Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
EXPLORER si blocca
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 30 Mar 2010 16:16    Oggetto: EXPLORER si blocca Rispondi citando
Salve a tutti è la prima volta che scrivo ma speso e volentieri ho letto vostri aiuti per altri problemi e sono riuscito a risolvere da solo!

Comunque scrivo perchè ho un problema con internet explorer.Praticamente da ieri sera se provo ad aprirlo resta in schermata bianca anche nella barra degli in dirizzi e si blocca con un bel NON RISPONDE impedendomi anche di mettere qualsiasi indirizzo alla fine mi tocca sempre terminare programma e chiuderlo.Ho provato firefox e funziona senza problemi così come tutti gli altri programmi che ho installati.AIUTATEMI!!Il fatto è che con explorer ci lavoro pure con dei programmi che non posso usare con firefox quindi sono bloccato.Gli antivirus nn han trovato nulla,ho provato con hjiakethis e il log è:


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15.53.37, on 30/03/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\CPUCooL\CooLSrv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\VIRITEXP\viritsvc.exe
C:\Program Files\Atlantis Land\Adsl\dslstat.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\VIRITEXP\MONITOR.EXE
C:\VIRITEXP\viritfw.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CPUCooL\CPUCooL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ig?hl=it
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [jwf] C:\WINDOWS\jwf.exe
O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Atlantis Land\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRITMONITOR] C:\VIRITEXP\MONITOR.EXE
O4 - HKLM\..\Run: [VirIT Firewall PRO] C:\VIRITEXP\viritfw.EXE
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CPUCooL.lnk = C:\Programmi\CPUCooL\CPUCooL.exe
O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll
O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll
O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll
O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll
O10 - Unknown file in Winsock LSP: c:\viritexp\viritxfl.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://213.199.26.230:8081/activex/AMC.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{578EA816-7690-4B21-B378-91F7FAB32DE4}: NameServer = 212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBBE10C3-A580-4A12-A886-6CA19526DCA1}: NameServer = 213.234.128.211 213.234.132.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{E70D7CC0-3302-4A33-88CB-47404F773F76}: NameServer = 213.234.128.211,212.216.112.112
O20 - Winlogon Notify: ykyggc - ykyggc.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Programmi\CPUCooL\CooLSrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virit eXplorer Pro (viritsvcpro) - TG Soft Sas www.tgsoft.it - C:\VIRITEXP\viritsvc.exe

--
End of file - 5523 bytes


il mio sistema è windows xp sp2 ed explorer è la versione 6(dato che quel che uuso per lavoro non va su versioni successive,e comunque ha funzionato fino a ieri)

GRAZIE
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 30 Mar 2010 23:07    Oggetto: Rispondi citando
Ciao, e benvenuto. Ciao

Dovresti comunque, aggiornare il Sistema Operativo al SP3.

Pulisci i files temporanei con CCleaner
http://forum.zeusnews.com/viewtopic.php?p=282670#282670

Scarica e installa la versione Free di SuperAntispyware:
link
la configuri come da immagini :
http://www.zeusnews.it/zz_upload/img/PSV/SAS/7477731.jpg
http://www.zeusnews.it/zz_upload/img/PSV/SAS/9926902.jpg
Esegui una scansione completa.

Segui le istruzioni di questo topic per usare MBAM:
http://forum.zeusnews.com/viewtopic.php?p=297823#297823
Esegui una scansione completa.

