Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » finestre pubblicità e programmi antimalware che si bloccano

2 pages: [1] 2
finestre pubblicità e programmi antimalware che si bloccano Opzioni
Topic Precedente · Topic Sucessivo
paose
Inviato: Wednesday, November 12, 2008 5:44:46 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Salve, ho ancora troppi problemi.
Quando vado su Internet si aprono in continuazione pubblicità, ho provato ad installare Malwarebytes
ma non riesco a fare nessu tipo di scansione perchè mi da un messaggio (scritte bianche su sfondo blu) " si è verificato problema e Windows sarà arrestato per impedire danni "

poi ho provato con ad aware e solo in modalità provvisoria ho potuto individuare file infetti e cancellarli (non tutti). In modalità normale questi programmi si bloccano e mi compare quella videata blu con scritte bianche che avvisa problemi di windows.
cosa devo fare?

questo è il mio ultimo log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.37.20, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\QuickTime\bak\bak\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmi\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmi\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-436374069-1801674531-725345543-1003\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun (User '?')
O4 - HKUS\S-1-5-21-436374069-1801674531-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-1801674531-725345543-1003\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-436374069-1801674531-725345543-1003\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Programmi\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmi\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7139 bytes

grazie
Torna in alto
 
Sponsor
Inviato: Wednesday, November 12, 2008 5:44:46 PM

 
Torna in alto
 
r16
Inviato: Wednesday, November 12, 2008 6:09:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Il log non ha niente. (e questo è preoccupante)
Vedi anche se funziona la Modalità provvisoria.
Proviamo Combofix:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Se trovi difficoltà,prova a rinominare il file in fase di scaricamento (ad esempio cambiagli il nome in COMBO-FIX.EXE).
Torna in alto
 
paose
Inviato: Wednesday, November 12, 2008 6:47:18 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ComboFix 08-11-11.01 - User 2008-11-12 18.35.10.2 - NTFSx86

Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Preferiti\Videos.url

.
((((((((((((((((((((((((( Files Creati Da 2008-10-12 al 2008-11-12 )))))))))))))))))))))))))))))))))))
.

2008-11-10 16:49 . 2008-11-10 16:49 <DIR> d-------- c:\programmi\Lavasoft
2008-11-10 16:49 . 2008-11-10 16:50 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-11-10 16:48 . 2008-11-10 16:48 <DIR> d-------- c:\programmi\File comuni\Wise Installation Wizard
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-27 18:50 . 2008-10-27 18:51 <DIR> d-------- c:\documents and settings\paola\Dati applicazioni\AVGTOOLBAR
2008-10-24 14:41 . 2008-10-24 14:41 <DIR> d-------- c:\programmi\Sacred Edizione Oro
2008-10-17 14:58 . 2008-10-17 14:58 <DIR> d-------- c:\documents and settings\paola\Dati applicazioni\PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 14:40 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-11-10 14:40 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-11-09 09:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-10-30 18:18 --------- d--h--w c:\programmi\FX Uninstall Information
2008-05-18 09:13 386,194 ----a-w c:\documents and settings\User\Dati applicazioni\serial2.dat
2008-05-16 17:26 54 ----a-w c:\programmi\inc1.bat
2008-05-16 17:26 41 ----a-w c:\programmi\sleep.bat
2008-05-16 17:25 386,194 ----a-w c:\documents and settings\User\Dati applicazioni\serial2.zip
2007-12-31 15:02 47,360 ----a-w c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2006-12-18 18:55 149,560 -c--a-w c:\documents and settings\User\Dati applicazioni\GDIPFONTCACHEV1.DAT
1998-10-05 13:40 10,000 -c--a-w c:\windows\inf\unregpn.exe
.
Code:
<pre>
----a-w            15,360 2004-08-19 22:39:35  c:\windows\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((( snapshot@2008-07-11_10.22.42,37 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-07-18 16:41:40 3,262 ----a-r c:\windows\Installer\{6882DD11-33B8-4DEA-8305-7E765BF74BD3}\ARPPRODUCTICON.exe
+ 2008-07-18 16:43:03 15,086 ----a-r c:\windows\Installer\{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}\ARPPRODUCTICON.exe
+ 2008-07-18 16:43:03 53,248 ----a-r c:\windows\Installer\{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}\NewShortcut1_686D32A3E0BF41B1A4513B59D52466AB.exe
+ 2008-07-18 16:43:03 53,248 ----a-r c:\windows\Installer\{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}\NewShortcut1_F8354160C274433BBE3A7DFC0058E931.exe
+ 2008-07-18 16:43:03 53,248 ----a-r c:\windows\Installer\{79880ACC-B5AB-486A-B95D-03F55DF3F9C6}\NokiaPCSuite1_686D32A3E0BF41B1A4513B59D52466AB.exe
+ 2008-07-18 16:41:48 10,134 ----a-r c:\windows\Installer\{9F2BDC61-4D2D-47C0-BCB6-7D43D0EA7948}\ARPPRODUCTICON.exe
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 06:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 06:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-07-18 14:18:15 10,520 ----a-w c:\windows\system32\avgrsstx.dll
+ 2005-12-07 10:31:00 202,752 ----a-r c:\windows\system32\CddbCdda.dll
+ 2006-06-05 12:04:02 242,688 ----a-w c:\windows\system32\ConnAPI.dll
- 2008-05-19 13:39:51 3,580 ----a-w c:\windows\system32\d3d9caps.dat
+ 2008-07-18 17:09:01 3,580 ----a-w c:\windows\system32\d3d9caps.dat
+ 2006-06-26 08:55:48 699,392 ----a-w c:\windows\system32\DAAPI.dll
- 2007-03-08 15:37:44 578,560 -c----w c:\windows\system32\dllcache\user32.dll
+ 2004-08-19 22:39:29 578,048 -c--a-w c:\windows\system32\dllcache\user32.dll
+ 2008-09-05 14:48:55 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
+ 2008-07-18 14:18:11 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-04-29 10:19:50 12,960 ----a-w c:\windows\system32\drivers\Awrtpd.sys
+ 2008-04-29 10:19:54 15,648 ----a-w c:\windows\system32\drivers\Awrtrd.sys
+ 2006-05-29 06:26:38 127,488 ----a-w c:\windows\system32\drivers\nmwcd.sys
+ 2006-05-29 06:26:36 8,704 ----a-w c:\windows\system32\drivers\nmwcdc.sys
+ 2006-05-29 06:26:36 13,312 ----a-w c:\windows\system32\drivers\nmwcdcj.sys
+ 2006-05-29 06:26:36 13,312 ----a-w c:\windows\system32\drivers\nmwcdcm.sys
+ 2008-04-29 10:20:00 15,648 ----a-w c:\windows\system32\drivers\NSDriver.sys
- 2008-03-17 17:23:30 39,808 ----a-w c:\windows\system32\drivers\VIRAGTLT.SYS
+ 2008-08-29 12:15:22 39,808 ----a-w c:\windows\system32\drivers\VIRAGTLT.SYS
+ 2006-05-29 06:26:38 127,488 -c--a-w c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcd.sys
+ 2006-05-29 06:26:36 50,688 -c--a-w c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcls.dll
+ 2006-05-29 06:26:36 30,720 -c--a-w c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcocls.dll
+ 2006-05-29 06:26:34 4,608 -c--a-w c:\windows\system32\DRVSTORE\nmwcd_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdlog.dll
+ 2006-05-29 06:26:36 8,704 -c--a-w c:\windows\system32\DRVSTORE\nmwcdc_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdc.sys
+ 2006-05-29 06:26:36 13,312 -c--a-w c:\windows\system32\DRVSTORE\nmwcdcj_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcj.sys
+ 2006-05-29 06:26:36 13,312 -c--a-w c:\windows\system32\DRVSTORE\nmwcdm2k_1DF4D3C790F0E96AF6B05B76E7780D7770836172\nmwcdcm.sys
+ 2008-05-16 10:58:04 12,632 ----a-w c:\windows\system32\lsdelete.exe
+ 2006-06-20 12:22:00 131,072 ----a-w c:\windows\system32\NclAPI.dll
+ 2006-06-12 11:55:00 61,440 ----a-w c:\windows\system32\NclTools.dll
+ 2006-05-29 06:26:36 50,688 ----a-w c:\windows\system32\nmwcdcls.dll
+ 2006-05-29 06:26:36 30,720 ----a-w c:\windows\system32\nmwcdcocls.dll
+ 2006-05-29 06:26:34 4,608 ----a-w c:\windows\system32\nmwcdlog.dll
- 2007-03-08 15:37:44 578,560 ----a-w c:\windows\system32\user32.dll
+ 2004-08-19 22:39:29 578,048 ----a-w c:\windows\system32\user32.dll
+ 2006-06-22 11:09:12 245,760 ----a-w c:\windows\system32\VersitConverter.dll
+ 2008-09-05 14:15:32 4,212 ---h--w c:\windows\system32\zllictbl.dat
- 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot per reimpostare la data corrente --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 313,472 2006-03-30 15:45:08 c:\programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

----a-w 438,359 2006-04-21 14:41:20 c:\programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe

----a-w 335,872 2003-06-05 11:35:00 c:\programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

----a-w 356,728 2000-07-24 21:47:16 c:\programmi\Aveo\Attune\bin\bak\attune_ce.exe

----a-w 462,848 2003-10-29 13:11:30 c:\programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe

----a-w 81,920 2005-08-11 14:30:30 c:\programmi\File comuni\InstallShield\UpdateService\bak\issch.exe

----a-w 221,184 2005-02-16 15:15:22 c:\programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe

----a-w 53,408 2006-03-24 16:14:48 c:\programmi\File comuni\Symantec Shared\bak\ccApp.exe

----a-w 171,448 2007-01-27 06:38:03 c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

----a-w 257,088 2007-04-27 09:25:58 c:\programmi\iTunes\bak\iTunesHelper.exe
----a-w 257,088 2007-04-27 09:25:58 c:\programmi\iTunes\iTunesHelper.exe

----a-w 73,728 2002-11-22 17:22:56 c:\programmi\Keyboard\bak\Ikeymain.exe

----a-w 98,304 2004-01-23 15:38:10 c:\programmi\QuickTime\bak\bak\qttask.exe

----a-w 98,304 2004-01-23 15:38:10 c:\programmi\QuickTime\bak\bak\qttask.exe

----a-w 49,152 2002-06-03 10:38:12 c:\programmi\ScanSoft\OmniPageSE\bak\opware32.exe

----a-w 124,656 2006-06-15 00:40:34 c:\programmi\Symantec AntiVirus\bak\VPTray.exe

----a-w 15,360 2004-08-19 22:39:35 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 22:39:35 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [N/A]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 1449984]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="c:\progra~1\Keyboard\Ikeymain.exe" [N/A]
"QuickTime Task"="c:\programmi\QuickTime\bak\bak\qttask.exe" [2004-01-23 98304]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-01 1234712]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Corel Reminder"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\programmi\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-19 c:\windows\system32\narrator.exe]

c:\docume~1\ALLUSE~1\MENUAV~1\PROGRA~1\ESECUZ~1\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2007-02-16 217088]
Avvio veloce di Adobe Reader.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [2007-12-19 528384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\FreeFTP\\FreeFTP.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\xfoxql6t.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://italian.eazel.com/it/index.php?rvs=hompag&d=79919283
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 18:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESSO: c:\windows\system32\winlogon.exe
-> c:\windows\system32\tsd32.dll
.
Ora fine scansione: 2008-11-12 18.41.32
ComboFix-quarantined-files.txt 2008-11-12 17:40:32
ComboFix2.txt 2008-07-11 08:24:17

Pre-Run: 89.629.958.144 byte disponibili
Post-Run: 89,654,947,840 byte disponibili

204 --- E O F --- 2008-06-11 12:57:45
Torna in alto
 
r16
Inviato: Wednesday, November 12, 2008 6:52:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai un mega Dialer:
Scarica FindAWF:
http://noahdfear.geekstogo.com/FindAWF.exe 3. Esegui FindAWF,premi un tasto qualsiasi,poi premi il tasto 1 e INVIO, aspetti il log che FindAWF stamperà su un file di testo alla fine della ricerca.
Il filelog lo posti in questa discussione.
Torna in alto
 
paose
Inviato: Wednesday, November 12, 2008 6:58:56 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 89.669.062.656 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ITUNES\BAK

27/04/2007 10.25 257.088 iTunesHelper.exe
1 File 257.088 byte
2 Directory 89.669.062.656 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\KEYBOARD\BAK

22/11/2002 18.22 73.728 Ikeymain.exe
1 File 73.728 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
3 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\SYMANT~1\BAK

15/06/2006 01.40 124.656 VPTray.exe
1 File 124.656 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 23.39 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\DOCUME~1\USER\DATIAP~1\BAK

0 File 0 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

21/04/2006 15.41 438.359 MotiveSB.exe
1 File 438.359 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

05/06/2003 12.35 335.872 atiptaxx.exe
1 File 335.872 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\DIGICOMT\MICHEL~1\BAK

29/10/2003 14.11 462.848 CnxDslTb.exe
1 File 462.848 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

24/03/2006 17.14 53.408 ccApp.exe
1 File 53.408 byte
2 Directory 89.669.058.560 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK

23/01/2004 16.38 98.304 qttask.exe
1 File 98.304 byte
2 Directory 89.669.054.464 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\SCANSOFT\OMNIPA~1\BAK

03/06/2002 11.38 49.152 opware32.exe
1 File 49.152 byte
2 Directory 89.669.054.464 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ADOBE\ACROBA~3.0\READER\BAK

30/03/2006 16.45 313.472 AdobeUpdateManager.exe
1 File 313.472 byte
2 Directory 89.669.054.464 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\AVEO\ATTUNE\BIN\BAK

24/07/2000 22.47 356.728 attune_ce.exe
1 File 356.728 byte
2 Directory 89.669.054.464 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

11/08/2005 15.30 81.920 issch.exe
16/02/2005 16.15 221.184 ISUSPM.exe
2 File 303.104 byte
2 Directory 89.669.054.464 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

27/01/2007 07.38 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 89.669.054.464 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

