www.MegaLab.it

[matrix 68]

SAPETE DIRMI COSA NON VA NEL MIO COMPUTER ??
QUESTA E' LA SCANSIONE CON HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.38.40, on 20/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cusleccehockey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.2mug.com
O15 - Trusted Zone: http://www.928476362.com
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.brut4l3.com
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.nodialup.name
O15 - Trusted Zone: *.nodialup.name
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgnappo.com
O15 - Trusted Zone: http://www.whatsnew.name
O15 - Trusted Zone: *.whatsnew.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4DD528-3F9B-40B7-BC96-708D9AB594E5}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A4DD528-3F9B-40B7-BC96-708D9AB594E5}: NameServer = 85.37.17.58 85.38.28.94
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe

--
End of file - 5160 bytes

[riise90]

Intanto elimina questi:
O15 - Trusted Zone: http://www.2mug.com
O15 - Trusted Zone: http://www.928476362.com
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.brut4l3.com
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.nodialup.name
O15 - Trusted Zone: *.nodialup.name
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgnappo.com
O15 - Trusted Zone: http://www.whatsnew.name
O15 - Trusted Zone: *.whatsnew.name

[riise90]

Inoltre fa una scansione con Combofix, seguendo questa guida, e poi posta il log che verrà salvato in C:\combofix.txt

[stevens]

Ripristina la Trusted Zone: scarica

http://wikisend.com/download/200844/DelDomains.inf

e salvalo sul desktop => clic con tasto destro del mouse e scegli "Installa".

[matrix 68]

di riise90 » mar apr 21, 2009 8:56 pm

Inoltre fa una scansione con Combofix, seguendo questa guida, e poi posta il log che verrà salvato in C:\combofix.txt

ComboFix 09-04-23.A3 - Fernando 23/04/2009 18.09.24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.191.44 [GMT 2:00]
Eseguito da: C:\ComboFix.exe
AV: avast! antivirus 4.7.942 [VPS 000521-2] *On-access scanning disabled* (Outdated)

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fernando\Dati applicazioni\semanatiba
c:\documents and settings\Fernando\Dati applicazioni\semanatiba\disinstalla.htm
c:\documents and settings\Fernando\Dati applicazioni\tack.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\kvejh.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_YODWTYHPI
-------\Service_yodwtyhpi


((((((((((((((((((((((((( Files Creati Da 2009-05-23 al 2009-4-23 )))))))))))))))))))))))))))))))))))
.

64192-196-31889 1776:31890:65535 . 64504-196-278 39852:278:64504 4096 ----a-w c:\windows\system32\01.tmp
2009-04-23 16:04 . 2009-04-23 15:59 2999148 ----a-r C:\ComboFix.exe
2009-04-20 00:09 . 2007-07-08 01:37 812344 ----a-w C:\HJTInstall.exe
1389-31890-66 00:51 . 64504-196-286 16008:286:64504 4096 ----a-w c:\windows\system32\02.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 00:09 . 2009-04-20 00:09 -------- d-----w c:\programmi\Trend Micro
2009-03-29 13:29 . 2001-08-31 10:00 47592 ----a-w c:\windows\system32\perfc010.dat
2009-03-29 13:29 . 2001-08-31 10:00 345010 ----a-w c:\windows\system32\perfh010.dat
2009-03-27 19:28 . 2007-03-25 14:09 -------- d-----w c:\documents and settings\Fernando\Dati applicazioni\AdobeUM
2009-03-01 03:49 . 2008-01-27 12:32 2496 ----a-w c:\windows\system32\d3d8caps.dat
2008-07-12 18:26 . 2008-07-12 16:15 1118 ----a-w c:\programmi\downloads.txt
2008-07-12 18:26 . 2008-07-12 16:15 1356 ----a-w c:\programmi\downloads.bak
2008-04-21 05:36 . 2008-04-21 05:38 31428096 ----a-w c:\programmi\Nokia PC Suite.msi
2008-04-21 05:36 . 2008-04-21 05:38 82432 ----a-w c:\programmi\1040.MST
2008-03-15 07:16 . 2008-03-15 07:16 17408 ----a-w c:\documents and settings\Fernando\wininit.sys
2007-08-04 15:56 . 2007-08-04 15:56 41364 ----a-w c:\programmi\changelog xtreme.txt
2007-08-04 14:28 . 2007-08-04 14:28 5971968 ----a-w c:\programmi\emule.exe
2007-08-04 11:44 . 2007-08-04 11:44 81920 ----a-w c:\programmi\antiLeech.dll
2007-03-06 17:10 . 2007-03-06 17:10 63192 ----a-w c:\documents and settings\Fernando\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-05-25 14:52 . 2006-05-25 14:52 162304 ----a-w c:\programmi\unrar.dll
2006-02-11 17:54 . 2006-02-11 17:54 2871296 ----a-w c:\programmi\MediaInfo.dll
2005-06-16 16:34 . 2005-06-16 16:34 14894 ----a-w c:\programmi\Template.eMuleSkin.ini
2004-01-09 15:25 . 2004-01-09 15:25 489984 ----a-w c:\programmi\dbghelp.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 108160]
"CnxDslTaskBar"="c:\programmi\FlyNet\CnxDslTb.exe" [2007-06-11 462848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5089:TCP"= 5089:TCP:athct

R3 agony;agony; [x]
R3 NtApm;Driver interfaccia NT Apm/Legacy;c:\windows\system32\DRIVERS\NtApm.sys [2001-08-30 9472]
R3 pfyjc;pfyjc;c:\windows\system32\02.tmp [64504-196-281 8172:281:64504 4096]
S3 CnxEtP;FlyNet ADSL USB MODEM WAN Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [2007-06-11 60288]
S3 CnxEtU;ADSL USB MODEM Loader;c:\windows\system32\DRIVERS\CnxEtU.sys [2007-06-11 646400]
S3 CnxTgN;FlyNet ADSL USB MODEM WAN Adapter Driver;c:\windows\system32\DRIVERS\CnxTgN.sys [2007-06-11 108771]


--- Altri Servizi/Drivers In Memoria ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - i8042prt
*Deregistered* - InCDfs
*Deregistered* - InCDsrv
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - MSIServer
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - Parport
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - serenum
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.cusleccehockey.com/
Trusted Zone: archiviosex.net\http://www
Trusted Zone: happyfile.net\http://www
Trusted Zone: otherchance.com\http://www
TCP: {1A4DD528-3F9B-40B7-BC96-708D9AB594E5} = 85.37.17.58 85.38.28.94
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 18:26
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pfyjc]
"ImagePath"="\??\c:\windows\system32\02.tmp"
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Nero\Nero 7\InCD\InCDsrv.exe
c:\programmi\Alwil Software\Avast4\aswUpdSv.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-04-23 18.34.16 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-04-23 16:34

Pre-Run: 6.389.932.032 byte disponibili
Post-Run: 6.905.774.080 byte disponibili

202 --- E O F --- 2007-11-11 15:27

[matrix 68]

NON HO RISOLTO IL PROBLEMA
HO RIFATTO LA SCANSIONE CON Trend Micro HijackThis v2.0.2
IL RISULTATO :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.23, on 23/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\FlyNet\CnxDslTb.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\FlyNet\CnxDslTb.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4DD528-3F9B-40B7-BC96-708D9AB594E5}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A4DD528-3F9B-40B7-BC96-708D9AB594E5}: NameServer = 85.37.17.58 85.38.28.94
O17 - HKLM\System\CS3\Services\Tcpip\..\{1A4DD528-3F9B-40B7-BC96-708D9AB594E5}: NameServer = 85.37.17.58 85.38.28.94
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe

--
End of file - 2842 bytes

NON RIESCO AD ELIMINARE I 015 COME POSSO FARE??

[stevens]

Scarica Avenger
http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe in rosso nella box bianco che si è aperta:

files to delete:
c:\windows\system32\01.tmp
c:\windows\system32\02.tmp
c:\documents and settings\Fernando\wininit.sys

Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.



Incolla il testo in rosso in blocco note ( punto e virgola compresa)salvalo sul desktop come fix.reg - cliccaci su e accetta le modifiche al registro

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\pfyjc]
;

[ste_95]

Fixa anche queste voci in HijackThis:

O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com

[matrix 68]

non riesco a fixare i 015 come posso fare ..ricompaiono sempre allo scan ..

[stevens]

hai ripristinato la Trusted Zone?

http://wikisend.com/download/200844/DelDomains.inf

tasto destro e scegli installa e fixa da provvisoria le 015 (lo avevo riportato all'inizio discussione)