Carica i log di SuperAntispyware, e MBAM, su WikiSend (o FreeFileHosting) e posta il Forum Link che ti viene assegnato.
link
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 31 Mar 2010 09:51    Oggetto: Rispondi citando
Ok ora provo....

ps.non posso nemmeno aggiornare al SP3 sempre per lo stesso discorso per il quale tengo ie6...per quel programma che uso per lavoro sigh
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 31 Mar 2010 19:21    Oggetto: Rispondi citando
SUPERAntiSpyware Scan Log - 03-31-2010 - 12-01-34.log

mbam-log-2010-03-31 (11-01-15).txt

anche dopo le scansioni però.....ie non funziona continua a inchiodarsi sigh Crying or Very sad Crying or Very sad
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 31 Mar 2010 19:58    Oggetto: Rispondi citando
darram ha scritto:
SUPERAntiSpyware Scan Log - 03-31-2010 - 12-01-34.log

mbam-log-2010-03-31 (11-01-15).txt

anche dopo le scansioni però.....ie non funziona continua a inchiodarsi sigh Crying or Very sad Crying or Very sad


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versione database: 3933

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

31/03/2010 11.01.15
mbam-log-2010-03-31 (11-01-15).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi esaminati: 170441
Tempo trascorso: 52 minuti, 52 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 3

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Nadia\Documenti\Download\PDF.to.Excel.Converter.2.4.45089(2).exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Documenti\Download\PDF.to.Excel.Converter.2.4.45089(2).exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FB9F925B-4AB9-4FB0-9E5C-BB4002255F06}\RP466\A0096703.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2010 at 12:01 PM

Application Version : 4.35.1000

Core Rules Database Version : 4752
Trace Rules Database Version: 2564

Scan type : Complete Scan
Total Scan Time : 00:52:53

Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 4381
Registry threats detected : 0
File items scanned : 25985
File threats detected : 322

