Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

HELP _distruzione completa antivirus_e_caos nel computer!!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Postdi lucas/s » 09/08/06 20:39

Scusa mi ero dimenticato il rosso
Copia e incolla le scritte in rosso sarebbero queste

Files to delete:
C:\Programmi\File comuni\System\DOZBK.exe
C:\WINDOWS\TEMP\grgv1.exe
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Sponsor
 

Postdi webnet » 09/08/06 20:46

ecco qua





GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-09 21:46:12
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
ccEvtMgr /*Symantec Event Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
ccProxy /*Symantec Network Proxy*/@ = "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe"
ccSetMgr /*Symantec Settings Manager*/@ = "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
LogTle /*LogTle*/@ = "C:\Programmi\File comuni\System\DOZBK.exe" /*file not found*/
LVPrcSrv /*Logitech Process Monitor*/@ = c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
navapsvc /*Servizio Auto-Protect di Norton AntiVirus*/@ = "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
SNDSrvc /*Symantec Network Drivers Service*/@ = "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe"
SPBBCSvc /*Symantec SPBBCSvc*/@ = "C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
Symantec Core LC /*Symantec Core LC*/@ = "C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe"
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Utilità di pianificazione di LiveUpdate automatico /*Utilità di pianificazione di LiveUpdate automatico*/@ = "C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATICCC"C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay = "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_06\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@Adobe Photo Downloader"C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" /*file not found*/ = "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" /*file not found*/
@DAEMON Tools"C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
@ccApp"C:\Programmi\File comuni\Symantec Shared\ccApp.exe" = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@UnlockerAssistant"C:\Programmi\Unlocker\UnlockerAssistant.exe" /*file not found*/ = "C:\Programmi\Unlocker\UnlockerAssistant.exe" /*file not found*/
@grgv1.exeC:\WINDOWS\TEMP\grgv1.exe /*file not found*/ = C:\WINDOWS\TEMP\grgv1.exe /*file not found*/
@LVCOMSXC:\WINDOWS\system32\LVCOMSX.EXE = C:\WINDOWS\system32\LVCOMSX.EXE
@LogitechCameraAssistantC:\Programmi\Logitech\Video\CameraAssistant.exe = C:\Programmi\Logitech\Video\CameraAssistant.exe
@LogitechVideo[inspector]C:\Programmi\Logitech\Video\InstallHelper.exe /inspect = C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
@LogitechCameraService(E)C:\WINDOWS\system32\ElkCtrl.exe /automation = C:\WINDOWS\system32\ElkCtrl.exe /automation

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background = "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" /*file not found*/ = "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll = C:\Programmi\ATI Technologies\ATI.ACE\atiacmxx.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{F85A0C9A-8DB7-4212-89E6-D73BF6DF1652} /**/C:\WINDOWS\system32\iis.dll /*file not found*/ = C:\WINDOWS\system32\iis.dll /*file not found*/
@{C1B371E2-99B4-4F3B-A791-4AE2A3A4248F} /**/C:\WINDOWS\system32\hstpapi.dll /*file not found*/ = C:\WINDOWS\system32\hstpapi.dll /*file not found*/
@{011EF2C8-5DF8-4C1F-8EEC-174BBE4D902C} /**/C:\WINDOWS\system32\ekcapi.dll /*file not found*/ = C:\WINDOWS\system32\ekcapi.dll /*file not found*/
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/(null) =
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{18A5F8C3-30F3-DF2E-CCA1-882F5D192E03} = C:\WINDOWS\rnche1.dll /*file not found*/

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.it/ = http://www.google.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86438B85-B841-4015-91BB-7B3ADEE1DB1B} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.0.6 = 192.168.0.6
@NameServer194.243.154.62,195.31.190.31,192.168.0.4 = 194.243.154.62,195.31.190.31,192.168.0.4
@DefaultGateway192.168.0.1 = 192.168.0.1
@Domain =

---- EOF - GMER 1.0.10 ----


e ora ? dovrebbe essere normale ???
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi lucas/s » 10/08/06 03:05

Ciao,esegui questa operazione

Start>digita Regedit nella casellina e clicca su Ok
Ti si apre il registro di sistema
Aiutandoti con i +(li trovi a destra) portati fino alla chiave segnata in rosso

HKEY_LOCAL_MACHINE\ <--------clicca sul +
Software\ <--------clicca sul +
Microsoft\ <--------clicca sul +
Windows\ <--------clicca sul
CurrentVersion\ <-------- clicca sul +
Explorer\ <--------clicca sul +
Browser Helper Objects\ <--------clicca sul +
{18A5F8C3-30F3-DF2E-CCA1-882F5D192E03}
Seleziona la chiave segnata in rosso,tasto destro del mouse e seleziona l'opzione "Elimina"


HKEY_LOCAL_MACHINE\ <--------clicca sul +
SYSTEM\ <--------clicca sul +
CurrentControlSet\ <--------clicca sul +
Services\ <--------clicca sul +
Adesso vedrai una lista in questa lista trova la chiave LogTle
Seleziona la chiave segnata in rosso,tasto destro del mouse e seleziona l'opzione "Elimina"

Riavvia il pc e posta un log di Hijackthis,grazie notte
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi webnet » 10/08/06 07:28

non riesco a eliminare LogTle mi dice errore durante l'eliminazione


posto comunque il log


Logfile of HijackThis v1.99.1
Scan saved at 8.28.23, on 10/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Regedit.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\dariobusoni\Documenti\hijackthis\HijackThis.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmi\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [grgv1.exe] C:\WINDOWS\TEMP\grgv1.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tanks-war-by-basons.spaces.msn.c ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C26027F5-C7EF-4CC1-9637-B514BCF8BF4E} (SAIOnlineAForm Control) - http://www.arcadetown.com/swf/scorchani ... online.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/g ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86438B85-B841-4015-91BB-7B3ADEE1DB1B}: NameServer = 194.243.154.62,195.31.190.31,192.168.0.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi lucas/s » 10/08/06 09:28

Ciao,con Hijackthis elimina questra stringa

O4 - HKLM\..\Run: [grgv1.exe] C:\WINDOWS\TEMP\grgv1.exe

Elimina il file in rosso
C:\WINDOWS\TEMP\grgv1.exe

Per la chiave che non si elimina,selezionala,tasto destro e seleziona l'opzione "Autorizzazioni"
Seleziona il nome del tuo account e clicca su "Avanzate"
Adesso seleziona il nome del tuo account e clicca su "Modifica"
Spunta la casella "Controllo completa" nella colonna "Permetti"
Clicca su Ok>Applica>Ok>Ok

Adesso prova ad eliminare la chiave

Ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi webnet » 10/08/06 12:55

non funzionano ne la prima ne la seconda: :cry: :cry:

nella prima non lo trovo e nella seconda ho eseguito a lettera le istruzioni ma mi dice sempre accesso negato, eppure ho usato un accaunt amministratore :cry: :cry: :cry:
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 10/08/06 12:58

scordavo di dire che avevo pure messo visualizza file e cartelle nascosti


ma nollo trova ugualmente
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi Luke57 » 10/08/06 13:00

Ciao, prova a entrare nel registro di sistema digitando
regedt32 di regedit.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi lucas/s » 10/08/06 13:08

Scarica questo file http://www.suspectfile.com/upload/files/del.rar
Decomprimi l'archivio,doppio click sul file del.bat
Attendi,riavvia il pc e verifica se hai ancora la chiave

Ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi webnet » 11/08/06 06:57

ma quanto devo aspettare?
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 07:02

niente ho aspettato 1 minuto, ho riavviato ma logtle c'è sempre e dice errore durante l'eliminazione
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 07:03

qui c'è il log di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 8.03.04, on 11/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\dariobusoni\Documenti\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programmi\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programmi\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packa ... anager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tanks-war-by-basons.spaces.msn.c ... nPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {C26027F5-C7EF-4CC1-9637-B514BCF8BF4E} (SAIOnlineAForm Control) - http://www.arcadetown.com/swf/scorchani ... online.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/g ... anager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86438B85-B841-4015-91BB-7B3ADEE1DB1B}: NameServer = 194.243.154.62,195.31.190.31,192.168.0.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogTle - Unknown owner - C:\Programmi\File comuni\System\DOZBK.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 07:15

hei sentite un po' è normale che ci sia un accaunt che si chiama ASPNET
poi: l'accaunt dal nome strano non c'è + ma c'è sempre in services.msc c'è sempre quel logtle che in regedit

e per di piu C:\WINDOWS\TEMP\grgv1.exe non lo trovo ne io ne killbox ( programma di eliminazione file )



ps: nel computer all'avvio ho solo un accaunt che è amministratore
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 09:42

qualcuno mi risonde!!! :cry: :cry: :cry: :cry:
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 10:08

aaiiiiiiiiiiiiiiiiiiuuuuuuuuuutttttttttttttttooooooooooooooo!!!!!!!!!!!!!!

perche mi lasciate senza completare la procedura di rimozione
ho sempre il link optimizzator :cry: :cry: :cry: :cry: :cry:


ho bisogno di assistenza :cry: :cry: :cry: :cry: :cry: :cry:
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi webnet » 11/08/06 11:18

guardate in logtle ci sono degli altri file che ci faccio???
http://img226.imageshack.us/my.php?image=regeditej5.png
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi Luke57 » 11/08/06 12:20

Ciao, scusa se intervengo ma sembra che non sia andata a buon fine questa operazione che ti ha suggerito lucas/s:
Per piacere riavvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in rosso

Files to delete:
C:\Programmi\File comuni\System\DOZBK.exe
C:\WINDOWS\TEMP\grgv1.exe


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Prova a rifare l'operazione.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi webnet » 11/08/06 12:47

con rooktit reveal ho trovato tutti questi rooktit

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 11/08/2006 11.55 80 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 06/07/2006 15.06 0 bytes Access is denied.
C:\Documents and Settings\dariobusoni\Cookies\dariobusoni@imageshack[2].txt 11/08/2006 12.03 537 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Cookies\dariobusoni@www.pc-facile[1].txt 11/08/2006 11.55 212 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\dariobusoni\Cookies\dariobusoni@www.pc-facile[2].txt 11/08/2006 12.07 210 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Documenti\Immagini\regedit.bmp 11/08/2006 12.01 1.97 MB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\dary.basons@hotmail.it\SharingMetadata\oplomacus@hotmail.it\DFSR\Staging\CS{C3ACCD26-EC6F-ACCF-C49C-7226AD04DD73}\01\10-{C3ACCD26-EC6F-ACCF-C49C-7226AD04DD73}- 11/08/2006 10.52 8 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\CAVYCJBH.htm 11/08/2006 12.06 4.03 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\imageshack[1].png 11/08/2006 12.00 4.13 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\regeditej5.th[1].png 11/08/2006 12.03 2.98 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\regeditej5[1].png 11/08/2006 12.03 259.53 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\text_group[1].htm 11/08/2006 12.03 2.90 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\toolbar_img2[1].png 11/08/2006 12.00 3.66 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\0PER45UJ\videogiochi_ist_468x60[1].gif 11/08/2006 12.07 10.04 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\1157558[2] 11/08/2006 12.07 201 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\CAGRETE5.jpg 11/08/2006 12.04 12.42 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\CAY21COT.HTM 11/08/2006 11.56 792 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\CAYNAZIX.htm 11/08/2006 12.04 4.17 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\posting[2].htm 11/08/2006 12.07 164.62 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\rmtag3[1].js 11/08/2006 12.03 1 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\toolbar_img2[1].png 11/08/2006 12.03 3.66 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\81ISFUT1\urchin[2].js 11/08/2006 12.00 17.69 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\CAE3CDSP.jpg 11/08/2006 12.06 10.86 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\CAQJG52Z.htm 11/08/2006 12.04 6.33 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\google[1].htm 11/08/2006 11.55 4.35 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\my[1].htm 11/08/2006 12.03 6.65 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\posting[1].htm 11/08/2006 12.08 145.58 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\rater[1].htm 11/08/2006 12.03 1.35 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\rmtag3[1].js 11/08/2006 12.00 1 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\search[1].htm 11/08/2006 12.00 21.77 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\style-def[1].css 11/08/2006 12.03 2.10 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\DF2M1JOV\t4_ie[1].gif 11/08/2006 12.00 4.59 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\CA8HUZ49.htm 11/08/2006 12.07 6.03 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\CAQN8XMD.htm 11/08/2006 12.04 4.08 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\google[1].htm 11/08/2006 12.04 4.35 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\rmtag3[1].js 11/08/2006 12.00 1 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\rmtag3[2].js 11/08/2006 12.03 1 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\rmtag3[3].js 11/08/2006 12.03 1 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Impostazioni locali\Temporary Internet Files\Content.IE5\LLDMRAKW\style-def[1].css 11/08/2006 12.00 2.10 KB Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Recent\regedit.lnk 11/08/2006 12.01 683 bytes Hidden from Windows API.
C:\Documents and Settings\dariobusoni\Recent\RootkitRevealer (2).lnk 11/08/2006 11.56 740 bytes Hidden from Windows API.
C:\Programmi\Norton Internet Security\Norton AntiVirus\Savrt\0462NAV~.TMP 11/08/2006 11.58 0 bytes Hidden from Windows API.
C:\System Volume Information\_restore{3658B139-90EC-4E27-894D-FA75F3484E9D}\RP4\A0002403.lnk 09/08/2006 20.44 461 bytes Hidden from Windows API.
C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf 11/08/2006 12.01 115.38 KB Hidden from Windows API.



aiutatemi!!!!
webnet
Utente Junior
 
Post: 64
Iscritto il: 01/08/06 16:32

Postdi Luke57 » 11/08/06 12:50

Ciao, scusa ma uno ti suggerisce una cosa e tu ne fai un'altra....
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi lucas/s » 11/08/06 13:04

si ti aiutiamo,ma anche tu aiutaci a noi ;)
Esegui le operazioni sopra descritte,non ti preoccupare per il registro si riferisce al servizio/file/account aggiunto dal malware

Ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "HELP _distruzione completa antivirus_e_caos nel computer!!!!":


Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti