www.MegaLab.it

[sandropasqua]

Ciao. Il vostro sito é sempre utilissimo......e anche voi. Cerchero' di essre breve.
PC di un'amica. Win XP. Trovati diversi virus . Curato con Avast, Spybot, fatta riconfigurazione e pulizia registro con regcleaner, easycleaner e jv16.
Problema: cestino bloccato. Elimina i file direttamente senza "trattenerli". Tutte opzioni bloccate. Tentati interventi direttamente in file di registro e con vostro file di ripristino cartelle e cestino on desktop, varie ed eventuali ( http://www.kellys-korner-xp.com/xp_qr.htm#rb ). Tolta icona poi ripristinata anche passando da modalità windows mod. temporanea. Impossibile ritrovare config sistema precedente valida.nulla da fare
Disco non partizionato, unico utilizzatore. In win mod temporanea presente utente "amministratore" che non esiste in avvio normale. Il cestino dell'amministratore funziona.

Qualche idea??

PS: all'avvio di win appare finestra per gestione Script host. Come toglierla? perché appare?

Grazie in anticipo per vostro aiuto

[Amantide]

Forse il pc non è stato ripulito del tutto.

Scarica il ComboFix da qui ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto.

[sandropasqua]

Ciao Amantide, già mi avevi aiutato un'altra volta. Riproviamoci allora.

Di passaggio ho fatto scan con vundofix. Niente.

Questo é il risultato di Combo
Grazie fin d'ora.
Ciao
Sandro
_______________________________

ComboFix 08-10-31.02 - daniela prost 2008-11-01 14:40:33.1 - NTFSx86
Lancé depuis: C:\Documents and Settings\daniela prost\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\daniela prost\err.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
.

2008-11-01 14:37 . 2008-11-01 14:37 <REP> d-------- C:\VundoFix Backups
2008-11-01 11:42 . 2008-11-01 11:51 <REP> d-------- C:\Documents and Settings\daniela prost\Application Data\Vso
2008-11-01 02:23 . 2004-12-15 05:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-11-01 02:23 . 2004-12-15 05:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-11-01 02:23 . 2004-12-15 05:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-11-01 02:23 . 2004-12-14 20:50 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-11-01 02:23 . 2004-12-15 05:37 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-11-01 02:23 . 2004-12-14 20:50 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-11-01 02:23 . 2004-12-15 05:37 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-11-01 02:23 . 2004-12-14 21:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-11-01 02:23 . 2004-12-14 21:11 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-11-01 02:23 . 2004-12-14 21:20 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-11-01 02:23 . 2008-11-01 02:23 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-31 11:45 . 2008-10-31 11:45 <REP> d-------- C:\Program Files\VSO
2008-10-31 11:42 . 2008-10-31 11:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-31 09:44 . 2008-10-31 09:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-31 09:27 . 2008-10-31 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-31 08:23 . 2008-10-31 08:23 0 --a------ C:\WINDOWS\syscheck.INI
2008-10-31 02:15 . 2008-10-31 02:15 <REP> d-------- C:\Documents and Settings\daniela prost\Application Data\Auslogics
2008-10-31 01:57 . 2008-10-31 01:59 <REP> d-------- C:\Program Files\Auslogics
2008-10-30 23:30 . 2008-10-30 23:30 <REP> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-10-30 23:30 . 2008-10-30 23:30 <REP> d-------- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-10-30 19:19 . 2008-10-31 09:44 <REP> d-------- C:\Program Files\Lavasoft
2008-10-30 19:17 . 2008-10-30 23:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-30 19:17 . 2008-10-30 23:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-25 13:14 . 2008-10-25 13:14 <REP> d-------- C:\WINDOWS\system32\fr
2008-10-25 13:14 . 2008-10-25 13:14 <REP> d-------- C:\WINDOWS\system32\bits
2008-10-25 13:14 . 2008-10-25 13:14 <REP> d-------- C:\WINDOWS\l2schemas
2008-10-25 13:06 . 2008-10-25 13:15 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-10-25 12:50 . 2008-10-25 12:50 <REP> d-------- C:\WINDOWS\EHome
2008-10-24 10:03 . 2008-10-15 17:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 11:03 . 2004-08-03 21:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-10-23 11:03 . 2004-08-03 21:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-10-23 11:03 . 2004-08-03 21:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-10-23 11:03 . 2004-08-03 21:29 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2008-10-23 11:03 . 2004-08-03 21:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-10-23 11:03 . 2004-08-03 21:41 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2008-10-23 11:02 . 2004-07-17 21:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-10-15 18:56 . 2008-09-08 11:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 17:36 . 2008-09-15 16:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 17:34 . 2008-08-14 14:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 17:34 . 2008-08-14 14:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 17:34 . 2008-08-14 14:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 17:34 . 2008-08-14 14:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 11:13 --------- d-----w C:\Program Files\Wanadoo
2008-11-01 10:25 --------- d-----w C:\Program Files\3M
2008-11-01 09:23 --------- d-----w C:\Documents and Settings\daniela prost\Application Data\Skype
2008-10-31 07:22 --------- d-----w C:\Program Files\PCFriendly
2008-10-31 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-10-31 00:16 --------- d-----w C:\Program Files\Yahoo!
2008-10-31 00:07 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2008-10-30 23:33 --------- d-----w C:\Documents and Settings\daniela prost\Application Data\Apple Computer
2008-10-27 18:25 --------- d-----w C:\Program Files\MSN Messenger
2008-10-16 14:04 --------- d-----w C:\Program Files\Mindscape
2008-10-16 14:03 --------- d-----w C:\Program Files\The Treasures Of Montezuma
2008-09-25 14:37 --------- d-----w C:\Documents and Settings\daniela prost\Application Data\Nokia
2008-09-25 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-09-25 14:18 --------- d-----w C:\Program Files\Nokia
2008-09-25 14:18 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-09-25 14:18 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-09-25 14:13 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-03-11 17:34 57,344 ----a-w C:\Documents and Settings\daniela prost\lametritonus.dll
2008-03-11 17:34 162,304 ----a-w C:\Documents and Settings\daniela prost\lame_enc.dll
2006-11-08 17:47 896 -c--a-w C:\Documents and Settings\daniela prost\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"Nouvelle valeur #1"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6V_Check
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-07-19 15:38 78008 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a--c--- 2004-10-13 17:34 229438 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-03-29 07:13 258048 C:\Program Files\Creative\Shared Files\CamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-09-17 16:19 290816 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-06-17 21:43 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-06-17 21:48 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-07-10 08:18 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-12-15 03:23 75520 C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2004-10-05 17:24 688218 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a--c--- 2004-10-05 17:25 98394 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-06 21:15 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
--a--c--- 2005-09-14 20:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 13:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 15:55 32768 C:\PROGRA~1\Wanadoo\GestMAJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PD0620 STISvc]
-ra------ 2005-05-10 18:03 36864 C:\WINDOWS\system32\P0620Pin.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 PRISM;Gemtek Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys [2002-11-26 614488]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-08-13 379456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f9e9ece-7a5d-11db-9009-00904b232072}]
\Shell\AutoRun\command - E:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5766579c-3258-11dd-946a-00904b232072}]
\Shell\AutoRun\command - E:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc86cf8-0f05-11dd-9423-00904b232072}]
\Shell\AutoRun\command - E:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9571b6bf-e435-11db-9154-00904ba2def9}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f2da0c-a6a3-11dd-9567-00904b232072}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-11-01 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-09-15 C:\WINDOWS\Tasks\Nettoyage de disque.job
- C:\WINDOWS\system32\cleanmgr.exe [2008-04-14 03:33]

2008-11-01 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-TkBellExe - :C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-QuickTime Task - :C:\Program Files\QuickTime\QTTask.exe
HKLM-Run-iTunesHelper - :C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-WLanCfg - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\daniela prost\Application Data\Mozilla\Firefox\Profiles\f4okgbbl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://ww.orange.fr
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 14:49:24
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-01 15:02:16
ComboFix-quarantined-files.txt 2008-11-01 14:02:00

Avant-CF: 6,562,783,232 octets libres
Après-CF: 6,608,371,712 octets libres

234 --- E O F --- 2008-10-30 11:21:10

[sandropasqua]

NUOVI SINTOMI
Altro PC, stessa casa. Stesse icone sparite su desktop e ripristino con file di registro di MegaLab; il cestino c'é e funziona.
Pulizia registro con Spybot, Easy Cleaner, Regcleaner, JV 16. Eliminazione file inutili e pulizie generali anche con Revo Uninstaller. (trovate tonnellate di roba). E ora il cestino non va più, cuccuruccuccù. Tutto é stato installato da mia usb e con programmi stand alone quando possibile. Chi trova l'errore???? Ho delle impostazioni sbagliate nei programmi di pulizia registro (li uso senza probl apparenti sul mio pc)? Sono portatore sano di virus?

Comincio a sentirmi colpevole di cattiva manutenzione.

[sandropasqua]

PS. Se faccio un Undo mi ritrovo di nuovo con tutti gli errori di registro precedenti e si disinstalla tutto quello che avevo rimesso

[Bug2.0]

Ciao Sandro!!!
Prova ad usare UnLoker!!!
Ciao.

[Amantide]

Scusa, ma non mi era arrivata la notifica dei nuovi messaggi

Allora, il problema si cela in questa chiave di registro, dovresti aprire il regedit , esportare la configurazione attuale tramite File>> Esporta e poi rimuovere questi valori indicati in rosso:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoHardwareTab"= 1 (0x1)
"NoRecycleFiles"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"Nouvelle valeur #1"= 0 (0x0)

La prossima volta posta i vari report tramite il tag LOG.

[Bug2.0]

Ciao Amantide,
sono d' accordo con te su ciò che si deve fare.
Per gli utenti meno esperti di Sandro, consiglio UnLoker!!!
Ciao!!!

[Fred]

usare unlocker per eliminare chiavi di registro?! e poi che file dovrebbe eliminare con unlocker?

[Bug2.0]

No, forse mi sono spiegato male.
UnLoker, serve per sbloccare file/programmi/opzioni/etc...
Che si sono bloccate.
Ciao!!!

[Fred]

Io su internet non trovo questo unloker ma trovo unlocker che serve ad eliminare file e cartelle che non si rimuovono con il metodo "classico".

[sandropasqua]

Amantide, una piccola precisazione per favore. Quando dici Rimuovere intendi:Eliminare, sopprimere, cancellare?

Ciao

[Amantide]

Soffermiamoci sul primo: Elimina
Fai attenzione però ad eliminare solo i valori indicati in rosso e non tutta la chiave, e ricordati di effettuare il backup di registro prima di procedere.

[sandropasqua]

Amantide, che dire.............FUNZIONA!
Grazie mille, sei stata grande . un'altra missione riuscita. Inutile dire che ci avevo perso due giorni !!
Ora ti invito al post: OK PANICO. Che li c'é di che divertirsi.

Due ultime domande sull'incidente . Cosa puo' averlo causato ?
Come cavolo fai a sapere quali sono le chiavi di registro buone e quelle no ? Esiste una lista? un sistema di controllo? hai un puffo nel pc che lavora per te? Hai una tigre nel motore? c'é un programma che verifica la situazia rispetto a una configurazione standard? Mangi Ovomaltina?


Ciao
Sandro

[Amantide]

Due ultime domande sull'incidente . Cosa puo' averlo causato ?

Sicuramente è stato qualche trojan o worm, è una delle cosine che sono soliti a fare, ed è proprio per questo che ti avevo chiesto di postare il log di Combofix. Oltre alle funzioni di cestino bloccate avevi anche altre opzioni bloccate in giro per il PC.

Come cavolo fai a sapere quali sono le chiavi di registro buone e quelle no ?

Intuizione? Un po' di conoscenza del registro di sistema e di windows in generale? Aggiungiamo anche una minima comprensione dell'inglese?

Esiste una lista? un sistema di controllo?

Una lista ci sarebbe, però prima di consultarla si dovrebbe sapere di già cosa cercare.
http://technet.microsoft.com/en-us/libr ... 84980.aspx