d-------- C:\Programmi\Aethra
2008-01-21 13:22 . 2004-04-20 16:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-01-21 13:22 . 2004-04-20 16:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-01-20 17:59 . 2008-01-20 17:59 <DIR> d-------- C:\Programmi\nobrand
2008-01-20 17:49 . 2008-01-20 17:49 <DIR> d-------- C:\Temp
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpE0045.FOT
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpC4045.FOT
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpB8045.FOT
2008-01-20 17:39 . 2008-01-20 17:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 22:58 . 2008-01-17 22:58 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-01-15 19:52 . 2008-01-15 19:52 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\TomTom
2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-01-07 21:44 . 2008-01-07 21:45 <DIR> d-------- C:\Programmi\Combined Community Codec Pack
2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 17:41 14,348 ----a-w C:\WINDOWS\system32\SWEEPER.EXE
2008-01-31 17:41 14,348 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-15 14:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-15 14:02 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-15 14:02 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\AccurateRip
2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 16:43 --------- d-----w C:\Programmi\iTunes
2007-12-07 16:41 --------- d-----w C:\Programmi\QuickTime
2007-12-07 16:40 --------- d-----w C:\Programmi\Apple Software Update
2007-12-07 16:39 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-07 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-11-14 07:27 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-07 19:38 34,480 ----a-w C:\Documents and Settings\Utente\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-07-21 13:34 24,192 ----a-w C:\Documents and Settings\Utente\usbsermptxp.sys
2006-07-21 13:34 22,768 ----a-w C:\Documents and Settings\Utente\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 65,536 2007-06-11 22:20:26 C:\WINDOWS\bak\NCLAUNCH.EXe
----a-w 14,348 2008-01-31 17:41:48 C:\WINDOWS\NCLAUNCH.EXe
----a-w 15,360 2004-08-19 14:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 14:39:36 C:\WINDOWS\system32\ctfmon.exe
----a-w 167,936 2005-12-18 11:10:36 C:\WINDOWS\system32\bak\SWEEPER.EXE
----a-w 14,348 2008-01-31 17:41:48 C:\WINDOWS\system32\SWEEPER.EXE
----a-w 71,304 2006-04-04 11:02:02 C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe
----a-w 139,264 2006-11-16 18:04:20 C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
----a-w 155,648 2006-01-12 14:40:44 C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
----a-w 378,784 2007-10-31 09:19:50 C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\TomTom HOME 2\HOMERunner.exe
----a-w 290,816 2004-03-19 18:37:18 C:\Programmi\Launch Manager\bak\QtZiAcer.EXE
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Launch Manager\QtZiAcer.EXE
----a-w 110,592 2003-04-18 13:36:22 C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
----a-w 610,304 2003-04-18 14:20:58 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
----a-w 132,496 2007-07-12 03:00:36 C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
----a-w 32,768 2003-10-31 18:42:40 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
----a-w 286,720 2007-11-14 22:43:10 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\QuickTime\QTTask.exe
----a-w 267,048 2007-11-15 12:11:04 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\iTunes\iTunesHelper.exe
----a-w 690,176 2005-08-16 17:16:30 C:\Programmi\dvd43\bak\dvd43_tray.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\dvd43\dvd43_tray.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-01-31 18:41 14348]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2008-01-31 18:41 14348]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 22:56 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"PCMCIA Resource Monitor"="nvp2pmon.exe" [2004-02-23 16:50 9728 C:\WINDOWS\system32\nvp2pmon.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-21 22:31 2899968]
"nwiz"="nwiz.exe" [2004-01-21 22:31 782336 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-23 14:21 88363 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE" [2008-01-31 18:41 14348]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-31 18:41 14348]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-31 18:41 14348]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-01-31 18:41 14348]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 18:41 14348]
"CnxTrApp"="C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 16:24 247296]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-01-31 18:41 14348]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-01-31 18:41 14348]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-31 21:29 249896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-01 22:56:38 125624]
R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys [2004-02-23 16:49]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 z3f2bus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z3f2bus.sys []
S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z3f2mdfl.sys []
S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z3f2mdm.sys []
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z3f2mgmt.sys []
S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z3f2obex.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146ee53e-b67e-11dc-b03f-00029615bb96}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21abdf2c-cc2e-11db-af8c-00029615bb96}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3524098-c9ab-11dc-b060-000a9412d473}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe
.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-28 15:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 22:01:12 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:36:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-02-02 13.37.25
ComboFix-quarantined-files.txt 2008-02-02 12:37:22
.
