www.MegaLab.it

da **rockdavide** » gio mar 05, 2009 2:17 pm

Potete controllare il log file di oggi? il pc ultimamente va lentissimo..

Logfile of HijackThis v1.99.1
Scan saved at 13.29.40, on 05/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMMI\A-SQUARED FREE\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Documents and Settings\Family\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\FarStone\RestoreIT!\RestoreIT!_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GroupManager] C:\WINDOWS\msiUpdate.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Programmi\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FILECO~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.avp.it/kos/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://www.new2.foto.com/ImageUploader5.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://valesword.spaces.live.com/PhotoU ... nPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://it.photobox.com/clients/uploader_v2.2.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C73AA5F-9AAD-4EAB-90E2-A5AE382A56D4}: NameServer = 85.37.17.10 85.38.28.86
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\PROGRAMMI\A-SQUARED FREE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

da **crazy.cat** » gio mar 05, 2009 2:25 pm

rockdavide ha scritto:O4 - HKLM\..\Run: [GroupManager] C:\WINDOWS\msiUpdate.exe

Carica questo file sul sito www.virustotal.com e fallo analizzare.
Se virus distruggilo e cancella la riga con hijackthis.

da **rockdavide** » gio mar 05, 2009 2:41 pm

non mi ha rilevato niente.

da **stevens** » gio mar 05, 2009 3:30 pm

ciao

eppure qui dice che sarebbe meglio eliminarlo

http://forum.swzone.it/showthread.php?t=112441

comunque non toccarlo per ora

hai provato a fare una scansione con http://www.malwarebytes.org/mbam/program/mbam-setup.exe

aggiornalo prima di farla(tabellino aggiornamento ) e fai la scansione completa

posta il log che ti rilascia

da **Amantide** » gio mar 05, 2009 4:52 pm

stevens ha scritto:ciao

eppure qui dice che sarebbe meglio eliminarlo

http://forum.swzone.it/showthread.php?t=112441

Fosse almeno Marco Giuliani, potevi anche metterlo come l'esempio valido [acc2]

da **stevens** » gio mar 05, 2009 5:08 pm

Ciao Amantide bellissima creatura ;) l'ho messo solo come riferimento

sm@@@@ck

da **rockdavide** » gio mar 05, 2009 5:10 pm

ecco il log..

Malwarebytes' Anti-Malware 1.34
Versione del database: 1820
Windows 5.1.2600 Service Pack 3

05/03/2009 17.13.10
mbam-log-2009-03-05 (17-13-04).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 230341
Tempo trascorso: 1 hour(s), 25 minute(s), 33 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 18
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 4
File infetti: 13

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\torrentmanager.webmanager (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\torrentmanager.webmanager.1 (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a7f9e9f8-7a20-4e56-9507-515a0922bad3} (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5a445f80-dab5-4cd9-8a05-cd09ac145aa2} (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{9998f676-23e3-4380-84f0-739c19cbd312} (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\AppID\TorrentManager.DLL (Trojan.Lop) -> No action taken.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GroupManager (Backdoor.Bot) -> No action taken.

Elementi dato del registro infetti:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (http://www.google.com/) -> No action taken.

Cartelle infette:
C:\Documents and Settings\Family\Dati applicazioni\m (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\shared (Trojan.Agent) -> No action taken.
C:\Programmi\Registry Defender Platinum (Rogue.RegistryDefender) -> No action taken.
C:\Programmi\Registry Defender Platinum\backup (Rogue.RegistryDefender) -> No action taken.

File infetti:
C:\RECYCLER\S-1-5-21-1202660629-1757981266-725345543-1004\Dc745.exe (Trojan.Vundo) -> No action taken.
C:\RECYCLER\S-1-5-21-1202660629-1757981266-725345543-1004\Dc779.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\wextract.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\ServicePackFiles\i386\wextract.exe (Trojan.Vundo) -> No action taken.
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Family\Desktop\SCACCHI\dotnetfx\dotnetfx.exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Family\Desktop\DAVIDE desktop\VISUAL BASIC\Visual Basic 2005\vbsetup.exe (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.
C:\Programmi\Registry Defender Platinum\report.csv (Rogue.RegistryDefender) -> No action taken.
C:\Programmi\Registry Defender Platinum\backup\17_08_2008.reg (Rogue.RegistryDefender) -> No action taken.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> No action taken.

ha trovato un bel po di cose..

da **stevens** » gio mar 05, 2009 5:28 pm

caspiterina e volevi tenertele nel pc??

Chiavi di registro infette: 18
Valori di registro infetti: 1
Elementi dato del registro infetti: 2
Cartelle infette: 4
File infetti: 13

da **Amantide** » gio mar 05, 2009 5:38 pm

Dopo aver salvato il report, hai rimosso le voci rilevate?

da **rockdavide** » gio mar 05, 2009 5:41 pm

cancello tutto?

da **Amantide** » gio mar 05, 2009 5:50 pm

rockdavide ha scritto:cancello tutto?

Metti tutto in quarantena.

da **rockdavide** » gio mar 05, 2009 6:10 pm

e basta?

da **crazy.cat** » gio mar 05, 2009 6:41 pm

rockdavide ha scritto:C:\Documents and Settings\Family\Dati applicazioni\m (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\shared (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\list.oct (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Family\Dati applicazioni\m\srvlist.oct (Trojan.Agent) -> No action taken.

Avevi preso un bagle?
Oppure è ancora mezzo attivo visto che ti ha trovato tutto gli oct.

da **rockdavide** » gio mar 05, 2009 6:43 pm

ovvero?

da **crazy.cat** » gio mar 05, 2009 6:53 pm

Ovvero questo virus http://www.MegaLab.it/3724/il-worm-bagl ... -rimozione
Quelle cartelle sono tipiche del virus bagle.
Ti funziona l'antivirus adesso?

da **rockdavide** » ven mar 06, 2009 1:56 pm

ho avast.. e si..mi parte..e anche il firewall(Zonealarm) funziona.. [uhm]

significa che è eliminato?
se no..come faccio ad eliminarlo?

da **ste_95** » ven mar 06, 2009 2:12 pm

rockdavide ha scritto:ho avast.. e si..mi parte..e anche il firewall(Zonealarm) funziona.. significa che è eliminato?

Si, ci sono solo dei rimasugli. Segui le istruzioni riportate nel link di crazy.cat. [^]

da **rockdavide** » ven mar 06, 2009 2:18 pm

pewr eliminarlo devo usare Findskill..
ma

Non usate Findykill su un computer non infetto da Bagle, potrebbe causare dei gravi problemi.

############################## [ FindyKill V4.718 ]
# Intel(R) Pentium(R) 4 CPU 3.20GHz
# Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 6.0.2900.5512
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090305-1] 4.8.1229 [ Enabled | Updated ]
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000

# A:\ # Disco floppy, 3,5 pollici
# C:\ # Disco rigido locale # 114,48 Go (66,54 Go free) # NTFS
# D:\ # Disco CD-ROM

############################## [ Active Processes ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAMMI\A-SQUARED FREE\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
c:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]

################## [ C:\WINDOWS ]

################## [ C:\WINDOWS\system32 ]

Found ! - C:\WINDOWS\system32\ban_list.txt

################## [ C:\WINDOWS\system32\drivers ]

################## [ C:\.. Application Data ... ]

################## [ Registry / Infected keys ]

Found ! - HKEY_USERS\S-1-5-21-1202660629-1757981266-725345543-1004\Software\MuleAppData
Found ! - HKEY_USERS\S-1-5-21-1202660629-1757981266-725345543-1004\Software\XYZ
Found ! - HKEY_CURRENT_USER\Software\XYZ

################## [ Searching in removable drives ]

# Presence of files :

################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ ! End of report # FindyKill V4.718 ! ]

comunque in passato avevo gia scaricato avenger per eliminare le chiavi di registro infettate..puo servire?

da **ste_95** » ven mar 06, 2009 2:57 pm

Scarica ComboFix ed esegui una scansione, le istruzioni le trovi in fondo a questo articolo.

da **rockdavide** » lun apr 13, 2009 9:08 am

mi tocca usare Windows ME perche XP è infestato dal bagle..avevamo trovato le tracce..non avevo fatto niente..pero ora il mio PC: lo accendo, mi kiede la pass di Windows(opzione non impostata da me) e non sapendola faccio ok..pero cosi facendo mi appare lo schermo di XP e subito dopo la finestra che mi dice "Disconnessione in corso"..si disconnette, e il pc mi rikiede la pass..
Non si riavvia in modalità provvisoria, e prima che riavviassi avevo notato che il firewall di windows era disabilitato..quindi deduco: il bagle è tornato!! non so piu che fare..avete idee? Non avevo avviato ComboFix perche mi sembra che mi avesse dato dei problemi, stavo per usare FindKill ma mi si era bloccato tutto..allora ho riavviato, e da li addio..

www.MegaLab.it

Controllo log file HiJack

Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Re: Controllo log file HiJack

Chi c’è in linea