Accedi per seguire   
Seguaci 0
Tony_B

Spyware Adware Con Popunder

11 messaggi in questa discussione

Che palle.......... era un pò che non prendevo di sti troiai... a qualcuno è capito di recente ? praticamente mi si aprono delle finestre in popunder, ora sto provando con AVG spyware 7.5....

pagine tipo metic, aruba, tele2 e compagnia bella. Mi spieghereste come procedere ? questa volta sono stufo di fomattare, anche se ho l'immagine con tutti i dati ben impostati e configurazioni varie su un'altro hd.

Vedo che tutti per individuare realmente i file infetti usano un prog che restituisce una lista di testo, hitkins ?

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Logfile of HijackThis v1.99.1

Scan saved at 11.45.27, on 19/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\CyberLink\PowerCinema\PCMService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\HP\HP Software Update\HPwuSchd2.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\WINDOWS\Philips\SPC500NC\Monitor.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programmi\Cyberlink\Shared Files\brs.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\progra~1\fileco~1\instal~1\update~1\issch.exe

C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE

C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\Programmi\Google\Google Updater\GoogleUpdater.exe

C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE

C:\Programmi\QuickPhrase\qphrase.exe

C:\WINDOWS\system32\devldr32.exe

C:\Programmi\Microsoft Office\Office10\WINWORD.EXE

C:\Programmi\Microsoft ActiveSync\WCESMgr.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sPC500NC_Monitor] C:\WINDOWS\Philips\SPC500NC\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [iSUSScheduler] "c:\progra~1\fileco~1\instal~1\update~1\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [E07IXLRD_2131484] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Microsoft Outlook.lnk = ?

O4 - Startup: QuickPhrase.lnk = C:\Programmi\QuickPhrase\qphrase.exe

O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk

O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Logfile of HijackThis v1.99.1

Scan saved at 12.45.23, on 19/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\CyberLink\PowerCinema\PCMService.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\HP\HP Software Update\HPwuSchd2.exe

C:\Programmi\File comuni\Real\Update_OB\realsched.exe

C:\WINDOWS\Philips\SPC500NC\Monitor.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Programmi\Cyberlink\Shared Files\brs.exe

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

C:\progra~1\fileco~1\instal~1\update~1\issch.exe

C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE

C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Skype\Phone\Skype.exe

C:\WINDOWS\system32\devldr32.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Programmi\File comuni\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Microsoft ActiveSync\WCESMgr.exe

C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

C:\Programmi\Skype\Plugin Manager\skypePM.exe

C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE

C:\HP\KBD\KBD.EXE

c:\windows\system\hpsysdrv.exe

C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Programmi\Mozilla Firefox\firefox.exe

C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [PCMService] "C:\Programmi\CyberLink\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sPC500NC_Monitor] C:\WINDOWS\Philips\SPC500NC\Monitor.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [bDRegion] C:\Programmi\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [iSUSScheduler] "c:\progra~1\fileco~1\instal~1\update~1\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [E07IXLRD_2131484] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2007 - Premium DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Proprietario\Menu Avvio\Programmi\IMVU\Run IMVU.lnk

O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao Tony_B

non ho capito il perchè dei due log... :leggi:

comunque non evidenziano nulla di strano tranne un servizio ancora attivo di Norton

Fai girare questa utility per la rimozione

http://service1.symantec.com/SUPPORT/INTER...v=&osv_lvl=

facciamo questo controllo...

Scarica Navilog :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Doppio click navilog1.exe

- a installazione finita il tool si eseguirà in automatico (altrimenti avvialo con un doppio click su Navilog1 ).

- Segui le indicazioni a video e nel menu principale scegli 1 e conferma

- Attendere......

