Home News Guide Hardware Download Forum Glossario

Condividi:        

PROBLEMA: QUALCHE VIRUS DISATTIVA IL FIREWALL DI WINDOWS XP

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

PROBLEMA: QUALCHE VIRUS DISATTIVA IL FIREWALL DI WINDOWS XP

Postdi kazzimma » 08/07/06 16:31

Ciao a tutti, sono ore ormai che cerco di venirne a capo....
stavo cercando un file su astalavist....... e purtroppo sono rimasto inchiappetato!:-)
Ho fatto una prima scansione con AVG che ha individuato i file:
secure32.html
ibm00001.dll
ibm00002.dll
...e che ho provveduto ad eliminare.
Spybot...ha individuato qualcos'altro: Torpig, con due files, un esguibile (ibm00003.exe) ed un file temporaneo. Li ho entrambi eliminati.

Ho riavviato e dopo 30 sec. compare la segnalazione di "firewall disattivato".

Ho scansionato il PC con Kaspersky:
Saturday, July 08, 2006 3:30:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/07/2006
Kaspersky Anti-Virus database records: 193506
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 65473
Number of viruses found 6
Number of infected objects 10 / 0
Number of suspicious objects 0
Duration of the scan process 01:18:16

Infected Object Name Virus Name Last Action
C:\Documents and Settings\ADfisio\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\flashgot.log Object is locked skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\history.dat Object is locked skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\key3.db Object is locked skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From "Darceri" ][Date Fri, 23 Dec 2005 12:35:51 -0600]/html Infected: Email-Worm.Win32.Bagle.mail skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From postcard service administrator ][Date Sat, 24 Dec 2005 17:23:06 -0500]/key.zip/key.exe Infected: Trojan-Downloader.Win32.Small.cci skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From postcard service administrator ][Date Sat, 24 Dec 2005 17:23:06 -0500]/key.zip Infected: Trojan-Downloader.Win32.Small.cci skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From eBay ][Date Sat, 31 Dec 2005 20:33:01 -0700]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From eBay ][Date Wed, 04 Jan 2006 15:17:38 -0400]/html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox/[From post@postcard.com][Date Mon, 13 Feb 2006 17:31:59 +0200]/html Infected: Trojan-Downloader.HTML.Agent.ae skipped
C:\Documents and Settings\ADfisio\Dati applicazioni\Thunderbird\Profiles\09r7hyky.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 6 skipped
C:\Documents and Settings\ADfisio\Documenti\Università_Master\Docenza_AS_&_CTJ\Didattica 2006\Lezioni_2006\Giugno_2006_CTJ_spalla\Teoria\Artrocinematica_GO_2006_18_giugno.ppt Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Cronologia\History.IE5\MSHist012006070820060709\index.dat Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{3A34D0B9-12EF-4DA3-9F3B-19267CA5601D} Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\4nz02al0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Temp\svkih.tmp\svklc.tmp Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Temp\svkih.tmp\svl82.tmp Object is locked skipped
C:\Documents and Settings\ADfisio\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ADfisio\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ADfisio\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Defender\Support\WDLog-05062006-094010.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\efehxxt.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C84528ED-71B9-4183-A21D-C65B97C43253}\RP209\A0013268.exe Infected: Trojan-Downloader.Win32.Adload.cs skipped
C:\System Volume Information\_restore{C84528ED-71B9-4183-A21D-C65B97C43253}\RP210\A0013280.dll Object is locked skipped
C:\System Volume Information\_restore{C84528ED-71B9-4183-A21D-C65B97C43253}\RP210\A0013281.dll Object is locked skipped
C:\System Volume Information\_restore{C84528ED-71B9-4183-A21D-C65B97C43253}\RP211\A0013304.exe Infected: Trojan-PSW.Win32.Sinowal.aa skipped
C:\System Volume Information\_restore{C84528ED-71B9-4183-A21D-C65B97C43253}\RP213\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E43FCECE-42F9-453D-B65E-378AA9CD8A8E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped


Ho cancellato tutti i file infetti, ho riavviato ma dopo pochi secondi ancora lo stesso problema!

Ho successivamente fatto una scansione con PANDA che non ha evidenziato nulla.

Questo è il Logfile of HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 16.56.11, on 08/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\Programmi\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Programmi\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{574D0825-65A3-48AF-8585-482EC6C045BB}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{97E013CD-2810-4906-A7BE-E2D2C36EFC1E}: NameServer = 151.99.229.25,151.99.125.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FILECO~1\SONYSH~1\AVLib\Sptisrv.exe

Qualcuno sa dirmi dove devo andare a parare per risolvere il problema?!

Grazie in anticipo a tutti per l'aiuto.
kazzimma
Newbie
 
Post: 4
Iscritto il: 04/01/06 20:52
Top
Sponsor
 

Postdi taurex » 28/08/06 10:10

Scarica VirIT eXplorer PRO ANTI-VIRUS
Disinstalla tutti gli antivirus, gli anti-dialer e gli anti-spyware che hai installati.
Installa VirIT
Fai partire Windows in modalità provvisoria
disabilita il ripristino configurazione di sistema e lancia una scansione con VirIT
Quando ha finito (prima di disinstallarlo) scarica:
avast! - SUPERAntiSpyware - Spybot - Ad Aware
Disinstalla virIt e installa tutti i software appena scaricati (aggiornando quelli che lo richiedono) dopodichè fai una scansione con tutti (uno per volta) sempre dopo ave fatto partire Windows in modalità provvisoria
Apri [Risorse del Computer] dal menù Strumenti scegli Cartella.
Apri la scheda Visualizzazione. [File e cartelle] --> [Cartelle e file nascosti] metti il pallino su visualizza cartelle e files nascosti
Scarica CCleaner
Lancia CCleaner vai su Opzioni:
Impostazioni --> metti i primi 3 flag
Personalizzate --> [Aggiungi Cartella]
scegli queste cartelle:
c:\documents and settings\utente\local settings\temp\
c:\documents and settings\utente\local settings\temporary internet files\
c:\windows\temp\
Avanzate --> flag sul 2° e il 3°
vai poi su Problemi e scegli [Trova Problemi] quando finisce la scansione fai [Ripara selezionati...] scegli Ripara selezionati e poi ok --> chiudi. Devi rifare la scansione finchè non ne trova più.
Quando ha finito vai su Cleaner e scegli Avvia Cleaner, quando finisce si chiude da solo.
Scarica poi Diskeeper Lite e fai una deframmentazione completa con esso.
Quando hai finito puoi di nuovo abilitare il ripristino configurazione di sistema

Quando hai fatto posta un log aggiornato di HiJackThis
Moderatore di
Immagine
taurex
Utente Senior
 
Post: 145
Iscritto il: 09/08/06 09:34
Località: Asti
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "PROBLEMA: QUALCHE VIRUS DISATTIVA IL FIREWALL DI WINDOWS XP":

Problema WhatsApp Google Vocale
Autore: crisge73 		Forum: Discussioni
Risposte: 2
Problema con macro copia e rinomina file
Autore: systemcrack 		Forum: Applicazioni Office Windows
Risposte: 2
Windows 11 e canon mp610
Autore: gele 		Forum: Sistemi Operativi Windows
Risposte: 4
problema con la stampa
Autore: themisterx 		Forum: Software Windows
Risposte: 5
PROBLEMA notebook hp con windows 11 audio sempre al massimo
Autore: balza14 		Forum: Audio/Video e masterizzazione
Risposte: 13

Chi c’è in linea

Visitano il forum: Nessuno e 40 ospiti

cron