Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

virus da eliminare

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

virus da eliminare

Postdi danny123 » 20/11/09 19:54

chi mi aiuta? .. ho AVG free, ed ogni volta che faccio la scansine mi trova dei virus, alcuni li corregge e altri li mette in quarantena, fatto sta che alla fine me li elimina, poi il giono dopo li trovo nuovamente, come posso eliminarli definitivamente?????
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Sponsor
 

Re: virus da eliminare

Postdi shel » 20/11/09 20:25

ciao

prova con ComboFix - scaricalo sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- disconnetiti da internet
- disattiva l'antivirus
- esegui ComboFix.exe
- digita 1
- segui le instruzioni
- finita la scansione portati in C:\ e copia/incolla, nella tua prossima risposta, il contenuto del file di testo Combofix.txt
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: virus da eliminare

Postdi danny123 » 20/11/09 21:48

ciao... fatto! .. e ora? :D

ComboFix 09-11-20.01 - Lidia 20/11/2009 21.26.46.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.39.1040.18.1976.998 [GMT 1:00]
Eseguito da: c:\users\Lidia\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2332782303-2793821225-480717067-500
c:\users\Lidia\AppData\Roaming\Desktopicon
c:\users\Lidia\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\system32\drivers\pciide.sys

.
((((((((((((((((((((((((( Files Creati Da 2009-10-20 al 2009-11-20 )))))))))))))))))))))))))))))))))))
.