2008-01-25 12:00:24 --- E O F ---
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\WINDOWS\BAK
11/06/2007 23.20 65.536 NCLAUNCH.EXe
1 File 65.536 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\WINDOWS\SYSTEM32\BAK
19/08/2004 15.39 15.360 ctfmon.exe
18/12/2005 12.10 167.936 SWEEPER.EXE
2 File 183.296 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\MESSEN~1\BAK
0 File 0 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\TOMTOM~1\BAK
31/10/2007 10.19 378.784 HOMERunner.exe
1 File 378.784 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\LAUNCH~1\BAK
19/03/2004 19.37 290.816 QtZiAcer.EXE
1 File 290.816 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\QUICKT~1\BAK
14/11/2007 23.43 286.720 qttask.exe
1 File 286.720 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\ITUNES\BAK
15/11/2007 13.11 267.048 iTunesHelper.exe
1 File 267.048 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\DVD43\BAK
16/08/2005 18.16 690.176 dvd43_tray.exe
1 File 690.176 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK
04/04/2006 12.02 71.304 ccApp.exe
1 File 71.304 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
18/04/2003 15.20 610.304 SynTPEnh.exe
18/04/2003 14.36 110.592 SynTPLpr.exe
2 File 720.896 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
31/10/2003 19.42 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK
12/01/2006 15.40 155.648 NeroCheck.exe
16/11/2006 19.04 139.264 NMBgMonitor.exe
2 File 294.912 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0
Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 26.672.136.192 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
14348 31 Jan 2008 "C:\WINDOWS\NCLAUNCH.EXe"
65536 11 Jun 2007 "C:\WINDOWS\bak\NCLAUNCH.EXe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 31 Jan 2008 "C:\WINDOWS\system32\SWEEPER.EXE"
167936 18 Dec 2005 "C:\WINDOWS\system32\bak\SWEEPER.EXE"
14348 31 Jan 2008 "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
378784 31 Oct 2007 "C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe"
14348 31 Jan 2008 "C:\Programmi\Launch Manager\QtZiAcer.EXE"
290816 19 Mar 2004 "C:\Programmi\Launch Manager\bak\QtZiAcer.EXE"
14348 31 Jan 2008 "C:\Programmi\QuickTime\QTTask.exe"
286720 14 Nov 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 31 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
102400 7 Dec 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
267048 15 Nov 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
116008 15 Nov 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 31 Jan 2008 "C:\Programmi\dvd43\dvd43_tray.exe"
520898 25 Sep 2005 "C:\Documents and Settings\Utente\Documenti\DVD43_3-6-2_Setup.exe"
690176 16 Aug 2005 "C:\Programmi\dvd43\bak\dvd43_tray.exe"
71304 4 Apr 2006 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
14348 31 Jan 2008 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
110592 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\Media\SYNTPLPR.EXE"
110592 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
14348 31 Jan 2008 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
610304 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\Media\SYNTPENH.EXE"
610304 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
14348 31 Jan 2008 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 31 Oct 2003 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
14348 31 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
139264 16 Nov 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"
14348 31 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
32873 19 Aug 2003 "C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe"
14348 31 Jan 2008 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"
end of report |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 02 Feb 2008 23:12 Oggetto: |
|
|
Ciao Jimny,
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione: | Files to delete:
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\SWEEPER.EXE
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Launch Manager\QtZiAcer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\dvd43\dvd43_tray.exe
Files to move:
C:\WINDOWS\bak\NCLAUNCH.EXe | C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\bak\SWEEPER.EXE | C:\WINDOWS\system32\SWEEPER.EXE
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe | C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\Programmi\Launch Manager\bak\QtZiAcer.EXE | C:\Programmi\Launch Manager\QtZiAcer.EXE
C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe | C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe | C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\dvd43\bak\dvd43_tray.exe | C:\Programmi\dvd43\dvd43_tray.exe |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
PS: se vuoi, puoi presentarti qui |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 03 Feb 2008 00:18 Oggetto: |
|
|
Ciao, siete davvero mitic, non saprei cosa fare se non fosse per voi
Ecco Avenger :
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fhwrnckv
*******************
Script file located at: \??\C:\WINDOWS\coyfcmvy.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\NCLAUNCH.EXe deleted successfully.