Adware.Tracking Cookie
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ilead.itrack[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as-eu.falkag[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.siportal[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.banneradmin.rai[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@hotlog[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@112.2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@spylog[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad-catgeo.virgilio[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.virgilio[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@stat.dealtime[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@questionmarket[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@windowsmedia[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@hypertracker[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@banner-tiscali[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad-catgeo.paginegialle[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickability[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.adsag[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.pointroll[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@sitestats.co[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bbanner[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revenue[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@overture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.cliccabanner[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@atwola[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@apmebf[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@qksrv[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@e-2dj6wfkoknc5aep.stats.esomniture[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bravenet[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@perf.overture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@dist.belnk[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.freeonline[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@stats.cercaticino[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@studenti.adbureau[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@doubleclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as1.falkag[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.planetactive[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@belnk[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@dist.belnk[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adopt.hbmediapro[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as1.falkag[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@banner-tiscali[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@trafficmp[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.pointroll[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@belnk[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@dist.belnk[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adtech[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.pesfan.co[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.pro-advertising[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@casalemedia[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@http.edge.vru4[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adknowledge[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adknowledge[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as1.falkag[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@secure-media-sf2p.facebook[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zbox.zanox[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@mediaplex[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adtech[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[9].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickbank[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickport[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@overture[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@click.interactivebrands[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revsci[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.pro-advertising[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@msnportal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@mediaplex[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[8].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@statcounter[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revsci[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@specificclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.gruppo4[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@112.2o7[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@unicreditgroup.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tracking[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@wayin.adbureau[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.banneradmin.rai[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@smileycentral[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@yadro[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@yadro[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@d0015.77tracking[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.alice[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[9].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zbox.zanox[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.clickpoint[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@counter.inkfrog[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as1.falkag[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@paypal.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@specificclick[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@apmebf[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.pro-advertising[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.etracker[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@studenti.adbureau[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@metacafe.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adbrite[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@azjmp[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@mediaplex[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bravenet[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@stat.onestat[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[10].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.intelia[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.internetbookshop[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@122.2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tacoda[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@insightexpressai[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@kontera[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@questionmarket[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@statcounter[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[9].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bravenet[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.0stats[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.findarticles[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@247realmedia[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zedo[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.telegraph.co[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.burstnet[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adopt.euroclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@insightexpressai[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revsci[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.internetbookshop[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adknowledge[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@kanoodle[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adbrite[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@112.2o7[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tacoda[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@yadro[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.ent.tbn[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@countomat[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@opodo.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revenue[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@questionmarket[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@statcounter[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.pro-advertising[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.tekno4advertising[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@mediaplex[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bravenet[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.intelia[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@exchange.bravenet[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.0stats[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.etracker[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@as1.falkag[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@stat.onestat[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickport[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.sexy-e-shop[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@sexy-e-shop[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tradedoubler[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@studenti.adbureau[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tattoozfind[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.intelia[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adserver.hwupgrade[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@sonyeurope.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@smartadserver[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@wunderloop.zanox[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adserver.aol[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@overture[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zbox.zanox[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ice.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@cgm.adbureau[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@AdDisplayTrackerServlet[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.comprabanner[10].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.alice[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@optimize.indieclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@overture[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adfarm1.adition[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zbox.zanox[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@count.vivistats[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adserver.hwupgrade[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickpoint[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adtech[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@xiti[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adbrite[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.photobucket[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@specificclick[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@findomestic[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@chitika[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@atdmt[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@wfindstore_ClientePrestitoPersonale[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.findomestic[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@prodotti.findomestic[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zanox[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[8].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@count.vivistats[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@affiliazioni-zanox[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.iplaza[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@overture[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[8].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@questionmarket[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@msnportal.112.2o7[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@arcus.adbureau[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.arcuspubblicita[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adserver.ediscom[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@content.yieldmanager[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[10].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.realcounter[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.bodybuilding[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.intelia[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[8].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adbrite[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adtech[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@2o7[8].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@accounts[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.realcounter[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.us.e-planning[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.alice[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@marriottinternational.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads2.gamberorosso[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@stat.onestat[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adfarm1.adition[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@snapfish.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.mediaworld[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@vodafonegroup.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@sales.liveperson[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@4stats[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@br.naked[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@revsci[5].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media.brandreachsys[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.addynamix[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@electronicarts.112.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tracking.publicidees[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@media6degrees[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.ookla[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@kontera[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.mediaon[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@fl01.ct2.comclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@atdmt[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@77tracking[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@accounts[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@247realmedia[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@edmaster.adbureau[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.nexta[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@rts.pgmediaserve[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@partypoker[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@paypal.112.2o7[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@elettronicadiscount[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@questionmarket[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@tribalfusion[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@chitika[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@gettyimages.122.2o7[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ads.telegraph.co[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@accounts[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@clickpoint[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@www.payclick[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adv.arubamediamarketing[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.zanox[9].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@weborama[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@cetelem.solution.weborama[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@zanox[3].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@specificclick[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@adserving.aedgency[2].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@bs.serving-sys[6].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@content.yieldmanager[1].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@ad.yieldmanager[7].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@atdmt[4].txt
C:\Documents and Settings\HelpAssistant\Cookies\nadia@serving-sys[11].txt
.imrworldwide.com [ C:\Documents and Settings\HelpAssistant\Dati applicazioni\Mozilla\Firefox\Profiles\ym0nx913.default\cookies.txt ]

Trojan.Agent/Gen-CDesc[Jocki-LG]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB9F925B-4AB9-4FB0-9E5C-BB4002255F06}\RP466\A0097999.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB9F925B-4AB9-4FB0-9E5C-BB4002255F06}\RP460\A0093764.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB9F925B-4AB9-4FB0-9E5C-BB4002255F06}\RP460\A0089446.SCR

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{FB9F925B-4AB9-4FB0-9E5C-BB4002255F06}\RP467\A0099357.EXE
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 31 Mar 2010 21:19    Oggetto: Rispondi citando
Scarica MBR.EXE direttamente nella Directory C:\ (è importante che venga scaricato in C:\ )
link
Avvia il Pc in modalità provvisoria

Fai: Start - Esegui - copia-incolla questo comando: C:\mbr.exe -f e clicca su OK
Non digitare quel comando; FAI il copia-incolla.(si deve rispettare uno spazio che c'è dopo exe )
Posta il log, che troverai, dove hai scaricato il Tool, ovvero in C:\

Poi:
Segui questo percorso, ed elimina tutte le cartelle in rosso:
C:\Documents and Settings\HelpAssistant
Svuota il cestino
Riavvia il pc.

Segui le istruzioni di questo topic per usare Combofix:
http://forum.zeusnews.com/viewtopic.php?t=45224

Ti prego di caricare il log di Combofix, su : WikiSend
link

NON postare il log completo sul forum.
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 01 Apr 2010 18:25    Oggetto: Rispondi citando
Grazie mille R1 proverò a fare anche quello domani però....stamattina ho acceso e andava tutto....non so perchè...boh
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 01 Apr 2010 21:59    Oggetto: Rispondi citando
darram ha scritto:
però....stamattina ho acceso e andava tutto....non so perchè...boh

Non illuderti.
La bonifica, è tutt'altro che finita.
Se non esegui le istruzioni, fra 2 giorni, avrai gli stessi problemi.
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 02 Apr 2010 10:36    Oggetto: Rispondi citando
allora il log di mbr è:
mbr.log

quello di combofix è :

ComboFix.txt

una cosa....quando ho fatto il giro in modalità provvisoria....non c'era nessun file e nessuna cartella in rosso...
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 02 Apr 2010 13:28    Oggetto: Rispondi citando
Ciao.
Fai:
Start\Esegui\ copia-incolla questa stringa:
control userpasswords2 e clicca ok.
Seleziona l'account HelpAssistant, e poi clicca "Rimuovi".
Riavvia il pc.

Poi, segui questo percorso:
c:\documents and settings\HelpAssistant
E devi eliminare (non sono in rosso) TUTTE le cartelle HelpAssistant che trovi.
Per darti un'idea, sono loro il problema.
Svuota il cestino.

Poi:
Apri un file di testo sul Desktop (start\esegui\digita: notepad.exe e poi clicca Ok
Ci incolli il codice che vedi qui sotto, e salvi il file di testo obbligatoriamente con il nome CFScript.txt

Codice:
KillAll::
Driver::
ntiomin
ati4aexx
ati7jmxx
ati8ptxx
ati0dhxx


e trascinalo sull'icona di ComboFix.
Attendi la fine dei lavori, senza toccare tastiera, mouse o altro.
Posta il log aggiornato di combofix
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 02 Apr 2010 19:51    Oggetto: Rispondi citando
Ecco il log

combofix log.txt

mmm ma praticamente cos'eran quei file helpassistent?Era come un user aggiuntivo?
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 02 Apr 2010 21:27    Oggetto: Rispondi citando
darram ha scritto:

mmm ma praticamente cos'eran quei file helpassistent?Era come un user aggiuntivo?

E' una variante rootkit, del MBR.
Usa l'account HelpAssistant, per replicare file e cartelle legittime di Windows, fino alla paralisi del pc.
Ti è scappata una cartella: c:\documents and settings\HelpAssistant
Elimina anche quella.
Per eliminare i vari Tooll scaricati: (Combofix)
Scarica OTC by OldTimer sul desktop:
link
doppio clic per eseguirlo
Clicca su CleanUp.
Ti chiederà di riavviare il pc.
Clicca sì.

Se non riscontri problemi, abbiamo finito.
Top
Profilo Invia messaggio privato
darram
Mortale devoto
Mortale devoto


Registrato: 30/03/10 15:58
Messaggi: 8
MessaggioInviato: 03 Apr 2010 09:45    Oggetto: Rispondi citando
Fatto tutto come hai detto....ha riavviato e tutto funziona alla perfezione!!!!Il mio piccolino è risorto ihihihihihih

Grazie infinite R1 soprattutto per la pazienza!!!
Top
Profilo Invia messaggio privato
R16
Dio maturo
Dio maturo


Registrato: 07/03/08 22:58
Messaggi: 10129
MessaggioInviato: 03 Apr 2010 14:30    Oggetto: Rispondi
Ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi