Precedente :: Successivo |
Autore |
Messaggio |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 24 Apr 2008 11:30 Oggetto: Mi controllate il log di Hijack? |
|
|
salve,
è da un pò di giorni che l'antivirus AVIRA mi segnala continuamente (ogni 10 secondi..) la presenza del virus TR\Vundo.gen nel file ddcbrqgx.dll (in windows\system32)..
ho fatto una scansione con hijackthis e qui di seguito posto il LOg nella speranza che qualcuno possa aiutarmi..
Grazie in anticipo
Logfile of HijackThis v1.99.1
Scan saved at 11.16.08, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Glass Toasts\glasstoast.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hjack\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/9uxp9en-us/hpg_lnk2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: Glass2k.lnk = C:\Programmi\Glass2k\Glass2k.exe
O4 - Startup: TrueTransparency.lnk = C:\Programmi\TrueTransparency\TrueTransparency.exe
O4 - Global Startup: Glass Toasts.lnk = C:\Programmi\Glass Toasts\glasstoast.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 24 Apr 2008 12:16 Oggetto: |
|
|
Ciao mmx70 e benvenuto/a
Probabilmente c'è anche dell'altro...
Scarica Vundofix sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca su Fix Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt.
Salva questo file sul desktop.
Avvia il PC in modalità provvisoria
Esegui il programma appena scaricato.
Al termine, riavvia il pc in modalità normale e posta qui il log generato.
fai la scansione anche con Combofix |
|
Top |
|
 |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 24 Apr 2008 14:10 Oggetto: |
|
|
..ok grazie. Avevo già provato stamattina con Vundofix e mi dava esito negativo. Ora provo con gli altri che mi hai suggerito poi vediamo...
Intanto grazie di nuovo.
PS: avendo formattato il pc ieri pomeriggio, è possibile che l'infezione provenga da qualche altro hard disk? |
|
Top |
|
 |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 24 Apr 2008 15:19 Oggetto: |
|
|
..infatti, con Vundofix non è venuto fuori niente. Ecco invece i log ottenuti con 1) virtumondobegone e 2) combofix..
1)
[04/24/2008, 14:51:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Massimo\Desktop\VirtumundoBeGone.exe" )
[04/24/2008, 14:51:33] - Detected System Information:
[04/24/2008, 14:51:33] - Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 14:51:33] - Current Username: Massimo (Admin)
[04/24/2008, 14:51:33] - Windows is in SAFE mode with Networking.
[04/24/2008, 14:51:33] - Searching for Browser Helper Objects:
[04/24/2008, 14:51:33] - BHO 1: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 14:51:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 14:51:33] - No filename found. Continuing.
[04/24/2008, 14:51:33] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Guida per l'accesso a Windows Live)
[04/24/2008, 14:51:33] - BHO 3: {BD31FC36-22DB-4668-8562-405C4BD6A42C} ()
[04/24/2008, 14:51:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 14:51:33] - Checking for HKLM\...\Winlogon\Notify\ddcBrQGx
[04/24/2008, 14:51:33] - Key not found: HKLM\...\Winlogon\Notify\ddcBrQGx, continuing.
[04/24/2008, 14:51:33] - Finished Searching Browser Helper Objects
[04/24/2008, 14:51:33] - Finishing up...
[04/24/2008, 14:51:33] - Nothing found! Exiting...
2) ComboFix 08-04-22.5 - Massimo 2008-04-24 15.10.12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.666 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Massimo\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Creati Da 2008-03-24 al 2008-04-24 )))))))))))))))))))))))))))))))))))
.