File C:\WINDOWS\system32\SWEEPER.EXE deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\TomTom HOME 2\HOMERunner.exe deleted successfully.
File C:\Programmi\Launch Manager\QtZiAcer.EXE deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe deleted successfully.
File C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe deleted successfully.
File C:\Programmi\QuickTime\QTTask.exe deleted successfully.
File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\dvd43\dvd43_tray.exe deleted successfully.
File move operation C:\WINDOWS\bak\NCLAUNCH.EXe|C:\WINDOWS\NCLAUNCH.EXe completed successfully.
File move operation C:\WINDOWS\system32\bak\SWEEPER.EXE|C:\WINDOWS\system32\SWEEPER.EXE completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe|C:\Programmi\TomTom HOME 2\HOMERunner.exe completed successfully.
File move operation C:\Programmi\Launch Manager\bak\QtZiAcer.EXE|C:\Programmi\Launch Manager\QtZiAcer.EXE completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe|C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\QTTask.exe completed successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\dvd43\bak\dvd43_tray.exe|C:\Programmi\dvd43\dvd43_tray.exe completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Ecco Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.18.13, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe
--
End of file - 7582 bytes
Appena faccio kaspersky lo posto. |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 03 Feb 2008 00:32 Oggetto: |
|
|
Scusatemi, la colpa è mia ma non riesco a fare la scansione di kasperky, mi dice che è attivo l'antivirus. Ho disattivato, firewall, Avira Antivir e Spyware doctor. Non mi sembra di avere altro, perchè non mi parte ???  |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 03 Feb 2008 12:45 Oggetto: |
|
|
Devo andare a cercare una vecchia discussione in merito, nel frattempo, proviamo un'altra strada:
Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
edit: ho trovato le discussioni dove c'erano problemi a usare Kaspersky, prova a dargli un'occhiata: |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 03 Feb 2008 15:47 Oggetto: |
|
|
Ho fatto per ora la scansione con Bitdefender. Ancora c'è qualcosa non ne posso più !
BitDefender Online Scanner
edit by bdoriano: log eliminato perché incompleto. I logs lunghi vanno caricati su FreeFileHosting come indicato qui. |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 04 Feb 2008 14:12 Oggetto: |
|
|
Avete una soluzione ?  |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 04 Feb 2008 15:55 Oggetto: |
|
|
Ragazzi sono riuscito a risolvere ? Spero di non aver fatto casino
kasp 2.html |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 04 Feb 2008 22:08 Oggetto: |
|
|
Il primo report di Kaspersky evidenziava alcuni virus nel ripristino di sistema e il backup di avenger.
Nel secondo report non ci sono più. Presumo che tu abbia disabilitato il ripristino e cancellato il file di backup di avenger.
Se non riscontri altri problemi, puoi riattivare il ripristino di sistema.  |
|
Top |
|
 |
Jimny Mortale devoto

Registrato: 02/02/08 03:37 Messaggi: 12
|
Inviato: 05 Feb 2008 00:57 Oggetto: |
|
|
Ok grazie !!!!! Mi sono accorto che avevo fatto partire avenger senza disabilitare il ripristino. Per fortuna non ho fatto casini , grazie ancora  |
|
Top |
|
 |
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|