- Una volta finito lo scan clicca un tasto come richiesto e si aprirà il log con i dettagli

- postalo in un post di risposta

solitamente per bloccare i popup indesiderati si può fare in questo modo:

bloccare i popup provenienti da quel sito

http://www.microsoft.com/italy/windows/pro...pupblocker.mspx

modificando il file Host bloccare i siti maligni in questo modo

http://index.php?showtopic=14820

usare FireFox

http://www.mozilla-europe.org/it/products/firefox/,

con l'aggiunta di *Adblock*, o *Pop-up Master* o *No Script*

http://index.php?showtopic=60020&st=60entry383557

http://www.extenzilla.org/index.php

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

procedo e ti aggiorno.... nel frattempo stavo facendo una scansione con AntiVir che sta eliminando un pò di cosette.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ecco intanto AntiVir cosa ha fatto:

AntiVir PersonalEdition Classic

Report file date: sabato 19 gennaio 2008 17:51

Scanning for 1056958 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: NOME-80B5784770

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:50:41

ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 16:50:41

ANTIVIR3.VDF : 7.0.2.20 225792 Bytes 18/01/2008 16:50:41

AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 19/01/2008 16:50:42

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/01/2008 16:50:42

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

Start of the scan: sabato 19 gennaio 2008 17:51

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned

Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'kbd.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'CLSched.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned

Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned

Scan process 'devldr32.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'zvdlwa.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'EDICT.EXE' - '1' Module(s) have been scanned

Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'apdproxy.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'brs.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'Monitor.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

51 processes with 51 modules were scanned

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '35' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\NSIS_Install_WMP.exe

[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.CF.23

[iNFO] The file was deleted!

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\TNUKV0OY\1194621422[1].htm

[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen

[iNFO] The file was moved to '47cb2c1b.qua'!

C:\Programmi\Servizi in linea\IT\Interfree\HP-easy.exe

[DETECTION] Contains detection pattern of the dropper DR/385317.A

[iNFO] The file was deleted!

C:\System Volume Information\_restore{EB17C91D-6F24-4899-93E1-D643B10B0F84}\RP185\A0066569.exe

[DETECTION] Contains detection pattern of the dropper DR/FraudTool.SpywareSecure.A

[iNFO] The file was deleted!

C:\System Volume Information\_restore{EB17C91D-6F24-4899-93E1-D643B10B0F84}\RP194\A0066905.exe

[DETECTION] Contains detection pattern of the dropper DR/385317.A

[iNFO] The file was deleted!

Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: sabato 19 gennaio 2008 18:51

Used time: 59:50 min

The scan has been done completely.

17746 Scanning directories

555292 Files were scanned

4 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

4 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

555288 Files not concerned

15987 Archives were scanned

2 Warnings

0 Notes

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
Ciao Tony_B

non ho capito il perchè dei due log... :leggi:

comunque non evidenziano nulla di strano tranne un servizio ancora attivo di Norton

Fai girare questa utility per la rimozione

http://service1.symantec.com/SUPPORT/INTER...v=&osv_lvl=

facciamo questo controllo...

Scarica Navilog :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Doppio click navilog1.exe

- a installazione finita il tool si eseguirà in automatico (altrimenti avvialo con un doppio click su Navilog1 ).

- Segui le indicazioni a video e nel menu principale scegli 1 e conferma

- Attendere......

- Una volta finito lo scan clicca un tasto come richiesto e si aprirà il log con i dettagli

- postalo in un post di risposta

solitamente per bloccare i popup indesiderati si può fare in questo modo:

bloccare i popup provenienti da quel sito

http://www.microsoft.com/italy/windows/pro...pupblocker.mspx

modificando il file Host bloccare i siti maligni in questo modo

http://index.php?showtopic=14820

usare FireFox

http://www.mozilla-europe.org/it/products/firefox/,

con l'aggiunta di *Adblock*, o *Pop-up Master* o *No Script*

http://index.php?showtopic=60020&st=60entry383557

http://www.extenzilla.org/index.php

:P:)

Search Navipromo version 3.4.0 began on 19/01/2008 at 19.16.28,96

!!! Warning, this report may include legitimate files/programs !!!

!!! Post this report on the forum you are being helped !!!

!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 09.01.2008 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Versione 5.1.2600]

Version Internet Explorer : 7.0.5730.13

Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Programmi ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\DATIAP~1 ***

*** Search folders in "C:\Documents and Settings\HP_Proprietario\dati applicazioni" ***

*** Search folders in "C:\Documents and Settings\HP_Proprietario\MENUAV~1\PROGRA~1" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1 ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***

for more info : http://www.gmer.net

Hidden file(s) :

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.dat

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.exe

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_nav.dat

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_navps.dat

*** Search with GenericNaviSearch ***

!!! Possibility of legitimate files in the result !!!

!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\HP_Proprietario\impostazioni locali\dati applicazioni" *

Files found :

zvdlwa.exe found !

*** Search files ***

C:\WINDOWS\system32\nvs2.inf found !

*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***

(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

* In "C:\Documents and Settings\HP_Proprietario\impostazioni locali\dati applicazioni" :

zvdlwa.dat found !

3)Certificates Search :

Egroup certificate found !

4)Search known files :

*** Search completed on 19/01/2008 at 19.22.17,12 ***

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

in attesa di altre istruzioni, ripeti l'operazione con Navilog ma questa volta con l'opzione 2

:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
in attesa di altre istruzioni, ripeti l'operazione con Navilog ma questa volta con l'opzione 2

:)

Operazione 2 effettuata:

Navipromo Removal version 3.4.0 started on 19/01/2008 at 20.19.16,35

Fix running from C:\Programmi\navilog1

Updated on 09.01.2008 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Versione 5.1.2600]

Internet Explorer : 7.0.5730.13

Filesystem type : NTFS

Automatic removal

*** Creating backups for files found by Catchme

Copy to "C:\Programmi\navilog1\Backupnavi"

Copy C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.dat done !

Copy C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.exe done !

Copy C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_nav.dat done !

Copy C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_navps.dat done !

*** Deleting files found with Catchme ***

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.dat deleted !

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa.exe deleted !

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_nav.dat deleted !

C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\zvdlwa_navps.dat deleted !

** Second pass with Catchme results **

* In C:\WINDOWS\system32 *

C:\WINDOWS\prefetch\zvdlwa*.pf found !

Copy C:\WINDOWS\prefetch\zvdlwa*.pf done !

C:\WINDOWS\prefetch\zvdlwa*.pf deleted !

* In "C:\Documents and Settings\HP_Proprietario\impostazioni locali\dati applicazioni" *

*** Deleting with Backups GenericNaviSearch results ***

* Deletion in C:\WINDOWS\System32 *

* Deletion in "C:\Documents and Settings\HP_Proprietario\impostazioni locali\dati applicazioni" *

*** Deleting folders in C:\WINDOWS ***

*** Deleting folders in C:\Programmi ***

*** Deleting folders in C:\DOCUME~1\ALLUSE~1\DATIAP~1 ***

*** Deleting folders in "C:\Documents and Settings\HP_Proprietario\dati applicazioni" ***

*** Deleting folders in "C:\Documents and Settings\HP_Proprietario\MENUAV~1\PROGRA~1" ***

*** Deleting folders in C:\DOCUME~1\ALLUSE~1\MENUAV~1\PROGRA~1 ***

*** Deleting files ***

C:\WINDOWS\system32\nvs2.inf deleted !

*** Deleting temporary files ***

Cleaning of C:\WINDOWS\Temp done !

Cleaning of C:\Documents and Settings\HP_Proprietario\impostazioni locali\Temp done !

*** Complementary Search ***

(Search specific files)

1)Deletion with backups new Instant Access files:

2)Heuristic search and deletion with backups :

* In C:\WINDOWS\system32 *

* In "C:\Documents and Settings\HP_Proprietario\impostazioni locali\dati applicazioni" *

*** Copy Registry to Backupnavi folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned

*** Certificates ***

Egroup Certificate deleted !

*** Cleaning stage complete on 19/01/2008 at 20.22.08,79 ***

Forse che forse ho risolto ?? sto provando e SEMBRANO non aprirsi più mmmmm

Modificato da Tony_B

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Bhe direi che non sta più succedendo ! grazi 100.000 non avevo proprio voglia di sformattare.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Si, Navilog ha prima trovato e poi rimosso gli ospiti indesiderati :P

se hai ancora problemi sai dove trovarci...

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0