2008-04-24 15:00 . 2008-04-24 15:00 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-04-24 15:00 . 2008-04-24 15:00 <DIR> d-------- C:\WINDOWS\srchasst
2008-04-24 15:00 . 2008-04-24 15:00 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-04-24 14:12 . 2008-04-24 14:12 96,978 --a------ C:\VirtumundoBeGone.exe
2008-04-24 10:55 . 2008-04-24 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
2008-04-24 09:55 . 2008-04-24 11:17 <DIR> d-------- C:\Hjack
2008-04-24 09:46 . 2008-04-24 09:46 <DIR> d-------- C:\VundoFix Backups
2008-04-24 09:02 . 2008-04-24 14:52 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-24 08:52 . 2008-04-24 08:58 <DIR> d-------- C:\Programmi\uTorrent
2008-04-24 08:52 . 2008-04-24 14:17 <DIR> d-------- C:\Documents and Settings\Massimo\Dati applicazioni\uTorrent
2008-04-24 08:47 . 2008-04-24 08:47 <DIR> d-------- C:\Programmi\Avira
2008-04-24 08:47 . 2008-04-24 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-24 08:22 . 2008-04-24 08:22 <DIR> d-------- C:\Programmi\UltraISO
2008-04-24 08:22 . 2008-04-24 08:22 <DIR> d-------- C:\Programmi\File comuni\EZB Systems
2008-04-24 08:21 . 2008-04-24 08:21 39,936 --a------ C:\WINDOWS\system32\byXRijhi.dll.vir
2008-04-24 08:16 . 2008-04-24 08:16 <DIR> d-------- C:\Programmi\Microsoft Works
2008-04-24 08:15 . 2008-04-24 08:15 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-04-24 08:13 . 2008-04-24 08:16 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-24 08:12 . 2008-04-24 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-24 08:12 . 2007-02-28 18:02 2,184,064 --a------ C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-04-24 08:12 . 2007-02-28 18:02 2,139,648 --a------ C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-24 08:12 . 2007-02-28 18:02 2,061,312 --a------ C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-04-24 08:12 . 2007-02-28 18:02 2,019,328 --a------ C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-04-24 08:11 . 2008-04-24 08:11 <DIR> dr-h----- C:\MSOCache
2008-04-24 08:11 . 2008-03-20 09:57 1,845,888 --a------ C:\WINDOWS\system32\dllcache\win32k.sys
2008-04-24 08:11 . 2008-02-20 08:52 282,624 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll
2008-04-24 08:11 . 2008-02-20 07:33 148,992 --a------ C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-04-24 08:11 . 2008-02-20 07:33 45,568 --a------ C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-04-23 18:02 . 2004-08-19 17:24 58,240 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-04-23 18:01 . 2006-07-12 16:50 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-04-23 18:01 . 2004-08-19 17:39 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-04-23 18:01 . 2004-08-19 17:39 76,800 --a------ C:\WINDOWS\system32\usbui.dll
2008-04-23 18:01 . 2004-08-04 01:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-04-23 18:01 . 2004-08-04 01:07 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2008-04-23 18:01 . 2004-08-19 17:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 12:16 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\TeraCopy
2008-04-24 07:49 --------- d-----w C:\Programmi\Unlocker
2008-04-23 14:51 --------- d-----w C:\Programmi\Windows Live
2008-04-23 14:49 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-04-23 14:49 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-04-23 14:40 --------- d-----w C:\Documents and Settings\Massimo\Dati applicazioni\Talkback
2008-04-23 14:31 --------- d-----w C:\Programmi\WinFlip
2008-04-23 14:31 --------- d-----w C:\Programmi\VisualToolTip
2008-04-23 14:31 --------- d-----w C:\Programmi\Vista Drive Icon
2008-04-23 14:31 --------- d-----w C:\Programmi\Vista Crystal Gadjets
2008-04-23 14:31 --------- d-----w C:\Programmi\TrueTransparency
2008-04-23 14:31 --------- d-----w C:\Programmi\RocketDock
2008-04-23 14:31 --------- d-----w C:\Programmi\Glass2k
2008-04-23 14:27 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-23 14:27 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-23 14:27 --------- d-----w C:\Programmi\ATI Technologies
2008-04-23 14:18 --------- d-----w C:\Programmi\TeraCopy
2008-04-23 14:16 89 ----a-w C:\WINDOWS\system32\config\systemprofile\Del195D.bat
