Olimpo Informatico

[LadyMya]

come da titolo..
ho preso questo virus..e avevo letto delle cose qui per cercare di rimuoverlo..
ho cercato di far girare spybot e avast frattanto ma spybot mi si bloccava e avast mi ha fatto riavviare il computer..
da quel momento il computer è bloccato.
mi apre solo la pagina iniziale dove posso scegliere con quale account entrare (ne ho due) e quando l'account viene selezionato ilò computer si blocca..

potreste aiutarmi a risolvere la situazione senza dover andare da un tecnico?? ve ne sarei grata

[bdoriano]

Ciao LadyMya,

Immagino che tu stia scrivendo da un secondo pc, giusto?

Puoi provare ad avviare il pc bloccato in modalità provvisoria?

[LadyMya]

ho riavviato in modalità provvisoria..adesso provo a far partire spybot.. (anche se ora mi sono ricordata che spybot me lo bloccava mentre scaricava gli aggiornamenti..quindi mi sa che è aggiornato alla prima guerra mondiale )

in attesa di istruzioni

[bdoriano]

Segui le istruzioni di questo topic per usare MBAM.

Ovviamente, dovrai fare tutte le operazioni dalla modalità provvisoria.

edit: dimenticavo, scarica MBAM dal pc funzionante e copialo (via chiavetta o CD) sul pc bloccato.

[LadyMya]

sei fortunato..non sono a livelli di imbranataggine elevatissimi..per cui all'idea della pennetta ci avevo pensato già.. =P

però un problemuccio ci sarebbe (credo) non mi da la connessione a internet in modalità provvisoria..non posso aggiornare mbam dunque..
che si fa??

[bdoriano]

Ottimo!

In fondo al messaggio che ti ho linkato c'è spiegato come aggiornare MBAM senza connessione a internet.

[LadyMya]

scusa..

cmq visto che ti trovi..fammi un'altra consulenza rapida..
il computer da cui sto scrivendo ogni tanto si riavvia da solo..

ho provato a installare ,bam anche su questo pc e per tutte e due le volte si è riavviato..sarà un virus?? (spibot e nod non hanno trovato nulla)

[bdoriano]

Per quanto riguarda il pc da cui stai scrivendo, segui queste istruzioni per controllare le chiavi del file di registro.
Dovrai, però, aprire un'altra discussione (per evitare di incasinarci).

[LadyMya]

sisi..e una cosa per volta..=P

[LadyMya]

ho fatto la scansione e adesso il computer funziona
però strongest knight è sempre presente nell'elenco installazione applicazioni..

[bdoriano]

Ok, ora fai queste operazioni:

• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Fai una scansione con Norman Malware Cleaner.
  
• Riavvia il computer in modalità normale
  
• Segui le istruzioni di questo topic per eseguire combofix.
  
• Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
  
  • Carica il log di Norman Malware Cleaner su WikiSend e posta il Forum Link che ti viene assegnato
    
  • Il log di Combofix generalmente non è molto lungo, quindi postalo direttamente nel messaggio

[LadyMya]

questo è il log di norman malware cleaner
NFix_2008-06-23_20-47-21.log

adesso vedo cosa succede con combofix

[LadyMya]

questo è il log di combofix


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\sc
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\sc\console.html
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\sc\script0.html
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\sc\script1.html
C:\Documents and Settings\Admin\Impostazioni locali\Temporary Internet Files\temp1.htm
C:\WINDOWS\Downloaded Program Files\1bxnzvg
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\SysPr.prx

.
((((((((((((((((((((((((( Files Creati Da 2008-05-24 al 2008-06-24 )))))))))))))))))))))))))))))))))))
.

2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-06-23 20:44 . 2006-03-09 18:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-23 20:44 . 2008-06-24 08:28 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-23 20:44 . 2008-06-23 20:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Documents and Settings\Admin\Dati applicazioni\Malwarebytes
2008-06-23 16:18 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 16:18 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 08:57 . 2008-06-16 08:56 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-16 08:57 . 2008-06-16 08:56 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-16 08:57 . 2008-06-16 08:57 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-14 15:02 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 15:02 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 11:13 . 2008-05-31 11:13 <DIR> d-------- C:\Documents and Settings\Enrico\Dati applicazioni\Mp3tag
2008-05-30 17:01 . 2008-05-30 17:01 60 --a------ C:\WINDOWS\MTB40.INI
2008-05-30 17:00 . 2008-05-30 17:00 <DIR> d-------- C:\STELLAR2
2008-05-30 17:00 . 2008-05-30 17:00 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-05-30 17:00 . 2008-05-30 17:02 346 --a------ C:\WINDOWS\MICRON.INI
2008-05-30 17:00 . 2008-05-30 17:01 131 --a------ C:\WINDOWS\asym.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 06:25 --------- d-----w C:\Programmi\ESET
2008-06-24 06:11 --------- d-----w C:\Programmi\eMule
2008-06-15 16:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-06-15 12:33 --------- d-----w C:\Programmi\Motive
2008-06-02 10:58 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:09 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2006-11-13 19:20 81,920 ----a-w C:\Documents and Settings\Admin\Dati applicazioni\ezpinst.exe
2006-11-13 19:20 47,360 ----a-w C:\Documents and Settings\Admin\Dati applicazioni\pcouffin.sys
2004-12-07 09:11 258,352 ----a-w C:\Documents and Settings\Admin\unicows.dll
2004-08-03 21:58 61,440 ----a-w C:\Documents and Settings\Admin\MSVCRT40.DLL
2004-02-23 00:00 397,824 ----a-w C:\Documents and Settings\Admin\msrdo20.dll
2001-08-17 12:18 508,928 ----a-w C:\Documents and Settings\Admin\msde.dll
2001-08-17 12:18 118,784 ----a-w C:\Documents and Settings\Admin\msstdfmt.dll
2001-08-10 01:01 287,504 ----a-w C:\Documents and Settings\Admin\msxbse35.dll
2001-08-10 01:01 250,128 ----a-w C:\Documents and Settings\Admin\mspdox35.dll
2001-08-10 01:01 250,128 ----a-w C:\Documents and Settings\Admin\msexcl35.dll
2001-08-10 01:01 165,648 ----a-w C:\Documents and Settings\Admin\mstext35.dll
2001-08-09 22:50 24,848 ----a-w C:\Documents and Settings\Admin\MSJTER35.DLL
2001-08-09 21:53 1,046,288 ----a-w C:\Documents and Settings\Admin\Msjet35.dll
2001-08-09 21:50 123,664 ----a-w C:\Documents and Settings\Admin\Msjint35.dll
2001-04-27 15:17 309,760 ----a-w C:\Documents and Settings\Admin\jmail.dll
2001-03-13 12:53 77,824 ----a-w C:\Documents and Settings\Admin\msbind.dll
2000-08-02 00:00 151,552 ----a-w C:\Documents and Settings\Admin\rdocurs.dll
1999-04-02 00:38 28,944 ----a-w C:\Documents and Settings\Admin\Fm20ita.dll
1999-01-12 10:54 1,109,264 ----a-w C:\Documents and Settings\Admin\Fm20.dll
1998-08-05 00:00 34,304 ----a-w C:\Documents and Settings\Admin\MCIIT.dll
1998-08-05 00:00 21,504 ----a-w C:\Documents and Settings\Admin\MSMskIT.dll
1998-08-04 23:00 35,328 ----a-w C:\Documents and Settings\Admin\RchTxIT.dll
1998-08-04 23:00 150,528 ----a-w C:\Documents and Settings\Admin\MSCmCIT.dll
1998-08-04 22:00 33,792 ----a-w C:\Documents and Settings\Admin\CmDlgIT.dll
1998-06-18 00:00 89,360 ----a-w C:\Documents and Settings\Admin\Vb5db.dll
1998-04-24 23:00 368,912 ----a-w C:\Documents and Settings\Admin\vbar332.dll
1997-10-14 13:36 330,688 ----a-w C:\Documents and Settings\Admin\Setupapi.dll
1997-07-15 06:53 74,960 ----a-w C:\Documents and Settings\Admin\advpack.dll
1997-07-15 06:53 4,608 ----a-w C:\Documents and Settings\Admin\W95inf32.dll
1997-07-15 06:53 2,272 ----a-w C:\Documents and Settings\Admin\W95inf16.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EC4E208-4333-2F29-F6B3-EE09D20590D3}]
C:\WINDOWS\lncdh1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"eMuleAutoStart"="C:\Programmi\eMule\emule.exe" [2007-05-13 16:57 5308416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"P2P Networking"="C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" [ ]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2006-09-29 16:55 185784]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-06-16 08:56 917504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Ralink Wireless Utility.lnk - C:\Programmi\RALINK\Common\RaUI.exe [2007-03-30 16:03:00 614400]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:emuletcp
"4672:UDP"= 4672:UDP:emuleudp

S2 SrvEiq;SrvEiq;"C:\Programmi\File comuni\System\bnUZD.exe" []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{343798AF-F54F-CEC1-21D3-6344EBDA6E90}]
C:\WINDOWS\system32\wincool.exe s
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-22 16:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
"2008-06-23 20:52:02 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 08:29:07
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-06-24 8:30:45
ComboFix-quarantined-files.txt 2008-06-24 06:30:03

13 Directory 10,564,345,856 byte disponibili
17 Directory 10,764,914,688 byte disponibili

160 --- E O F --- 2008-06-22 16:06:12

[LadyMya]

posto anche il log della scansione con hjt =P

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8.41.25, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\HiJackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {0EC4E208-4333-2F29-F6B3-EE09D20590D3} - C:\WINDOWS\lncdh1.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141927831140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E16ED0-FC30-4025-B991-5B3E1EA9F5CD}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{55971CF8-1118-495D-8CDD-1E4C7395734D}: NameServer = 151.99.125.1,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A4D9FA-0770-47CD-B84A-8AF93731BBBA}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFCF7B6-075D-40F8-9068-7F400D23DD50}: NameServer = 151.99.125.1,151.99.250.2
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8006 bytes

[bdoriano]

Norman ha ripristinato alcune voci taroccate nel file di registro e ha eliminato l'immunizzazione di SpyBot (che dovrai poi riabilitare).

1. Apri Blocco Note e crea un file di testo con le seguenti istruzioni:
   

   Codice:

   File:: C:\WINDOWS\lncdh1.dll C:\WINDOWS\system32\wincool.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0EC4E208-4333-2F29-F6B3-EE09D20590D3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "P2P Networking"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{343798AF-F54F-CEC1-21D3-6344EBDA6E90}]

   
   Salva il file sul desktop con il nome CFScript.txt e trascinalo sull'icona di ComboFix, come indicato in seguito:
   
   Attendi pazientemente la fine dei lavori senza toccare tastiera, mouse o altro.
   Posta il log aggiornato di combofix.
   
   
2. Disabilita il tuo antivirus
   
3. Collegati a BitDefender (con IE) e fai la scansione completa.
   
4. Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
   Salva il risultato della scansione in un file (in formato HTML), carica il file su WikiSend e posta qui il Forum Link che ti viene assegnato.
   
5. Al termine, posta anche un log aggiornato di hijackthis

[LadyMya]

ecco il log aggiornato di combofix

ComboFix 08-06-20.4 - Admin 2008-06-24 11.32.27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.233 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Admin\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt.txt
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\lncdh1.dll
C:\WINDOWS\system32\wincool.exe
.

((((((((((((((((((((((((( Files Creati Da 2008-05-24 al 2008-06-24 )))))))))))))))))))))))))))))))))))
.

2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Preferiti
2008-06-23 20:44 . 2006-03-09 18:23 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-06-23 20:44 . 2008-06-24 11:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> d-------- C:\Documents and Settings\Administrator\Documenti
2008-06-23 20:44 . 2006-03-09 19:14 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-06-23 20:44 . 2008-06-23 20:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-06-23 16:18 . 2008-06-23 16:18 <DIR> d-------- C:\Documents and Settings\Admin\Dati applicazioni\Malwarebytes
2008-06-23 16:18 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-23 16:18 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-16 08:57 . 2008-06-16 08:56 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-06-16 08:57 . 2008-06-16 08:56 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-06-16 08:57 . 2008-06-16 08:57 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-06-14 15:02 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 15:02 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-31 11:13 . 2008-05-31 11:13 <DIR> d-------- C:\Documents and Settings\Enrico\Dati applicazioni\Mp3tag
2008-05-30 17:01 . 2008-05-30 17:01 60 --a------ C:\WINDOWS\MTB40.INI
2008-05-30 17:00 . 2008-05-30 17:00 <DIR> d-------- C:\STELLAR2
2008-05-30 17:00 . 2008-05-30 17:00 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-05-30 17:00 . 2008-05-30 17:02 346 --a------ C:\WINDOWS\MICRON.INI
2008-05-30 17:00 . 2008-05-30 17:01 131 --a------ C:\WINDOWS\asym.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-24 07:49 --------- d-----w C:\Programmi\Project64 v1.5
2008-06-24 07:17 --------- d-----w C:\Programmi\eMule
2008-06-24 06:25 --------- d-----w C:\Programmi\ESET
2008-06-15 16:00 --------- d-----w C:\Programmi\Norton Security Scan
2008-06-15 12:33 --------- d-----w C:\Programmi\Motive
2008-06-02 10:58 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 09:09 691,545 ----a-w C:\WINDOWS\unins000.exe

[LadyMya]

sia bitdefendere che kaspersky non hanno trovato niente (penso che kaspersky sia un pò cambiato..perkè non sono riuscita ad impostare la scansione estesa, le immagini che mia pparivano ereano totalmente diverse da quelle della giuda e ho cercato un pò in giro tra settaggi vari non sono riuscita a trovare quell'opzione, e il rapporto di scansione era comèpletamente vuoto..)

e questo invece è il log di hjt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.06.23, on 24/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\HiJackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EC4E208-4333-2F29-F6B3-EE09D20590D3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141927831140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45E16ED0-FC30-4025-B991-5B3E1EA9F5CD}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{55971CF8-1118-495D-8CDD-1E4C7395734D}: NameServer = 151.99.125.1,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4A4D9FA-0770-47CD-B84A-8AF93731BBBA}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFCF7B6-075D-40F8-9068-7F400D23DD50}: NameServer = 151.99.125.1,151.99.250.2
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8329 bytes

[LadyMya]

ah..giusto per informazione..quella tale cosa chiamata STRONGESTKNIGHT compare ancora nell'elenco delle applicazioni :'(

[bdoriano]

A parte quel software nella installazione applicazioni, il pc come va?

Appena puoi, fai questa scansione con SystemScan e posta il log su WikiSend e posta il Forum Link che ti viene assegnato.

[LadyMya]

il computer è un pò lento..niente di sconvolgente..però un pò più lento di come era prima che mi si bloccasse del tutto..