257088 27 Apr 2007 "C:\Programmi\iTunes\iTunesHelper.exe"
257088 27 Apr 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 20 Apr 2008 "C:\WINDOWS\Installer\{3592F5CB-B524-43AA-92F2-2377268199CC}\iTunesIco.exe"
116288 27 Apr 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
73728 22 Nov 2002 "C:\Programmi\Keyboard\bak\Ikeymain.exe"
98304 23 Jan 2004 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
124656 15 Jun 2006 "C:\Programmi\Symantec AntiVirus\bak\VPTray.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
438359 21 Apr 2006 "C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe"
335872 5 Jun 2003 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
462848 29 Oct 2003 "C:\Programmi\digicom\Michelangelo USB ADSL\Common\CnxDslTb.exe"
462848 29 Oct 2003 "C:\Programmi\digicom\Michelangelo USB ADSL\Wan\CnxDslTb.exe"
462848 29 Oct 2003 "C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe"
53408 24 Mar 2006 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
98304 23 Jan 2004 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
49152 3 Jun 2002 "C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe"
2321600 28 Feb 2007 "C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe"
313472 30 Mar 2006 "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
356728 24 Jul 2000 "C:\Programmi\Aveo\Attune\bin\bak\attune_ce.exe"
81920 11 Aug 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe"
221184 16 Feb 2005 "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe"
11813120 10 Nov 2005 "C:\Downloads\GoogleEarthSetup.exe"
15732984 8 Jun 2007 "C:\Documents and Settings\User\Documenti\Google_Earth_BZXE.exe"
69632 24 May 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
11817800 5 Jun 2006 "C:\Documents and Settings\User\Documenti\foto\varie\GoogleEarth.exe"
171448 27 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
26694 8 Jun 2007 "C:\Documents and Settings\User\Dati applicazioni\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"


end of report
Torna in alto
 
r16
Inviato: Wednesday, November 12, 2008 10:20:57 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema (consigliato)


Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Scarica questo:Avenger, scompatta Avenger all'interno di una apposita cartella
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai capia-incolla) nel riquadro bianco: (quelle in neretto)

Files to delete:
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\Installer\{3592F5CB-B524-43AA-92F2-2377268199CC}\iTunesIco.exe
C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
C:\Programmi\digicom\Michelangelo USB ADSL\Common\CnxDslTb.exe
C:\Downloads\GoogleEarthSetup.exe
C:\Documents and Settings\User\Documenti\Google_Earth_BZXE.exe
C:\Programmi\Google\Google Earth\googleearth.exe
C:\Documents and Settings\User\Documenti\foto\varie\GoogleEarth.exe
C:\Documents and Settings\User\Dati applicazioni\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe

Files to move:
C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Keyboard\bak\Ikeymain.exe|C:\Programmi\Keyboard\Ikeymain.exe
C:\Programmi\Symantec AntiVirus\bak\VPTray.exe|C:\Programmi\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe|C:\Programmi\digicom\Michelangelo USB ADSL\Wan\CnxDslTb.exe
C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe|C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe|C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Programmi\Aveo\Attune\bin\bak\attune_ce.exe|C:\Programmi\Aveo\Attune\bin\attune_ce.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe



Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger .
*********************************************************************************************************
Disistalla completamente QuickTime, poi lo reistalleremo in un secondo momento
Disistalla completamente Spybot, compreso il TeaTimer
Lo reistalleremo (forse) in un secondo momento. (e senza Tea Timer)
Disistalla anche Ad-Aware , e al suo posto tieni installato Malwarebytes.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Prenditi tutta la calma che vuoi, ma queste operazioni vanno fatte.
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 8:50:09 AM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programmi\iTunes\iTunesHelper.exe" deleted successfully.
File "C:\WINDOWS\Installer\{3592F5CB-B524-43AA-92F2-2377268199CC}\iTunesIco.exe" deleted successfully.
File "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe" deleted successfully.
File "C:\Programmi\digicom\Michelangelo USB ADSL\Common\CnxDslTb.exe" deleted successfully.
File "C:\Downloads\GoogleEarthSetup.exe" deleted successfully.
File "C:\Documents and Settings\User\Documenti\Google_Earth_BZXE.exe" deleted successfully.
File "C:\Programmi\Google\Google Earth\googleearth.exe" deleted successfully.
File "C:\Documents and Settings\User\Documenti\foto\varie\GoogleEarth.exe" deleted successfully.
File "C:\Documents and Settings\User\Dati applicazioni\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe" deleted successfully.
File move operation "C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe" completed successfully.
File move operation "C:\Programmi\Keyboard\bak\Ikeymain.exe|C:\Programmi\Keyboard\Ikeymain.exe" completed successfully.
File move operation "C:\Programmi\Symantec AntiVirus\bak\VPTray.exe|C:\Programmi\Symantec AntiVirus\VPTray.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe" completed successfully.
File move operation "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" completed successfully.
File move operation "C:\Programmi\digicomt\Michelangelo USB ADSL\bak\CnxDslTb.exe|C:\Programmi\digicom\Michelangelo USB ADSL\Wan\CnxDslTb.exe" completed successfully.
File move operation "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe|C:\Programmi\File comuni\Symantec Shared\ccApp.exe" completed successfully.
File move operation "C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe|C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" completed successfully.
File move operation "C:\Programmi\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe|C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" completed successfully.
File move operation "C:\Programmi\Aveo\Attune\bin\bak\attune_ce.exe|C:\Programmi\Aveo\Attune\bin\attune_ce.exe" completed successfully.
File move operation "C:\Programmi\File comuni\InstallShield\UpdateService\bak\ISUSPM.exe|C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" completed successfully.
File move operation "C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 12:35:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.Hai eseguito le Disistallazioni che ti ho consigliato?
Fai una scansione con Malwarebytes, (ricorda di aggiornarlo prima)e posta il log.
Fai un'altra scansione con Find AWF e posta il log.
Riferisci se ci sono miglioramenti.
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 3:33:10 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
FATTO TUTTO

Malwarebytes' Anti-Malware 1.30
Versione del database: 1392
Windows 5.1.2600 Service Pack 2

13/11/2008 15.13.07
mbam-log-2008-11-13 (15-13-01).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 169518
Tempo trascorso: 1 hour(s), 57 minute(s), 4 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 148
Valori di registro infetti: 9
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{830af45a-70fe-4f42-820c-478e6f07bd92} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{16c7013f-912e-42ac-aa8e-a10a180dff51} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{50a7e9b0-70ef-11d1-b75a-00a0c90564fe} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0751c551-7568-41c9-8e5b-e22e38919236} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{177160ca-bb5a-411c-841d-bd38facdeaa0} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{18bcc359-4990-4bfb-b951-3c83702be5f9} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1d2efd50-75ce-11d1-b75a-00a0c90564fe} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2d91eea1-9932-11d2-be86-00a0c9a83da1} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{317ee249-f12e-11d2-b1e4-00c04f8eeb3e} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{31c147b6-0ade-4a3c-b514-ddf932ef6d17} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4a3df050-23bd-11d2-939f-00a0c91eedba} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{60890160-69f0-11d1-b758-00a0c90564fe} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{62112aa2-ebe4-11cf-a5fb-0020afe7292d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{744129e0-cbe5-11ce-8350-444553540000} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{88a05c00-f000-11ce-8350-444553540000} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9ba05970-f6a8-11cf-a442-00a0c90a8f39} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a4c6892c-3ba9-11d2-9dea-00c04fb16162} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a7ae5f64-c4d7-4d7f-9307-4d24ee54b841} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{b30f7305-5967-45d1-b7bc-d6eb7163d770} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbcbde60-c3ff-11ce-8350-444553540000} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c94f0ad0-f363-11d2-a327-00c04f8eec7f} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ce20dab9-b353-469b-8b4d-6dbb3a7ba016} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d2ac137d-a6d8-43b6-9879-ea34b67e1880} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8f015c0-c278-11ce-a49e-444553540000} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e7a1af80-4d96-11cf-960c-0080c7f4ee85} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eaa7c309-bbec-49d5-821d-64d966cb667f} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{edc817aa-92b8-11d1-b075-00c04fc33aa5} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{efd84b2d-4bcf-4298-be25-eb542a59fbda} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f0d2d8ef-3890-11d2-bf8b-00c04fb93661} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0010890e-8789-413c-adbc-48f5b511b3af} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0010890e-8789-413c-adbc-48f5b511b3af} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00eebf57-477d-4084-9921-7ab3c2c9459d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{01e2e7c0-2343-407f-b947-7e132e791d3e} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{021003e9-aac0-4975-979f-14b5d4e717f8} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{09799afb-ad67-11d1-abcd-00c04fc30936} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0afaced1-e828-11d1-9187-b532f1e9575d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0d2e74c4-3c34-11d2-a27e-00c04fc30871} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e5cbf21-d15f-11d0-8301-00aa005b4383} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{111dcced-3b96-4170-a076-681669ed1512} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{12518493-00b2-11d2-9fa5-9e3420524153} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{13709620-c279-11ce-a49e-444553540000} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1820fed0-473e-11d0-a96c-00c04fd705a2} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1ebdcf80-a200-11d0-a3a4-00c04fd706ec} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1f4de370-d627-11d1-ba4f-00a0c91eedba} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{208d2c60-3aea-1069-a2d7-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20b1cb23-6968-4eb9-b7d4-a66d00d07cee} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20d04fe0-3aea-1069-a2d8-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21b22460-3aea-1069-a2dc-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24f14f01-7b1c-11d1-838f-0000f80461cf} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{24f14f02-7b1c-11d1-838f-0000f80461cf} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25585dc7-4da0-438d-ad04-e42c8d2d64b9} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{26fdc864-be88-46e7-9235-032d8ea5162e} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3bb4118f-ddfd-4d30-a348-9fb5d6bf1afe} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f454f0e-42ae-4d7c-8ea3-328250d6e272} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f6953f0-5359-47fc-bd99-9f2cb95a62fd} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3fc0b520-68a9-11d0-8d77-00c04fd70822} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450d8fba-ad25-11d0-98a8-0800361b1103} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4622ad11-ff23-11d0-8d34-00a0c90f2719} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4657278a-411b-11d2-839a-00c04fd918d0} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{48e7caab-b918-4e58-a94d-505519c795dc} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53c74826-ab99-4d33-aca4-3117f51d3788} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{55d7b852-f6d1-42f2-aa75-8728a1b2d264} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{57651662-ce3e-11d0-8d77-00c04fc99d61} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{59031a47-3f72-44a7-89c5-5595fe6b30ee} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b4dae26-b807-11d0-9815-00c04fd91972} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5f5295e0-429f-1069-a2e2-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{62112aa1-ebe4-11cf-a5fb-0020afe7292d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63b51f81-c868-11d0-999c-00c04fd655e1} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{66742402-f9b9-11d1-a202-0000f81fedee} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{67331d85-be17-42f6-8d3f-47b8e8b26637} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{679d9e37-f8f9-11d2-8deb-00c04f6837d5} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6b831e4f-a50d-45fc-842f-16ce27595359} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6cf8e98c-5dd4-42a2-a948-bfe4ca1dc3eb} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d5313c0-8c62-11d1-b2cd-006097df8c11} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72267f6a-a6f9-11d0-bc94-00c04fb67863} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72267f6a-a6f9-11d0-bc94-00c04fb67863} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{72eb61e0-8672-4303-9175-f2e4c68b2e7c} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{733ac4cb-f1a4-11d0-b951-00a0c90312e1} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7487cd30-f71a-11d0-9ea7-00805f714772} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{75048700-ef1f-11d0-9888-006097deacf9} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7ba4c740-9e81-11cf-99d3-00aa004ae837} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7be9d83c-a729-4d97-b5a7-1b7313c39e0a} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7eb5fbe4-2100-49e6-8593-17e130122f91} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7febaf7c-18cf-11d2-993f-00a0c91f3880} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8278f931-2a3e-11d2-838f-00c04fd918d0} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84720068-f106-4b58-a4c6-189382ab39bd} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86422020-42a0-1069-a2e5-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{864a1288-354c-4d19-9d68-c2742bb14997} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86747ac0-42a0-1069-a2e6-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86c86720-42a0-1069-a2e8-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e827c11-33e7-4bc1-b242-8cd9a1c2b304} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{94357b53-ca29-4b78-83ae-e8fe7409134f} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{95ce8412-7027-11d1-b879-006008059382} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ac9fbe1-e0a2-4ad6-b4ee-e212013ea917} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ba05971-f6a8-11cf-a442-00a0c90a8f39} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a07034fd-6caa-4954-ac3f-97a27216f98a} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a470f8cf-a1e8-4f65-8335-227475aa5c46} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{aabe54d4-6e88-4c46-a6b3-1df790dd6e0d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b005e690-678d-11d1-b758-00a0c90564fe} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b091e540-83e3-11cf-a713-0020afd79762} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0a8f3cf-4333-4bab-8873-1ccb1cada48b} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b2f2e083-84fe-4a7e-80c3-4b50d10d646e} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b5607793-24ac-44c7-82e2-831726aa6cb7} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bab33640-1280-11d2-aa30-00a0c91eedba} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c2fbb630-2971-11d1-a18c-00c04fd75d13} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c2fbb631-2971-11d1-a18c-00c04fd75d13} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{c4ee31f3-4768-11d2-be5c-00a0c9a83da1} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c827f149-55c1-4d28-935e-57e47caed973} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d82be2b0-5764-11d0-a96e-00c04fd705a2} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d912f8cf-0396-4915-884e-fb425d32943b} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d969a300-e7ff-11d0-a93b-00a0c90f2719} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e13ef4e4-d2f2-11d0-9816-00c04fd91972} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1618f52-bf15-484a-86d2-183400e66a2b} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e17d4fc0-5564-11d1-83f2-00a0c90dc849} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e773f1af-3a65-4866-857d-846fc9c4598a} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ecd4fc4f-521c-11d0-b792-00a0c90312e1} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ef43ecfe-2ab9-4632-bf21-58909dd177f0} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f26a669a-bcbb-4e37-abf9-7325da15f931} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f3364ba0-65b9-11ce-a9ba-00aa004ae837} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f46316e4-fb1b-46eb-aedf-9520bfbb916a} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{f83cbf45-1c37-4ca1-a78a-28bcb91642ec} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fbf23b41-e3f0-101b-8488-00aa003e56f8} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fef10ded-355e-4e06-9381-9b24d7f7cc88} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{fef10fa2-355e-4e06-9381-9b24d7f7cc88} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00021400-0000-0000-c000-000000000046} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00021401-0000-0000-c000-000000000046} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{217fc9c0-3aea-1069-a2db-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{21ec2020-3aea-1069-a2dd-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2227a280-3aea-1069-a2de-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3da165b6-cc41-11d2-bdc6-00c04f79ec6b} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{61e218e0-65d3-101b-9f08-061ceac3d50d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{645ff040-5081-101b-9f08-00aa002f954e} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645ff040-5081-101b-9f08-00aa002f954e} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86f19a00-42a0-1069-a2e9-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{86f19a00-42a0-1069-a2eb-08002b30309d} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8d8763ab-e93b-4812-964e-f04e0008fd50} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{aeb6717e-7e19-11d0-97ee-00c04fd91972} (Search.Hijacker) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{28eaf37d-f93d-4d40-8f70-654cc2fcba2e} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.bmfr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0e5cbf21-d15f-11d0-8301-00aa005b4383} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0e5cbf21-d15f-11d0-8301-00aa005b4383} (Search.Hijacker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\postbootreminder (Search.Hijacker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\cdburn (Search.Hijacker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aeb6717e-7e19-11d0-97ee-00c04fd91972} (Search.Hijacker) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{95005e34-5c3d-4dfb-9999-9d527cc7d9e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.205 85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{95005e34-5c3d-4dfb-9999-9d527cc7d9e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.205 85.255.112.144 -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Documents and Settings\User\Dati applicazioni\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> No action taken.

HO RIMOSSO TUTTI I FILES INFETTI


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 90.924.781.568 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ITUNES\BAK

0 File 0 byte
2 Directory 90.924.781.568 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\KEYBOARD\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\QUICKT~1\BAK

0 File 0 byte
3 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\WINDOWS\SYSTEM32\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\DOCUME~1\USER\DATIAP~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ALICET~1\SMARTB~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\DIGICOMT\MICHEL~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

0 File 0 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\QUICKT~1\BAK\BAK

23/01/2004 16.38 98.304 qttask.exe
1 File 98.304 byte
2 Directory 90.924.777.472 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\SCANSOFT\OMNIPA~1\BAK

0 File 0 byte
2 Directory 90.924.773.376 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\ADOBE\ACROBA~3.0\READER\BAK

0 File 0 byte
2 Directory 90.924.773.376 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\AVEO\ATTUNE\BIN\BAK

0 File 0 byte
2 Directory 90.924.773.376 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\BAK

0 File 0 byte
2 Directory 90.924.773.376 byte disponibili
Il volume nell'unità C non ha etichetta.
Numero di serie del volume: F478-A405

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

27/01/2007 07.38 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 90.924.773.376 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

98304 23 Jan 2004 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
98304 23 Jan 2004 "C:\Programmi\QuickTime\bak\bak\qttask.exe"
582216 13 Nov 2008 "C:\Documents and Settings\User\Impostazioni locali\temp\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googletoolbarinstaller_en.exe"
171448 27 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"


end of report

DAL MENU START SONO SCOMPARSI I VARI COLLEGAMENTI E peogrammi. IN BASSO A SINISTRA C'è UNA ICONA IKEYWORKS 6.10 è normale?
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 6:05:11 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
AIUTO!!!

Forse ho cancellato qualcosa che non dovevo, non mi funziona più START, non funzionano più i collegamenti sul desktop, non riesco più nemmmeno a fare cerca... sembra tutto disattivato (i programmi e i documenti personali per fortuna ci sono tutti), ma che è succeso?
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 6:14:14 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Non conosco IKEYWORKS 6.10 , se non lo conosci eliminalo.
Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai capia-incolla) nel riquadro bianco: (quelle in neretto)

Files to delete:
C:\Documents and Settings\User\Impostazioni locali\temp\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googletoolbarinstaller_en.exe

Files to move:
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe



Sarica Questo e salvalo sul desktopo:
http://download.norman.no/public/Norman_Malware_Cleaner.exe
Avvia in MODALITA PROVVISORIA

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.
Ti chiedo di eliminare questo programma:c:\programmi\QuickTime
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 8:52:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ma cosa hai cancellato....
Fai un Ripristino Configurazione sistema, (un punto di ripristino lo ha creato Combofix prima della scansione.)
Si deve ricominciare da capo....
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 9:03:16 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ho fatto quanto mi hai detto e in modalità provvisoria ho fatto partire norman. Ad un certo punto dice: deleted file: c:\prgr\emule\incoming\the sims2deluxe nocd crack infected

poi trova un altro file:
c:\programmi\filecomuni\totem shared update\free sample\dll042 infected whit w32 virtual girl 1
ma a questo punto si blocca e scrive:
a fatal error e devo obbligatoriamente riavviare. Per questo motivo non viene generato nessun log.
Start continua ad essere disattivato e il desktop presenta anche icone senza nome Brick wall
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 9:14:14 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
come faccio a trovare il punto di ripristino di combo fix?Brick wall Brick wall Brick wall Brick wall Brick wall
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 9:15:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Hai dei crack infetti....
Non si scaricano crack, di nessun genere.
Apri il TaskManager (ctrl + alt + canc), termina il processo explorer.exe; Probabilmente spariranno le icone del desktop; è normale;
Poi: da file->Nuova operazione, digita explorer.exe oppure solo explorer e dai Ok.
Dimmi come trovi il desktop.
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 9:20:53 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
stesso desktop
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 9:23:18 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Prova a rifare una scansione con Combofix.
E postami il log.
Torna in alto
 
paose
Inviato: Thursday, November 13, 2008 9:39:12 PM
Rank: AiutAmico

Iscritto dal : 7/8/2008
Posts: 94
ComboFix 08-11-12.01 - User 2008-11-13 21.28.08.3 - NTFSx86

Eseguito da: c:\documents and settings\User\Desktop\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-10-13 al 2008-11-13 )))))))))))))))))))))))))))))))))))
.

2008-11-13 09:00 . 2008-11-13 09:00 <DIR> d-------- c:\programmi\CCleaner
2008-11-13 08:56 . 2008-11-13 08:56 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2008-11-13 08:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-13 08:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 16:49 . 2008-11-13 08:53 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Lavasoft
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- c:\documents and settings\User\Dati applicazioni\Malwarebytes
2008-10-30 18:28 . 2008-10-30 18:28 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2008-10-27 18:50 . 2008-10-27 18:51 <DIR> d-------- c:\documents and settings\paola\Dati applicazioni\AVGTOOLBAR
2008-10-24 14:41 . 2008-10-24 14:41 <DIR> d-------- c:\programmi\Sacred Edizione Oro
2008-10-17 14:58 . 2008-10-17 14:58 <DIR> d-------- c:\documents and settings\paola\Dati applicazioni\PC Suite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 17:21 --------- d-----w c:\programmi\Keyboard
2008-11-13 14:13 --------- d-----w c:\documents and settings\User\Dati applicazioni\Desktopicon
2008-11-13 08:01 --------- d-----w c:\programmi\ewido anti-malware
2008-11-13 07:46 --------- d-----w c:\programmi\Symantec AntiVirus
2008-11-13 07:46 --------- d-----w c:\programmi\iTunes
2008-11-13 07:46 --------- d-----w c:\programmi\File comuni\Symantec Shared
2008-11-09 09:18 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-10-30 18:18 --------- d--h--w c:\programmi\FX Uninstall Information
2008-05-18 09:13 386,194 ----a-w c:\documents and settings\User\Dati applicazioni\serial2.dat
2008-05-16 17:26 54 ----a-w c:\programmi\inc1.bat
2008-05-16 17:26 41 ----a-w c:\programmi\sleep.bat
2008-05-16 17:25 386,194 ----a-w c:\documents and settings\User\Dati applicazioni\serial2.zip
2007-12-31 15:02 47,360 ----a-w c:\documents and settings\User\Dati applicazioni\pcouffin.sys
2006-12-18 18:55 149,560 -c--a-w c:\documents and settings\User\Dati applicazioni\GDIPFONTCACHEV1.DAT
1998-10-05 13:40 10,000 -c--a-w c:\windows\inf\unregpn.exe
.
Code:
<pre>
----a-w            15,360 2004-08-19 22:39:35  c:\windows\system32\ctfmon .exe
</pre>



((((((((((((((((((((((((((((( snapshot_2008-11-12_18.39.33,26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-30 09:21:12 61,184 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-13 17:01:56 61,184 ----a-w c:\windows\system32\perfc009.dat
- 2008-03-30 09:21:12 70,516 ----a-w c:\windows\system32\perfc010.dat
+ 2008-11-13 17:01:56 70,516 ----a-w c:\windows\system32\perfc010.dat
- 2008-03-30 09:21:12 371,560 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-13 17:01:56 371,560 ----a-w c:\windows\system32\perfh009.dat
- 2008-03-30 09:21:12 409,294 ----a-w c:\windows\system32\perfh010.dat
+ 2008-11-13 17:01:56 409,294 ----a-w c:\windows\system32\perfh010.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\programmi\Free Download Manager\fdm.exe" [N/A]
"MsnMsgr"="c:\programmi\MSN Messenger\MsnMsgr.Exe" [N/A]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 171448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"PcSync"="c:\programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-19 1449984]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2007-04-27 257088]
"UnlockerAssistant"="c:\programmi\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"CanonSolutionMenu"="c:\programmi\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\programmi\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-01 1234712]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Corel Reminder"="" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"ALUAlert"="c:\programmi\Symantec\LiveUpdate\ALUNotify.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-19 c:\windows\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\FreeFTP\\FreeFTP.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\italian\\setup.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

.
.
------- Supplementare di scansione -------
.
FireFox -: Profile - c:\documents and settings\User\Dati applicazioni\Mozilla\Firefox\Profiles\xfoxql6t.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://italian.eazel.com/it/index.php?rvs=hompag&d=79919283
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 21:33:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


**************************************************************************
.
Ora fine scansione: 2008-11-13 21.37.40
ComboFix-quarantined-files.txt 2008-11-13 20:36:29
ComboFix2.txt 2008-11-12 17:41:34
ComboFix3.txt 2008-07-11 08:24:17

Pre-Run: 90.666.164.224 byte disponibili
Post-Run: 90,866,905,088 byte disponibili

116 --- E O F --- 2008-06-11 12:57:45
Torna in alto
 
r16
Inviato: Thursday, November 13, 2008 9:53:58 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Il log non presenta anomalie.
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)
Rifai le scansioni con Malwarebytes, e Norman e postami i relativi log.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » finestre pubblicità e programmi antimalware che si bloccano


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.