2008-04-23 14:16 89 ----a-w C:\Documents and Settings\Massimo\Del195D.bat
2008-04-23 14:16 89 ----a-w C:\Documents and Settings\Default User\Del195D.bat
2008-04-23 14:15 --------- d-----w C:\Programmi\Reference Assemblies
2008-04-23 14:15 --------- d-----w C:\Programmi\MSBuild
2008-04-23 14:10 --------- d-----w C:\Programmi\Servizi in linea
2008-04-23 14:09 --------- d-----w C:\Programmi\Glass Toasts
2008-04-23 14:08 --------- d-----w C:\Programmi\Windows Sidebar
2008-04-23 14:06 --------- d-----w C:\Programmi\Alky for Applications
2008-04-23 14:05 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-03-20 07:57 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 20:52 3,038 ----a-w C:\WINDOWS\system32\presetup.cmd
2008-02-16 20:52 28,672 ----a-w C:\WINDOWS\system32\setupold.exe
2008-02-16 01:09 3,283,456 ----a-w C:\WINDOWS\system32\msgina.dll
2008-02-14 05:52 825,344 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-13 23:09 1,619,968 ----a-w C:\WINDOWS\explorer.exe
2008-02-13 01:05 499,254 ----a-w C:\WINDOWS\system32\dxmasf.dll
2008-02-13 01:05 414,720 ----a-w C:\WINDOWS\system32\msscp.dll
2008-02-13 01:05 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
2008-02-12 21:58 58,880 ----a-w C:\WINDOWS\system32\sol.exe
2008-02-12 21:58 57,344 ----a-w C:\WINDOWS\system32\freecell.exe
2008-02-12 21:58 129,536 ----a-w C:\WINDOWS\system32\mshearts.exe
2008-02-12 21:58 108,032 ----a-w C:\WINDOWS\system32\winmine.exe
2008-02-12 21:58 1,565,184 ----a-w C:\WINDOWS\system32\spider.exe
2008-02-12 21:58 1,384,960 ----a-w C:\WINDOWS\system32\cards.dll
2008-02-12 21:57 13,078,016 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-02-12 21:54 94,720 ----a-w C:\WINDOWS\system32\mshta.exe
2008-02-12 21:54 70,144 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-02-12 21:54 105,984 ----a-w C:\WINDOWS\system32\admparse.dll
2008-02-12 21:51 99,840 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-02-12 21:50 96,256 ----a-w C:\WINDOWS\system32\drwtsn32.exe
2008-02-12 21:50 67,072 ----a-w C:\WINDOWS\system32\grpconv.exe
2008-02-12 21:50 53,248 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
2008-02-12 21:50 409,088 ----a-w C:\WINDOWS\system32\fsquirt.exe
2008-02-12 21:50 33,792 ----a-w C:\WINDOWS\system32\eventvwr.exe
2008-02-12 21:50 3,504,640 ----a-w C:\WINDOWS\system32\mobsync.exe
2008-02-12 21:50 268,288 ----a-w C:\WINDOWS\system32\mplay32.exe
2008-02-12 21:50 20,992 ----a-w C:\WINDOWS\hh.exe
2008-02-12 21:50 161,280 ----a-w C:\WINDOWS\system32\iexpress.exe
2008-02-12 21:50 105,472 ----a-w C:\WINDOWS\system32\ddeshare.exe
2008-02-12 21:50 1,459,200 ----a-w C:\WINDOWS\system32\mmc.exe
2008-02-12 21:48 744,960 ----a-w C:\WINDOWS\system32\sxs.dll
2008-02-12 21:48 701,952 ----a-w C:\WINDOWS\system32\wiashext.dll
2008-02-12 21:48 680,448 ----a-w C:\WINDOWS\system32\syncui.dll
2008-02-12 21:48 452,096 ----a-w C:\WINDOWS\system32\themeui.dll
2008-02-12 21:48 3,700,224 ----a-w C:\WINDOWS\system32\wiadefui.dll
2008-02-12 21:48 286,208 ----a-w C:\WINDOWS\system32\upnpui.dll
2008-02-12 21:48 264,192 ----a-w C:\WINDOWS\system32\sti_ci.dll
2008-02-12 21:48 2,247,680 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-02-12 21:48 141,824 ----a-w C:\WINDOWS\system32\tapiui.dll
2008-02-12 21:48 133,632 ----a-w C:\WINDOWS\system32\stobject.dll
2008-02-12 21:48 101,376 ----a-w C:\WINDOWS\system32\tcpmonui.dll
2008-02-12 21:47 78,336 ----a-w C:\WINDOWS\system32\srclient.dll
2008-02-12 21:47 6,875,136 ----a-w C:\WINDOWS\system32\shimgvw.dll
2008-02-12 21:47 36,864 ----a-w C:\WINDOWS\system32\shscrap.dll
2008-02-12 21:47 268,288 ----a-w C:\WINDOWS\system32\srrstr.dll
2008-02-12 21:46 7,284,224 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-02-12 21:46 643,584 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-02-12 21:44 984,576 ----a-w C:\WINDOWS\system32\netplwiz.dll
2008-02-12 21:44 911,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2008-02-12 21:44 9,444,352 ----a-w C:\WINDOWS\system32\msieftp.dll
2008-02-12 21:44 87,040 ----a-w C:\WINDOWS\system32\msidntld.dll
2008-02-12 21:44 81,408 ----a-w C:\WINDOWS\system32\mydocs.dll
2008-02-12 21:44 742,912 ----a-w C:\WINDOWS\system32\msxml2.dll
2008-02-12 21:44 73,728 ----a-w C:\WINDOWS\system32\msident.dll
2008-02-12 21:44 547,840 ----a-w C:\WINDOWS\system32\msxml.dll
2008-02-12 21:44 328,704 ----a-w C:\WINDOWS\system32\mstask.dll
2008-02-12 21:44 2,905,088 ----a-w C:\WINDOWS\system32\msi.dll
2008-02-12 21:44 184,832 ----a-w C:\WINDOWS\system32\mycomput.dll
2008-02-12 21:44 163,328 ----a-w C:\WINDOWS\system32\netid.dll
2008-02-12 21:44 1,146,368 ----a-w C:\WINDOWS\system32\msxml3.dll
2008-02-12 21:42 47,104 ----a-w C:\WINDOWS\system32\inetppui.dll
2008-02-12 21:41 957,952 ----a-w C:\WINDOWS\system32\gpedit.dll
2008-02-12 21:40 93,184 ----a-w C:\WINDOWS\system32\digest.dll
2008-02-12 21:40 80,896 ----a-w C:\WINDOWS\system32\dfrgres.dll
2008-02-12 21:40 6,866,944 ----a-w C:\WINDOWS\system32\cscui.dll
2008-02-12 21:40 43,008 ----a-w C:\WINDOWS\system32\deskperf.dll
2008-02-12 21:40 41,984 ----a-w C:\WINDOWS\system32\deskadp.dll
2008-02-12 21:40 41,472 ----a-w C:\WINDOWS\system32\deskmon.dll
2008-02-12 21:40 388,608 ----a-w C:\WINDOWS\system32\devmgr.dll
2008-02-12 21:40 373,760 ----a-w C:\WINDOWS\system32\dmdlgs.dll
.
------- Sigcheck -------
2008-02-12 17:41 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\drivers\tcpip.sys
2008-02-12 23:52 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe
2008-02-14 01:09 1619968 bf01c54364118dcd1a9077436aada1a4 C:\WINDOWS\explorer.exe
2008-02-12 23:49 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-24_15.03.49.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 14:30:59 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-24 13:04:36 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-23 14:30:59 84,330 ----a-w C:\WINDOWS\system32\perfc010.dat
+ 2008-04-24 13:04:36 84,330 ----a-w C:\WINDOWS\system32\perfc010.dat
- 2008-04-23 14:30:59 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-24 13:04:36 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-23 14:30:59 489,598 ----a-w C:\WINDOWS\system32\perfh010.dat
+ 2008-04-24 13:04:36 489,598 ----a-w C:\WINDOWS\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 23:49 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 22:24 1233408]
"LClock"="C:\Programmi\LClock\LClock.exe" [2004-09-19 20:27 65536]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-16 21:00 344064]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Updates"="svehost.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-12 23:49 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 22:24 1233408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-02-14 07:51 124928 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Massimo\Menu Avvio\Programmi\Esecuzione automatica\
Glass2k.lnk - C:\Programmi\Glass2k\Glass2k.exe [2008-04-23 16:31:11 56325]
TrueTransparency.lnk - C:\Programmi\TrueTransparency\TrueTransparency.exe [2008-04-23 16:31:12 133120]
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Glass Toasts.lnk - C:\Programmi\Glass Toasts\glasstoast.exe [2008-04-23 16:08:49 860160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 15:10:51
Windows 5.1.2600 Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-04-24 15.12.12
ComboFix-quarantined-files.txt 2008-04-24 13:11:54
ComboFix2.txt 2008-04-24 13:04:09
7 Directory 71,850,160,128 byte disponibili
10 Directory 71,842,861,056 byte disponibili
230 --- E O F --- 2008-04-24 06:19:18 |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 24 Apr 2008 17:07 Oggetto: |
|
|
Puoi postare cortesemente il log di Vundofix?
Non vi è traccia neanche di Virtumundo...
mmx70 ha scritto: |
PS: avendo formattato il pc ieri pomeriggio, è possibile che l'infezione provenga da qualche altro hard disk? | ;
Se hai utilizzato un hard disk esterno è probabile;
Dai una passata con Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato, insieme ad un log aggiornato di Hijackthis... |
|
Top |
|
 |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 25 Apr 2008 11:25 Oggetto: |
|
|
...ecco i log che mi hai richiesto:
VUNDOFIX
VundoFix V7.0.3
Scan started at 9.46.57 24/04/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.3
Scan started at 14.08.05 24/04/2008
Listing files found while scanning....
