Scarica navilog1.exe_il mafioso sul desktop e installalo.

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Eseguilo, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione).


Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale, posta il rapporto cleannavi.txt

svuota la cartella windows prefetch


Avvia HJT e metti la spunta a sinistra di queste voci: premi fix checked


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/

O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\Documents and Settings\Sofia\Desktop\nowe mp3\52724842.dll (file missing)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKCU\..\Run: [kycsugk] "c:\documents and settings\sofia\impostazioni locali\dati applicazioni\kycsugk.exe" kycsugk

O4 - HKCU\..\Policies\Explorer\Run: [forofon] "C:\Documents and Settings\Sofia\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Mozilla Firefox\updates\forofon.exe"

O23 - Service: Boonty Games - Unknown owner - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe (file missing)

O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Documents and Settings\Sofia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\services.exe


Fai una scansione come ti ha consigliato simo95 e appena finito posta il report imsiame a un nuovo hjt

eccomi qua


Malwarebytes' Anti-Malware 1.37
Versione del database: 2184
Windows 5.1.2600 Service Pack 3

27/05/2009 18.18.00
mbam-log-2009-05-27 (18-17-43).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 182412
Tempo trascorso: 1 hour(s), 9 minute(s), 0 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 7
Valori di registro infetti: 1
Elementi dato del registro infetti: 3
Cartelle infette: 2
File infetti: 5

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\c3.bho3 (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\c3.bho3.1 (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2} (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9} (Trojan.Clicker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9} (Trojan.Clicker) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ITGrdEngine (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft windows logon process (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
c:\documents and settings\Sofia\dati applicazioni\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
c:\documents and settings\Sofia\dati applicazioni\internet antivirus pro\db (Rogue.InternetAntivirus) -> No action taken.

File infetti:
c:\documents and settings\Sofia\dati applicazioni\internet antivirus pro\db\config.cfg (Rogue.InternetAntivirus) -> No action taken.
c:\documents and settings\Sofia\dati applicazioni\internet antivirus pro\db\Timeout.inf (Rogue.InternetAntivirus) -> No action taken.
c:\documents and settings\Sofia\dati applicazioni\internet antivirus pro\db\Urls.inf (Rogue.InternetAntivirus) -> No action taken.
c:\documents and settings\Sofia\dati applicazioni\microsoft\internet explorer\quick launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
c:\documents and settings\Sofia\Dati applicazioni\Microsoft\Windows\winlogon.exe (Trojan.Agent) -> No action take

HIJACK


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.23.58, on 27/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\COMODO\Firewall\cmdagent.exe
C:\Documents and Settings\Sofia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\services.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\LTSMMSG.exe
C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Programmi\Picasa2\PicasaMediaDetector.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Java\jre1.6.0\bin\jusched.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\BySoft FreeRAM\FreeRAM.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Malwarebytes' Anti-Malware\mbam.exe
C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Sofia\Impostazioni locali\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmi\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programmi\SigmaTel\Driver audio di SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Programmi\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Programmi\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [GoD] "C:\Documents and Settings\Sofia\Documenti\GoD\GoD.exe" /tray
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Documents and Settings\Sofia\Dati applicazioni\Microsoft\Windows\winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LG SyncManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122051867847
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Documents and Settings\Sofia\Impostazioni locali\Dati applicazioni\Microsoft\Windows\services.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ONDA Autorun CDROM Monitor - Unknown owner - C:\WINDOWS\system32\SupportAppXL\onda_mon.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 10416 bytes

SCUSAMI HAI RAGIONE!

Navipromo Removal version 3.7.7 started on 27/05/2009 at 16.50.14,77

Fix running from C:\Programmi\navilog1

Updated on 12.05.2009 at 18h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1500MHz )
BIOS : @Version 1.0
USER : Sofia ( Administrator )
BOOT : Fail-safe boot

Antivirus : AntiVir Desktop 9.0.1.26 (Not Activated)


C:\ (Local Disk) - NTFS - Total:18 Go (Free:0 Go)
D:\ (Local Disk) - FAT32 - Total:18 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)


Automatic removal
with Catchme and GNS results


Cleanning stage done in safe mode


*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)


*** Deleting with Backups GenericNaviSearch results ***

* Deletion in "C:\WINDOWS\System32" *


* Deletion in "C:\Documents and Settings\Sofia\impost~1\datiap~1" *


* Deletion in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *

* Deletion in "C:\DOCUME~1\Guest\impost~1\datiap~1" *


*** Deleting folders in "C:\WINDOWS" ***


*** Deleting folders in "C:\Programmi" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Deleting folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Sofia\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\Guest\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Sofia\impost~1\datiap~1" ***

...\Live-Player ...deleting...
...\Live-Player deleted !


*** Deleting folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Deleting folders in "C:\DOCUME~1\Guest\impost~1\datiap~1" ***


*** Deleting folders in "C:\Documents and Settings\Sofia\menuav~1\progra~1" ***


*** Deleting folders in "C:\DOCUME~1\Guest\menuav~1\progra~1" ***



*** Deleting files ***


*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\Sofia\impost~1\Temp done !

*** Complementary Search ***
(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :


* In "C:\WINDOWS\system32" *


C:\WINDOWS\prefetch\kycsugk*.pf found !
Copy C:\WINDOWS\prefetch\kycsugk*.pf done !
C:\WINDOWS\prefetch\kycsugk*.pf deleted !


* In "C:\Documents and Settings\Sofia\impost~1\datiap~1" *


kycsugk.exe found !
Copy kycsugk.exe done !
kycsugk.exe deleted !

kycsugk.dat found !
Copy kycsugk.dat done !
kycsugk.dat deleted !

kycsugk_nav.dat found !
Copy kycsugk_nav.dat done !
kycsugk_nav.dat deleted !

kycsugk_navps.dat found !
Copy kycsugk_navps.dat done !
kycsugk_navps.dat deleted !


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



* In "C:\DOCUME~1\Guest\impost~1\datiap~1" *



*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned


*** Certificates ***

Egroup Certificate not found !
Electronic-Group Certificate not found !
Montorgueil Certificate not found !
OOO-Favorit Certificate not found !
Sunny-Day-Design-Ltd Certificate not found !

*** Search others known folders and files ***



*** Cleaning stage complete on 27/05/2009 at 16.54.29,01 ***

@ booble non eliminare niente e fai nuovamente la scansione con malwarebytes dopo averlo aggiornato- prima della scansione esegui questa operazione



start\esegui\regedit

portati su questa chiave

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

quando sei su Winlogon tasto destro \esporta - salva il file .reg sul desktop e postalo

@ simo95

adesso controlliamo insieme....ti dispiace?

probabilmente non si e' cancellato , ho salvato il file reg ma come faccio a postarlo?

Saphiro , ho gia eliminato con il malwarebyte ma il pc comunque funziona , anche se non so se ora e' ok!

Certo http://wikisend.com/download/448034/logon.reg logon.reg

no no non uso facebook

vorrei controllare il file- nel frattempo sai dirmi come va il pc? si aprono ancora le pagine?

se vuoi inviarmi un P.M. no problem