Rank: Member
Iscritto dal : 5/14/2006 Posts: 0
|
Ciao Alfonso. Ancora non ho formattato, devo togliermi gli ultimi dubbi. Ieri sono riuscito a fare la scansione on line con MacAfee ed era ok (anche se non c'è come nel nod il dettaglio sui file che sono o non sono bloccati) Poi ho installato Agv free e ho fatto questa scansione dove sono presenti due troyan nei plugin di pinnacle che ho scaricato da emule. Per il resto sembra essere tutto ok.Questo è il risultato (dove però non vedo il disco E e del disco D ci sono solo due voci: quelle col troyan , ma probabilmente ancora non conosco bene questo antivirus che ho appena installato):Partition table (MBR),"ok","Quick checked" Boot sector of disk C:,"ok","Quick checked" System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned" System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned" System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned" System registry exefile\shell\open\command,"","Scanned" System registry scrfile\shell\open\command,"","Scanned" System registry scrfile\shell\config\command,"","Scanned" System registry batfile\shell\open\command,"","Scanned" System registry cmdfile\shell\open\command,"","Scanned" System registry comfile\shell\open\command,"","Scanned" System registry piffile\shell\open\command,"","Scanned" System registry giffile\shell\open\command,"","Scanned" System registry htmlfile\shell\open\command,"","Scanned" System registry htafile\shell\open\command,"","Scanned" System registry jpegfile\shell\open\command,"","Scanned" System registry txtfile\shell\open\command,"","Scanned" System registry regfile\shell\open\command,"","Scanned" System registry cplfile\shell\cplopen\command,"","Scanned" System registry Word.Document.8\shell\open\command,"","Scanned" System registry WordPad.Document.1\shell\open\command,"","Scanned" System registry inffile\shell\open\command,"","Scanned" System registry vbsfile\shell\open\command,"","Scanned" System registry vbefile\shell\open\command,"","Scanned" C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe,"ok","Quick checked" C:\Programmi\Cobian Backup 7\CobBU.exe,"ok","Quick checked" C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe,"ok","Quick checked" C:\Programmi\Internet Explorer\IEXPLORE.EXE,"ok","Quick checked" C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe,"ok","Quick checked" C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE,"ok","Quick checked" C:\WINDOWS\regedit.exe,"ok","Quick checked" C:\WINDOWS\system32\NeroCheck.exe,"ok","Quick checked" C:\WINDOWS\system32\ctfmon.exe,"ok","Quick checked" C:\WINDOWS\system32\mshta.exe,"ok","Quick checked" C:\WINDOWS\system32\rundll32.exe,"ok","Quick checked" C:\WINDOWS\system32\shell32.dll,"ok","Quick checked" C:\WINDOWS\system32\shimgvw.dll,"ok","Quick checked" C:\WINDOWS\system32\kernel32.dll,"ok","Quick checked" C:\WINDOWS\system32\wsock32.dll,"ok","Quick checked" C:\WINDOWS\system32\user32.dll,"ok","Quick checked" C:\WINDOWS\system32\shell32.dll,"ok","Quick checked" C:\WINDOWS\system32\ntoskrnl.exe,"ok","Quick checked" C:\WINDOWS\system32\drivers\etc\hosts,"ok","Quick checked" D:\CARTELLA DI DOWNLOAD\Plugin Pinnacle\Pinnacle Studio 10 PLUS - Sblocco Transizioni - Plug-In - Premium Pack Vol 1 & 2 - l'unico che funziona!! by Alby33.rar:\Pinnacle Studio 10 PLUS Sblocco Transizioni - Plug-In - Premium Pack Vol 1 & 2\Sblocco Transizioni\Keygen\Studio 10 keygen.exe,"Trojan horse Generic.QHV","Infected, Embedded object" D:\CARTELLA DI DOWNLOAD\Plugin Pinnacle\Pinnacle Studio 10 PLUS - Sblocco Transizioni - Plug-In - Premium Pack Vol 1 & 2 - l'unico che funziona!! by Alby33.rar,"Trojan horse Generic.QHV","Infected, Archive" System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Load,"","Scanned" System registry Software\Microsoft\Windows NT\CurrentVersion\Windows\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Run,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunOnceEx,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServices,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\RunServicesOnce,"","Scanned" System registry Software\Microsoft\Windows\CurrentVersion\Winlogon\Userinit,"","Scanned" System registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell,"","Scanned" System registry exefile\shell\open\command,"","Scanned" System registry scrfile\shell\open\command,"","Scanned" System registry scrfile\shell\config\command,"","Scanned" System registry batfile\shell\open\command,"","Scanned" System registry cmdfile\shell\open\command,"","Scanned" System registry comfile\shell\open\command,"","Scanned" System registry piffile\shell\open\command,"","Scanned" System registry giffile\shell\open\command,"","Scanned" System registry htmlfile\shell\open\command,"","Scanned" System registry htafile\shell\open\command,"","Scanned" System registry jpegfile\shell\open\command,"","Scanned" System registry txtfile\shell\open\command,"","Scanned" System registry regfile\shell\open\command,"","Scanned" System registry cplfile\shell\cplopen\command,"","Scanned" System registry Word.Document.8\shell\open\command,"","Scanned" System registry WordPad.Document.1\shell\open\command,"","Scanned" System registry inffile\shell\open\command,"","Scanned" System registry vbsfile\shell\open\command,"","Scanned" System registry vbefile\shell\open\command,"","Scanned" C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe,"ok","Quick checked" C:\Programmi\Cobian Backup 7\CobBU.exe,"ok","Quick checked" C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe,"ok","Quick checked" C:\Programmi\Internet Explorer\IEXPLORE.EXE,"ok","Quick checked" C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe,"ok","Quick checked" C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE,"ok","Quick checked" C:\WINDOWS\regedit.exe,"ok","Quick checked" C:\WINDOWS\system32\NeroCheck.exe,"ok","Quick checked" C:\WINDOWS\system32\ctfmon.exe,"ok","Quick checked" C:\WINDOWS\system32\mshta.exe,"ok","Quick checked" C:\WINDOWS\system32\rundll32.exe,"ok","Quick checked" C:\WINDOWS\system32\shell32.dll,"ok","Quick checked" C:\WINDOWS\system32\shimgvw.dll,"ok","Quick checked" Il dubbio è questo: Il Nod che usavo era un nod non originale preso da emule, potrebbe essere difettoso e dire il falso quando riferisce che ogni cartella è bloccata? Tra l'altro non percepisco cambiamenti nel mio pc e se è infetto non vedo che fastidio potrebbe darmi continuando così. O forse il virus progredisce col tempo e poi si bloccherà tutto...boh....Cosa ne pensi? Ciao Alfonso Torno a ringraziarti per la spontanea e gradita assistenza che ci dai.<img src=icon_smile.gif border=0 align=middle><img src=icon_smile.gif border=0 align=middle><img src=icon_smile.gif border=0 align=middle>
|