No infected files were found.
VundoFix V7.0.3
Scan started at 8.34.08 25/04/2008
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V7.0.3
Scan started at 8.45.19 25/04/2008
Listing files found while scanning....
No infected files were found.
VIRIT:
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/04/2008 - 09:21:22
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1719.
Files Totali: 1719.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
25/04/2008 - 09:22:58
[SCANSIONE DEL REGISTRO]
OK
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 5004.
Files Totali: 5004.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/04/2008 - 09:36:37
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/04/2008 - 11:09:30
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\QooBox\Quarantine\C\WINDOWS\system32\svehost.exe.vir Infetto da Backdoor.RBot.AAK
* * * RIMOSSO * * *
C:\WINDOWS\system32\byXRijhi.dll.vir Infetto da Trojan.Win32.Vundo.DM
* * * RIMOSSO * * *
Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 23555.
Files Totali: 23555.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.
HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 11.22.51, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Vista Drive Icon\DrvIcon.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\LClock\LClock.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\TrueTransparency\TrueTransparency.exe
C:\Programmi\Glass Toasts\glasstoast.exe
C:\Programmi\Glass2k\Glass2k.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\VEXPLITE\VIRITEXP.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Hjack\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.live.com/9uxp9en-us/hpg_lnk2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programmi\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] C:\Programmi\LClock\LClock.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [TrueTransparency] "C:\Programmi\TrueTransparency\TrueTransparency.exe"
O4 - Startup: Glass2k.lnk = C:\Programmi\Glass2k\Glass2k.exe
O4 - Startup: TrueTransparency.lnk = C:\Programmi\TrueTransparency\TrueTransparency.exe
O4 - Global Startup: Glass Toasts.lnk = C:\Programmi\Glass Toasts\glasstoast.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O17 - HKLM\System\CCS\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Avira AntiVir Personal ? Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal ? Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 25 Apr 2008 11:53 Oggetto: |
|
|
disattiva il ripristino di sistema;
Avvia Hijackthis, seleziona queste righe e clicca su fix Cheched: (quelle in rosso, se conosci gli indirizzi IP non selezionarle);
Citazione: | O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{4446114A-3715-4D23-9176-F9625503AD53}: NameServer = 194.183.64.10
|
Riavvia il PC e fai la scansione con Systemscan e posta il log generato come
indicato quì;
Guarda alla fine del log se è incluso quello di Hijackthis, altrimenti postalo a parte... |
|
Top |
|
 |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 25 Apr 2008 14:42 Oggetto: |
|
|
..allora:
le righe in rosso non le ho cancellate in quanto sono l'indirizzo IP del server DNS del mio provider internet...
ecco invece il log di Systemscan:
http://www.freefilehosting.net/files/3g4ee"]report204.txt |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 25 Apr 2008 22:56 Oggetto: |
|
|
Non vedo cose strane nel log...
adesso collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato come indicato quì |
|
Top |
|
 |
mmx70 Mortale devoto

Registrato: 24/04/08 11:23 Messaggi: 6
|
Inviato: 28 Apr 2008 08:44 Oggetto: |
|
|
...ecco qua:
http://www.freefilehosting.net/files/3g8ej"]report233.txt |
|
Top |
|
 |
Sante62 Dio maturo


Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia
|
Inviato: 28 Apr 2008 09:10 Oggetto: |
|
|
Avvia Systemscan;
clicca su Removal Script;
nel box inserisci questo script:
Citazione: | files to delete:
C:\DOCUME~1\Massimo\IMPOST~1\Temp\NERO14754\Toolbar.exe |
clicca su proceed with removal;
il PC dovrebbe riavviarsi, altrimenti riavvialo manualmente;
al termine dovrebbe aprirsi il blocco note con il risultato che incollerai quì;
dai anche una ripulita con CCleaner; Avvialo e clicca su opzioni->Avanzate, e togli la spunta da "elimina file solo se più vecchi di 48 ore"
Utilizza l'opzione Pulizia e poi clicca su Analizza; alla fine clicca su Avvia Pulizia. Fai la stessa cosa con l'opzione Trova problemi; eliminerà una serie di chiavi di registro inutili. |
|
Top |
|
 |
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|