2009-11-20 20:38 . 2009-11-20 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-20 17:22 . 2009-11-12 18:11 497944 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2009-11-20 17:22 . 2009-11-12 18:11 3963648 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-20 17:21 . 2009-11-10 11:53 1657112 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-20 17:21 . 2009-11-09 19:18 877848 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-11-16 20:40 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-16 20:40 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-12 16:41 . 2009-11-16 21:03 4096 d-----w- c:\program files\Microsoft Silverlight
2009-11-12 16:39 . 2009-11-12 16:39 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-12 16:35 . 2009-11-12 16:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-12 16:34 . 2009-11-12 16:40 -------- d-----w- c:\program files\Microsoft
2009-11-09 19:18 . 2009-11-09 19:21 -------- d-----w- C:\$AVG
2009-11-09 19:18 . 2009-11-09 19:18 4096 d-----w- c:\programdata\avg9
2009-10-30 14:40 . 2009-10-30 14:40 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-30 14:38 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-30 14:38 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-30 14:38 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-30 14:36 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-30 14:36 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-30 14:36 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-30 14:36 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-30 14:36 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-30 14:36 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-30 14:36 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-30 14:36 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-30 14:36 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-30 14:36 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-30 14:36 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-30 14:36 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-30 14:36 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-10-30 14:35 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-30 14:35 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-30 14:35 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-30 14:27 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-30 14:27 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-29 12:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 12:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-29 12:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-29 12:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 12:53 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-29 12:53 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-29 12:53 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 12:53 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 12:53 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-25 21:04 . 2009-10-25 21:00 24419312 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\NokiaSoftwareUpdaterSetup_it.exe
2009-10-25 21:02 . 2009-10-25 21:02 36864 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\Sleep.exe
2009-10-25 21:02 . 2009-10-25 21:02 3351812 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\msxml6Exec.exe
2009-10-25 21:02 . 2009-10-25 21:02 3203453 ----a-w- c:\programdata\Installations\{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}\Installer\CommonCustomActions\vcredistExec.exe
2009-10-25 21:02 . 2009-10-25 21:02 -------- d-----w- c:\programdata\Installations
2009-10-23 19:01 . 2009-10-23 19:12 4096 d-----w- c:\program files\Unlocker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 19:58 . 2009-02-26 15:28 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-20 19:26 . 2009-09-01 11:52 0 ----a-w- c:\users\Lidia\AppData\Local\prvlcl.dat
2009-11-16 21:01 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-16 20:53 . 2008-05-26 00:26 12288 d-----w- c:\programdata\Microsoft Help
2009-11-16 19:38 . 2009-02-26 15:28 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-16 19:15 . 2008-05-26 10:18 725150 ----a-w- c:\windows\system32\perfh010.dat
2009-11-16 19:15 . 2008-05-26 10:18 144756 ----a-w- c:\windows\system32\perfc010.dat
2009-11-12 16:38 . 2009-02-27 19:59 4096 d-----w- c:\program files\Windows Live
2009-11-10 11:55 . 2009-03-27 20:08 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-09 19:18 . 2009-03-27 20:08 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-09 19:18 . 2009-03-27 20:08 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-09 19:18 . 2009-03-27 20:08 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-09 19:18 . 2009-02-27 15:28 -------- d-----w- c:\program files\AVG
2009-11-05 15:01 . 2009-03-10 21:52 4096 d-----w- c:\program files\Coloring Book Painter
2009-11-05 15:01 . 2009-11-05 15:01 147456 ------w- c:\windows\Setup1.exe
2009-11-05 15:01 . 2009-11-05 15:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-11-05 14:59 . 2009-02-28 21:46 -------- d-----w- c:\program files\McAfee
2009-11-04 20:47 . 2009-02-26 11:50 952 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-04 20:47 . 2009-02-26 11:50 952 --sha-w- c:\programdata\KGyGaAvL.sys
2009-11-02 19:42 . 2009-10-12 19:09 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 20:47 . 2009-03-20 17:17 4096 d-----w- c:\program files\Burraconline
2009-10-30 14:40 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-30 14:40 . 2009-10-30 14:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 14:39 . 2009-10-30 14:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-25 21:05 . 2009-10-08 17:40 -------- d-----w- c:\program files\Nokia
2009-10-25 21:04 . 2009-10-08 17:31 4096 d-----w- c:\program files\Common Files\Nokia
2009-10-16 18:38 . 2008-05-26 00:32 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-16 17:34 . 2009-10-04 14:58 4096 d-----w- c:\program files\Microsoft Works
2009-10-13 11:33 . 2009-02-26 11:12 104560 ----a-w- c:\users\Lidia\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-12 14:36 . 2009-10-08 17:48 -------- d-----w- c:\programdata\PC Suite
2009-10-11 13:55 . 2009-10-11 13:55 -------- d-----w- c:\programdata\Nokia
2009-10-08 17:57 . 2009-10-08 17:48 -------- d-----w- c:\users\Lidia\AppData\Roaming\PC Suite
2009-10-08 17:49 . 2009-10-08 17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2009-10-08 17:47 . 2009-10-08 17:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-08 17:46 . 2009-10-08 17:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-08 17:44 . 2009-10-08 17:44 -------- d-----w- c:\users\Lidia\AppData\Roaming\Nokia
2009-10-08 17:39 . 2009-10-08 17:39 51534 ----a-w- c:\windows\inf\Nokia Music\0010\tmp1277.tmp
2009-10-08 17:39 . 2009-10-08 17:39 51534 ----a-w- c:\windows\inf\Nokia Music\0009\tmp1277.tmp
2009-10-08 17:39 . 2009-10-08 17:39 51534 ----a-w- c:\windows\inf\Nokia Music\0000\tmp1277.tmp
2009-10-08 17:39 . 2009-10-08 17:39 1593 ----a-w- c:\windows\inf\Nokia Music\tmp1278.tmp
2009-10-08 17:36 . 2009-10-08 17:36 -------- d-----w- c:\programdata\NokiaMusic
2009-10-08 17:35 . 2008-05-26 00:36 4096 d-----w- c:\program files\Common Files\muvee Technologies
2009-10-08 17:29 . 2009-10-08 17:29 -------- d-----w- c:\program files\DIFX
2009-10-04 14:57 . 2006-11-02 12:35 -------- d-----w- c:\program files\MSBuild
2009-10-04 14:55 . 2008-05-26 00:28 -------- d-----w- c:\program files\Microsoft.NET
2009-10-04 14:51 . 2009-10-04 14:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-01 01:02 . 2009-10-30 14:37 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-30 14:37 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-30 14:37 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-10-30 14:37 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-30 14:37 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-30 14:37 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-30 14:37 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-30 14:37 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-30 14:37 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-30 14:37 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-30 14:37 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-30 14:37 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-30 14:37 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-30 14:37 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-30 14:37 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-30 14:37 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-30 14:37 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-30 14:37 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-30 14:37 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-30 14:37 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-30 14:37 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-30 14:37 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-30 14:37 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-30 14:37 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-30 14:37 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-30 14:37 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-30 14:37 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-30 14:37 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-30 14:37 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-30 14:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-16 16:09 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-16 16:11 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 16:43 . 2009-09-10 16:43 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbE512.tmp.exe
2009-09-04 11:41 . 2009-10-16 16:10 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 18:50 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 18:50 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-16 16:31 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 16:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-16 16:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-16 16:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-03 22:11 . 2009-04-03 22:14 812344 ----a-w- c:\program files\HJTInstall.exe
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-11-27 07:42 . 2008-11-27 07:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-26 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-25 159744]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-25 875016]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-26 24064]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-09-23 6144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Nokia FastStart"="d:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,7b,b0,34,ba,21,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2332782303-2793821225-480717067-1003]
"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27/03/2009 21.08.17 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27/03/2009 21.08.22 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [09/11/2009 20.18.04 285392]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12.11.14 16384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [26/05/2008 1.42.31 24576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [28/02/2009 22.46.16 92296]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [06/04/2008 21.42.24 50424]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20.09.28 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/02/2009 16.28.07 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 12.44.56 210432]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [27/11/2008 8.40.28 112128]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 19.13.14 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [08/04/2008 19.46.02 43736]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [04/04/2008 2.03.14 131072]
S3 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 3.33.13 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/02/2009 12.10.14 24064]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [19/03/2009 14.48.18 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [19/03/2009 14.48.12 8320]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [26/02/2009 12.10.46 110576]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\System32\drivers\TpChoice.sys [14/05/2008 8.42.02 17968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.it/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5230
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Lidia\AppData\Roaming\Mozilla\Firefox\Profiles\bpfhwxzr.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 21:38
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Ora fine scansione: 2009-11-20 21:42
ComboFix-quarantined-files.txt 2009-11-20 20:42

Pre-Run: 37.460.803.584 byte disponibili
Post-Run: 37.174.231.040 byte disponibili

- - End Of File - - 0F7A059D433FDD329C91D6EC6AEB88B8
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 21/11/09 09:34

Ciao,

scarica Malwarebytes anti-malware da questo link e salvalo sul desktop:
http://dw.com.com/redir?edId=3&siteId=4 ... 3d10804572

Disattiva il tuo antivirus;
Installa malwarebytes facendo l'update (aggiornamento) e infine esegui il programma;
Esegui una scansione completa del tuo sistema.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: virus da eliminare

Postdi danny123 » 21/11/09 17:47

fatto!.. 7 avvisi... cos'altro???

Malwarebytes' Anti-Malware 1.41
Versione del database: 3206
Windows 6.0.6002 Service Pack 2

21/11/2009 17.34.08
mbam-log-2009-11-21 (17-34-08).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|)
Elementi scansionati: 216919
Tempo trascorso: 53 minute(s), 50 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partner service (Trojan.BHO) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\ProgramData\Partner\partner.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Lidia\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi shel » 21/11/09 17:52

ciao

sono state eliminate altre infezioni

disinstalla ComboFix in questa maniera:
Start\esegui

nella casella di dlialogo copia ed incolla questo comando: combofix /u


2) vai in Disco Locale C: ed elimina la cartella QooBox

3) elimina l'eventuale cartella che avevi creato sul Desktop in cui avevi posizionato Combofix.



scarica http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo (senza la toolbar aggiuntiva)
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte


usa anche questo pulitore

http://oldtimer.geekstogo.com/TFC.exe
chiudi tutti i programmi
avvia TFC, clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok


Postami un log di hijackthis
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: virus da eliminare

Postdi danny123 » 22/11/09 00:10

non ho fatto la scansione con oldtimer greekstogo perchè non me lo faceva scaricare, mi appare l'icona che i programmi ad esecuzione automatica sono bloccati, il compiuters mi si blocca... :( ti posto la scansione di hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.16.29, on 04/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Lidia\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
c:\users\lidia\appdata\local\oeaiw.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PokerStars.IT\PokerStars.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5230
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5230
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... tensa_5230
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [oeaiw] "c:\users\lidia\appdata\local\oeaiw.exe" oeaiw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9AA3089-DB15-4DC1-BF8C-22AD3880E347}: NameServer = 193.70.152.25 193.70.152.15
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9570 bytes
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 22/11/09 02:00

Chiudi tutte le applicazioni;

Apri Hijackthis

clicca su "Do a system scan only"


seleziona le seguenti voci:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O23 - Service: Partner Service - Google Inc. - c:\programdata\partner\partner.exe

premi "fix checked" e conferma l'eliminazione;
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: virus da eliminare

Postdi danny123 » 22/11/09 12:16

fatto, le voci che mi hai segnlato sono presenti solo nel rapporto di hijackthis, ma se devo eliminarle, non ci sono. che faccio?
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 22/11/09 17:07

scarica Malwarebytes anti-malware da questo link e salvalo sul desktop:
http://www.malwarebytes.org/mbam-download.php

Disattiva il tuo antivirus;
Installa malwarebytes facendo l'update (aggiornamento), disconnettiti da internet e infine esegui il programma;
Esegui una scansione completa del tuo sistema.
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: virus da eliminare

Postdi danny123 » 22/11/09 19:39

FATTO. Ma mi sa cher ancora non l'abbiamo eliminati anche se il rapporto dice il contrario. ti posto scansione e fammi sapere.

Malwarebytes' Anti-Malware 1.41
Versione del database: 3214
Windows 6.0.6002 Service Pack 2

22/11/2009 19.32.54
mbam-log-2009-11-22 (19-32-54).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|F:\|)
Elementi scansionati: 216556
Tempo trascorso: 51 minute(s), 22 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 22/11/09 19:44

Non preoccuparti per quelle voci...non sono infette ma obsolete;
Se non riesci ad elimanarle tranquillo.

Il PC non ha infezioni.

Ciao
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: virus da eliminare

Postdi danny123 » 22/11/09 19:52

io comunque ho rifatto tutte le varie scansioni, mi è rimasta in basso a desta l'icona dei programmi in esecuzione bloccati ed ha il simbolo del divieto d'accesso, che devo fare? poi fino a poco fa il pc mi si bloccava e devo spegnare dal pulsante, sai perchè?
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 22/11/09 20:01

danny123 ha scritto:io comunque ho rifatto tutte le varie scansioni, mi è rimasta in basso a desta l'icona dei programmi in esecuzione bloccati ed ha il simbolo del divieto d'accesso, che devo fare? poi fino a poco fa il pc mi si bloccava e devo spegnare dal pulsante, sai perchè?


Quali sono i programmi in esecuzione automatica bloccati?

Scrivi qui gli elementi in avvio del tuo PC:

Start-->eseguei-->msconfig-->avvio (qui sono present tutti gli elementi di avvio) ;
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09

Re: virus da eliminare

Postdi danny123 » 22/11/09 23:59

Ho fatto una scansione con avg ti poso il risultato.
ps. Il pc mi si blocca frequentemente e devo spegnerlo direttamente dal pulsante, poi lo riaccendo e funziona.

C:\user\lidia\app data\roaming\mozilla\firefox\profiles\bdfhwxzr.default\cookies.sqlite:\revsci.net.e9dbeb91
rilevato tracking cookie.revsci spostato in quarantena

C:\user\lidia\app data\roaming\mozilla\firefox\profiles\bdfhwxzr.default\cookies.sqlite:\revsci.net.44927ec
rilevato tracking cookie.revsci spostato in quarantena

C:\user\lidia\app data\roaming\mozilla\firefox\profiles\bdfhwxzr.default\cookies.sqlite:\revsci.net.2df99d79
rilevato tracking cookie.revsci spostato in quarantena

C:\user\lidia\app data\mozilla\firefox\profiles\bdfhwxzr.default\cookies.sqlite rilevato tracking cookie.revsci corretto
danny123
Utente Junior
 
Post: 20
Iscritto il: 29/12/08 16:45

Re: virus da eliminare

Postdi gahan » 23/11/09 00:21

scarica ed installa CCleaner da questo link:

http://www.filehippo.com/download_cclea ... f990a4591/

una volta installato aprilo e dalle opzioni --> avanzate-->togli la spunta da "Cancella i file in Windows temp se piu vecchi di 48 ore".
fatto questo da Pulizia premi su "Avvia pulizia".
words like violence, break the silence
Avatar utente
gahan
Moderatore
 
Post: 1397
Iscritto il: 23/01/08 16:09


Torna a Sicurezza e Privacy


Topic correlati a "virus da eliminare":


Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti