Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Rimuovere SkipToday
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 23 Gen 2008 23:54    Oggetto: Rimuovere SkipToday Rispondi citando
CIAO A TUTTI.NON RIESCO A RIMUOVERE IL VIRUS CHE APRE IN CONTINUAZIONE IL SITO HTTP://B.SKITODAYPLEASE.COM E ALTRI SITI SIMILI.USAVO AVAST ANTIVIRUS MA NON MIS EGNALAVA LA PRESENZA DI VIRUS.HO PROVATO KON ALTRI ANTIVIRUS MA è ANKE PEGGIO.PER FAVORE MI AIUTATE??? Sad Sad STO IMPAZZENDO...
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 24 Gen 2008 00:28    Oggetto: Rispondi citando
Ciao TOXIC, Ciao

Segui le istruzioni di questo topic per postare il log di hijackthis.

Poi, fai questa scansione con FindAWF.

Per cortesia, non scrivere in maiuscolo. Per convenzione equivale a urlare.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 24 Gen 2008 21:44    Oggetto: scansione Rispondi citando
ciao!ho fatto la scansione..adesso chi mi aiuta??io non ci capisco molto Embarassed
questo è il risultato della prima

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.14.54, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antonella\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://.onecare.live.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E360C5A-1B08-4737-8028-4219518F4BB8}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC05E6B-8837-4DA2-81E5-730B24FC906B}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7085 bytes




e questo dell'altra scansione


Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

12/01/2006 15.40 155.648 NeroCheck.exe
19/06/2006 16.40 94.208 NMBgMonitor.exe
2 File 249.856 byte
2 Directory 32.239.443.968 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 3 Jan 2008 "C:\WINDOWS\VM_STI.EXE"
40960 9 Jun 2004 "C:\WINDOWS\bak\VM_STI.EXE"
40960 9 Jun 2004 "C:\WINDOWS\Options\Install\VM_STI.EXE"
59392 10 Aug 2004 "C:\WINDOWS\ehome\ehtray.exe"
59392 10 Aug 2004 "C:\WINDOWS\ehome\bak\ehtray.exe"
14336 7 Sep 2004 "C:\WINDOWS\system32\svchost.exe"
202240 30 Dec 2010 "C:\WINDOWS\system\bak\svchost.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 3 Jan 2008 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 2 Nov 2004 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
14348 3 Jan 2008 "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe"
45056 20 Aug 2004 "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe"
14348 3 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe"
229376 15 Jun 2006 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE"
14348 3 Jan 2008 "C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe"
1449984 27 Jun 2006 "C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe"
14348 3 Jan 2008 "C:\Programmi\TGTSoft\StyleXP\StyleXP.exe"
1372160 24 May 2006 "C:\Programmi\TGTSoft\StyleXP\bak\StyleXP.exe"
14348 3 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
14348 3 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
94208 19 Jun 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"


ringrazio anticipatamente per la pazienza Smile
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 24 Gen 2008 22:20    Oggetto: Rispondi citando
Il log di hijackthis sembra pulito.

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
files to delete:
C:\WINDOWS\VM_STI.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

files to move:
C:\WINDOWS\bak\VM_STI.EXE | C:\WINDOWS\VM_STI.EXE
C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe | C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe | C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE | C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\TGTSoft\StyleXP\bak\StyleXP.exe | C:\Programmi\TGTSoft\StyleXP\StyleXP.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe | C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Per cortesia, non aprire nuovi thread, usa il tasto per continuare questa discussione. Ok? Wink
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 25 Gen 2008 19:08    Oggetto: Rispondi citando
ciao...questi sono i risultati di avenger

Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tnvtvwya

*******************

Script file located at: \??\C:\WINDOWS\tobkjhlp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\VM_STI.EXE deleted successfully.
File C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe deleted successfully.
File C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe deleted successfully.
File C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe deleted successfully.
File C:\Programmi\TGTSoft\StyleXP\StyleXP.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe deleted successfully.
File move operation C:\WINDOWS\bak\VM_STI.EXE|C:\WINDOWS\VM_STI.EXE completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe|C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe completed successfully.
File move operation C:\Programmi\Elaborate Bytes\VirtualCloneDrive\bak\VCDDaemon.exe|C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\LAUNCH~1.EXE|C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe completed successfully.
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\PcSync2.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe completed successfully.
File move operation C:\Programmi\TGTSoft\StyleXP\bak\StyleXP.exe|C:\Programmi\TGTSoft\StyleXP\StyleXP.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.




e questo è il log



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.01.53, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antonella\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://.onecare.live.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E360C5A-1B08-4737-8028-4219518F4BB8}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC05E6B-8837-4DA2-81E5-730B24FC906B}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7848 bytes



il problema adesso è che ho scaricato del domains ma non si installa...cosa devo fare Question Question
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 30 Gen 2008 20:59    Oggetto: Rispondi citando
ciao!!in questi giorni non si sono piu aperte finestre di skitoday etc.va molto meglio.anche se il pc va lentissimo e non sono riuscita ad installare deldomains... Sad per favore qualcuno puo darmi una mano??
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 31 Gen 2008 23:41    Oggetto: Rispondi citando
DelDomains ti segnala qualche errore? Confused

  • Scarica FixWareOut da uno di questi siti:
    Sito 1
    Sito 2
    Sito 3
  • Salvalo sul desktop
  • Avvialo
  • Clicca Next
  • Clicca Install
  • Assicurati che ci sia il segno di spunta su "Run fixit"
  • Clicca Finish.
  • Segui le indicazioni.
  • Ti chiederà di riavviare il pc, fallo.
  • Ci metterà parecchio a riavviarsi. Sii paziente.
  • Alla fine dell'operazione, riavvia ancora il pc.
  • Rifai il log di hijackthis e postalo insieme al file C:\fixwareout\report.txt


Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 02 Feb 2008 00:41    Oggetto: Rispondi citando
ciaooo!spero di avere fatto tutto correttamente...questo è il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.30.53, on 01/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Antonella\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC05E6B-8837-4DA2-81E5-730B24FC906B}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7635 bytes



questo è il file di fixwareout
Username "Antonella" - 01/02/2008 20.34.30 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Svuotata la cache del resolver DNS.


System was rebooted successfully.


e questo dovrebbe essere il link
save reports.html

spero di nn avere fatto confusione Shocked
grazie... Wink
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Feb 2008 00:46    Oggetto: Rispondi citando
Il log di Kaspersky evidenzia altri ospiti, segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 02 Feb 2008 22:24    Oggetto: Rispondi citando
ciao!ecco il log di combofix

ComboFix 08-02.02.5 - Antonella 2008-02-02 19.50.43.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Antonella\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.

2008-02-01 21:41 . 2008-02-01 21:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-01 21:41 . 2008-02-01 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-01 20:33 . 2008-02-01 20:34 <DIR> d-------- C:\fixwareout
2008-01-25 00:58 . 2008-01-25 00:58 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-01-25 00:58 . 2008-01-25 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-21 11:40 . 2007-09-21 10:35 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-01-21 11:40 . 2007-09-21 10:35 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-01-21 11:38 . 2007-07-06 16:09 70,928 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-01-21 11:37 . 2008-01-21 11:37 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-21 11:35 . 2007-03-29 13:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-21 11:35 . 2007-03-29 13:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-21 11:15 . 2008-02-01 21:50 <DIR> d-------- C:\Programmi\Microsoft Windows OneCare Live
2008-01-21 00:12 . 2008-01-21 11:15 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-01-06 20:44 . 2008-01-06 20:44 <DIR> d-------- C:\Programmi\ESET
2008-01-06 14:49 . 2007-10-10 09:00 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-06 14:48 . 2008-01-07 16:53 <DIR> d-------- C:\VEXPLITE
2008-01-06 13:44 . 2008-01-06 13:44 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-01-05 17:55 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-03 20:56 . 2008-01-03 20:56 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-03 20:56 . 2008-01-03 20:56 <DIR> d-------- C:\WINDOWS\system\bak
2008-01-03 20:56 . 2008-01-25 17:38 <DIR> d-------- C:\WINDOWS\bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 22:58 --------- d-----w C:\Programmi\eMule
2008-01-22 14:25 --------- d-----w C:\Programmi\Elaborate Bytes
2008-01-06 13:43 --------- d-----w C:\Programmi\Google
2008-01-03 19:56 --------- d-----w C:\Programmi\MSN Messenger
2007-12-29 12:11 --------- d-----w C:\Programmi\MP3 Player Utilities 3.57
2007-12-27 20:07 --------- d-----w C:\Programmi\LRC Editor 4
2007-12-26 19:27 --------- d-----w C:\Documents and Settings\Antonella\Dati applicazioni\Datalayer
2007-12-04 12:16 --------- d-----w C:\Documents and Settings\Antonella\Dati applicazioni\Nokia Multimedia Player
2007-12-02 16:22 --------- d-----w C:\Documents and Settings\Antonella\Dati applicazioni\Nokia
2007-12-02 12:11 --------- d-----w C:\Programmi\DIFX
2007-12-02 12:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-12-02 12:10 --------- d-----w C:\Programmi\Nokia
2007-12-02 12:10 --------- d-----w C:\Programmi\File comuni\PCSuite
2007-12-02 12:10 --------- d-----w C:\Programmi\File comuni\Nokia
2007-12-02 12:09 --------- d-----w C:\Documents and Settings\Antonella\Dati applicazioni\PC Suite
2007-12-02 12:07 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2007-11-16 09:04 90,112 ----a-w C:\WINDOWS\DUMP3400.tmp
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2001-11-22 13:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 59,392 2004-08-10 03:04:42 C:\WINDOWS\ehome\ehtray.exe

----a-w 202,240 2010-12-30 01:11:14 C:\WINDOWS\system\bak\svchost.exe

----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"STYLEXP"="C:\Programmi\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 19:31 1372160]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 17:38 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-06-19 16:40 94208]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"VirtualCloneDrive"="C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2004-08-20 11:28 45056]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2003-05-07 09:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37 40960]
"AdslTaskBar"="stmctrl.dll" [2003-04-16 17:39 151552 C:\WINDOWS\system32\stmctrl.dll]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"OneCareUI"="C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe" [2007-12-11 09:42 67112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 01:01 437160]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
TrayMin300.exe.lnk - C:\Programmi\Philips\SPC 200NC PC Camera\TrayMin200.exe [2006-12-15 19:03:44 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau


.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-02 19:25:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 20:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-02 20:32:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 19:32:30
.
2008-01-21 23:24:46 --- E O F ---


e qui il log aggiornato di hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.18.50, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Documents and Settings\Antonella\Documenti\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programmi\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [OneCareUI] "C:\Programmi\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?65d2240f15944f5f8e96ce13023f1761
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E360C5A-1B08-4737-8028-4219518F4BB8}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAC05E6B-8837-4DA2-81E5-730B24FC906B}: NameServer = 193.70.152.15,193.70.152.25
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 7717 bytes


aspetto tue istruzioni!!! Wink grazie sempre per l'aiuto Smile
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 02 Feb 2008 22:37    Oggetto: Rispondi citando
Apparentemente sembrano rimasugli. Razz

Disabilita il ripristino di sistema

Scarica ATF-Cleaner.
Avvia ATF-Cleaner (serve a eliminare i files temporanei)
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
D:\Incoming\NOKIA\GIOCHI_NOKIA7650_3650_JAR_E_SI\RACCOLTA_3\JAVA2.ZIP
D:\Incoming\NOKIA\NOKIA 7210 e 6610 - PACCHETTO GIOCHI,APPLICAZIONI E SUONERIE (vari download riuniti da LANCIL9)\[NOKIA - MIDLET] 257 giochi e apps (6100 - 7210 - 7250) packed by SMOG\games\Rockman.zip
D:\Incoming\NOKIA\NOKIA 7210 e 6610 - PACCHETTO GIOCHI,APPLICAZIONI E SUONERIE (vari download riuniti da LANCIL9)\[NOKIA - MIDLET] 257 giochi e apps (6100 - 7210 - 7250) packed by SMOG\games\Sno Pro.zip
D:\Incoming\NOKIA\NOKIA 7210 e 6610 - PACCHETTO GIOCHI,APPLICAZIONI E SUONERIE (vari download riuniti da LANCIL9)\[NOKIA - MIDLET] 257 giochi e apps (6100 - 7210 - 7250) packed by SMOG\tools\GlobalTime.zip
D:\Incoming\NOKIA\NOKIA 7210 e 6610 - PACCHETTO GIOCHI,APPLICAZIONI E SUONERIE (vari download riuniti da LANCIL9)\[NOKIA - MIDLET] 257 giochi e apps (6100 - 7210 - 7250) packed by SMOG\tools\world-time.zip
D:\Incoming\NOKIA\games\VampireBloodline.jar
D:\Incoming\NOKIA\games\DerbyChamp.jar
C:\WINDOWS\Temp\_avast4_\unp75861184.tmp
C:\Documents and Settings\Antonella\Impostazioni locali\Temp\944416209.exe
C:\Documents and Settings\Antonella\Impostazioni locali\Temp\2371328578.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 03 Feb 2008 22:58    Oggetto: Rispondi citando
Ciao..non so cosa ho combinato o se è il mio pc impazzito .cmq dopo avere eseguito a//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!venger il pc è bloccatissimo e mi è spuntato questo log


Sad Sad kosa devo fare ???
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 04 Feb 2008 12:35    Oggetto: Rispondi citando
Scarica Norman Malware Cleaner e drWeb CureIt.
Disabilita il ripristino di sistema e avvia il pc in modalità provvisoria.
Avvia drWeb CureIt e fagli fare la scansione completa.
Avvia Norman Malware Cleaner e fagli fare la scansione completa.
Viene generato un log sul desktop chiamandolo NFix_2008-02-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 06 Feb 2008 20:02    Oggetto: Rispondi citando
rieccomi...questo è il link nfix.txt
Rolling Eyes speriamo bene...sempre grazie e a presto! Wink
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 06 Feb 2008 21:25    Oggetto: Rispondi citando
Ciao TOXIC, Ciao

il log di Norman sembra pulito.

a mali estremi... fai questa scansione con SystemScan e posta il log su FreeFileHosting come indicato qui.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 07 Feb 2008 23:40    Oggetto: Rispondi citando
Ciao..ho provato a fare la scansione ma arrivata al nono punto si è bloccato tutto.ho riprovato a farla..ma nulla. Sad immagino ci sia qualcosa che non va ancora...uff ma forse mi converrebbe formattare il pc Shocked ??
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 08 Feb 2008 09:55    Oggetto: Rispondi citando
Non ho capito se si ferma durante il controllo del punto 9 o subito dopo.
Eventualmente, togli il segno di spunta al punto 9 e rifai la scansione.
Top
Profilo Invia messaggio privato
TOXIC
Mortale devoto
Mortale devoto


Registrato: 23/01/08 23:46
Messaggi: 13
MessaggioInviato: 08 Feb 2008 19:18    Oggetto: Rispondi
Ciao!la scansione si bloccava al punto nove.quindi ho levato il punto nove e ho finito la scansione.questo è il link
[URL="http://www.freefilehosting.net/files/3bjk2"]08_02_2008_18_06_report.zip[/URL]
ciaooo Wink
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi