Il rapporto e' okil pc come va?
Per sicurezza, esegui anche una scansione:
vai su Kaspersky_virusscanner
clicca su "kaspersky online scanner"
clicca su "accept"
--- verrà eseguito il download dei componenti necessari alla scansione
quando è terminato clicca su "next"
clicca su "scan settings"
spunta "extended" e dal l'ok
clicca su "my computer"
clicca su "scan settings"
salva e posta il rapporto di scansione (se non e' eccessivamente lungo puoi postarlo anche sul forum)
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
ok farò una verifica sul sito e posterò i risultati.... comunque il pc ora va molto meglio....non rallenta più...il desktop non scompare piu....quindi spero proprio che alla fine ce l' ho fatta ad eliminarlo....o meglio ce l'hai fatta....grazie infinitamente...
vado a scansionare ora......
grazie a tutti per gli aiuti!!
sono contenta..
ok, aspetto la scansione
dimenticavo: se non ti serve restare connessa ad internet, puoi disconnettere il pc dopo aver selezionato "my computer"
Ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
ed ecco di seguito il rapporto eseguito con la scansione di kasperski:
penso tutto regolare giusto??? ti prego dammi buone notizie......
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 20, 2008 12:26:02
Records in database: 879779
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 187662
Threat name: 6
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 04:08:30
File name / Threat name / Threats count
C:\Documents and Settings\gino\Dati applicazioni\Sun\Java\Deployment\cache\6.0\44\232f 2a6c-6f967e82 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\gino\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0 \jar\jvmimpro.jar-51fad18-27bad2f5.zip Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\gino\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\gino\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\gino\Desktop\ste\program\astlog\astlog.ex e Infected: not-a-virus:PSWTool.Win32.Asterisk.a 1
C:\Documents and Settings\gino\Desktop\tutto\MIRC X STEFANO-01\mIRC6.21-Italiano-FRANCO\mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
C:\Documents and Settings\gino\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\1tqr0ax7.def ault\Cache\0C5F4A29d01 Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Programmi\MessengerSkinner\MessengerSkinner.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.ec 1
C:\Programmi\MessengerSkinner\MessengerSkinnerDll. dll Infected: not-a-virus:AdWare.Win32.NaviPromo.ec 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080617-152843-676.dll Infected: Trojan.Win32.Monder.si 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080617-153407-448.dll Infected: Trojan.Win32.Monder.si 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-121032-562.dll Infected: Trojan.Win32.Monder.si 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-121046-571.dll Infected: Trojan.Win32.Monder.si 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-142637-809.dll Infected: Trojan.Win32.Monder.si 1
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080619-105235-782.dll Infected: Trojan.Win32.Monder.si 1
C:\WINDOWS\Wincra\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 1
The selected area was scanned.
grazie a tutti per gli aiuti!!
..ancora infezioni. Scarica navilog1.exe_il mafioso sul desktop e installalo.
1) svuota la cache di java (istruzioni)
2) elimina C:\Programmi\MessengerSkinner e svuota il cestino
3) Esegui navilog1 in modalità normale, ti guiderà lui. Scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione che devi postare).
Ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Ho fatto tutto quello che mi Hai detto ed ecco di seguito la scansione fatta con navilog:
Search Navipromo version 3.5.8 began on 20/06/2008 at 21.17.46,62
!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "gino"
Updated on 06.06.2008 at 18h00 by IL-MAFIOSO
Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS
Search done in normal mode
*** Search folders in "C:\WINDOWS" ***
*** Search folders in "C:\Programmi" ***
*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***
*** Search folders in "c:\docume~1\alluse~1\menuav~1\progra~1" ***
*** Search folders in "C:\Documents and Settings\gino\datiap~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\utente\datiap~1" ***
*** Search folders in "C:\Documents and Settings\gino\impost~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\utente\impost~1\datiap~1" ***
*** Search folders in "C:\Documents and Settings\gino\menuav~1\progra~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***
*** Search folders in "C:\DOCUME~1\utente\menuav~1\progra~1" ***
*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net
No file found
*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!
* Scan in "C:\WINDOWS\system32" *
* Scan in "C:\Documents and Settings\gino\impost~1\datiap~1" *
* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *
* Scan in "C:\DOCUME~1\utente\impost~1\datiap~1" *
*** Search files ***
C:\WINDOWS\system32\nvs2.inf found !
*** Search specific Registry keys ***
HKEY_CURRENT_USER\Software\Lanconfig found !
*** Complementary Search ***
(Search specific files)
1)Search new Instant Access files :
2)Heuristic Search :
* In "C:\WINDOWS\system32" :
* In "C:\Documents and Settings\gino\impost~1\datiap~1" :
fgneggxe.dat found !
fgneggxe_nav.dat found !
fgneggxe_navps.dat found !
lpntcmdad.dat found !
lpntcmdad_nav.dat found !
lpntcmdad_navps.dat found !
wgrrjhxfz.dat found !
wgrrjhxfz_nav.dat found !
wgrrjhxfz_navps.dat found !
* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :
* In "C:\DOCUME~1\utente\impost~1\datiap~1" :
3)Certificates Search :
Egroup certificate not found !
Electronic-Group certificate found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !
4)Search known files :
*** Search completed on 20/06/2008 at 21.27.50,15 ***
grazie a tutti per gli aiuti!!
ok
Riavvia il computer in modalità provvisoria (è necessario): all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Lancia nuovamente Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files trovati)
Collegati ad internet e posta il rapporto
Da modalità normale, riesegui Navilog con l'opzione 1 e posta anche questo rapporto
Nel frattempo che li controllo:
1) svuota C:\WINDOWS\Prefetch
2) elimina:
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080617-152843-676.dll
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080617-153407-448.dll
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-121032-562.dll
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-121046-571.dll
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080618-142637-809.dll
C:\Programmi\Trend Micro\HijackThis\backups\backup-20080619-105235-782.dll
Ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
ecco intanto di seguito il rapporto eseguito con navilog (quello fatto in modalità provvisoria)
Adesso faccio l'altro.......
Navipromo Removal version 3.5.8 started on 20/06/2008 at 21.56.35,68
Fix running from C:\Programmi\navilog1
Actual User Account : "gino"
Updated on 06.06.2008 at 18h00 by IL-MAFIOSO
Microsoft Windows XP [Versione 5.1.2600]
Internet Explorer : 7.0.5730.13
Filesystem type : NTFS
Automatic removal
with Catchme and GNS results
Cleanning stage done in safe mode
*** fsbl1.txt not found ***
(Check that Catchme found nothing in Search Mode)
*** Deleting with Backups GenericNaviSearch results ***
* Deletion in "C:\WINDOWS\System32" *
* Deletion in "C:\Documents and Settings\gino\impost~1\datiap~1" *
* Deletion in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *
* Deletion in "C:\DOCUME~1\utente\impost~1\datiap~1" *
*** Deleting folders in "C:\WINDOWS" ***
*** Deleting folders in "C:\Programmi" ***
*** Deleting folders in "c:\docume~1\alluse~1\datiap~1" ***
*** Deleting folders in "c:\docume~1\alluse~1\menuav~1\progra~1" ***
*** Deleting folders in "C:\Documents and Settings\gino\datiap~1" ***
*** Deleting folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***
*** Deleting folders in "C:\DOCUME~1\utente\datiap~1" ***
*** Deleting folders in "C:\Documents and Settings\gino\impost~1\datiap~1" ***
*** Deleting folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***
*** Deleting folders in "C:\DOCUME~1\utente\impost~1\datiap~1" ***
*** Deleting folders in "C:\Documents and Settings\gino\menuav~1\progra~1" ***
*** Deleting folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***
*** Deleting folders in "C:\DOCUME~1\utente\menuav~1\progra~1" ***
*** Deleting files ***
C:\WINDOWS\system32\nvs2.inf deleted !
*** Deleting temporary files ***
Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\gino\impost~1\Temp done !
*** Complementary Search ***
(Search specific files)
1)Deletion with backups new Instant Access files:
2)Heuristic search and deletion with backups :
* In "C:\WINDOWS\system32" *
* In "C:\Documents and Settings\gino\impost~1\datiap~1" *
fgneggxe.dat found !
Copy fgneggxe.dat done !
fgneggxe.dat deleted !
lpntcmdad.dat found !
Copy lpntcmdad.dat done !
lpntcmdad.dat deleted !
wgrrjhxfz.dat found !
Copy wgrrjhxfz.dat done !
wgrrjhxfz.dat deleted !
fgneggxe_nav.dat found !
Copy fgneggxe_nav.dat done !
fgneggxe_nav.dat deleted !
lpntcmdad_nav.dat found !
Copy lpntcmdad_nav.dat done !
lpntcmdad_nav.dat deleted !
wgrrjhxfz_nav.dat found !
Copy wgrrjhxfz_nav.dat done !
wgrrjhxfz_nav.dat deleted !
fgneggxe_navps.dat found !
Copy fgneggxe_navps.dat done !
fgneggxe_navps.dat deleted !
lpntcmdad_navps.dat found !
Copy lpntcmdad_navps.dat done !
lpntcmdad_navps.dat deleted !
wgrrjhxfz_navps.dat found !
Copy wgrrjhxfz_navps.dat done !
wgrrjhxfz_navps.dat deleted !
* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *
* In "C:\DOCUME~1\utente\impost~1\datiap~1" *
*** Copy Registry to Safebackup folder ***
Backing up Registry done !
*** Cleaning Registry ***
Registry cleaned
*** Certificates ***
Egroup Certificate not found !
Electronic-Group Certificate deleted !
OOO-Favorit Certificate deleted !
Sunny-Day-Design-Ltd Certificate not found !
*** Cleaning stage complete on 20/06/2008 at 21.58.18,75 ***
grazie a tutti per gli aiuti!!
Ed ecco il nuovo rapporto di navilog (l'opzione 1).....
Adesso pero Esco RitornO domani....comunque grazie infinite per l'immenso aiuto ke mi stai dando in qst giorni......
Search Navipromo version 3.5.8 began on 20/06/2008 at 22.11.54,73
!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "gino"
Updated on 06.06.2008 at 18h00 by IL-MAFIOSO
Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS
Search done in normal mode
*** Search folders in "C:\WINDOWS" ***
*** Search folders in "C:\Programmi" ***
*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***
*** Search folders in "c:\docume~1\alluse~1\menuav~1\progra~1" ***
*** Search folders in "C:\Documents and Settings\gino\datiap~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\utente\datiap~1" ***
*** Search folders in "C:\Documents and Settings\gino\impost~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***
*** Search folders in "C:\DOCUME~1\utente\impost~1\datiap~1" ***
*** Search folders in "C:\Documents and Settings\gino\menuav~1\progra~1" ***
*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***
*** Search folders in "C:\DOCUME~1\utente\menuav~1\progra~1" ***
*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net
No file found
*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!
* Scan in "C:\WINDOWS\system32" *
* Scan in "C:\Documents and Settings\gino\impost~1\datiap~1" *
* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *
* Scan in "C:\DOCUME~1\utente\impost~1\datiap~1" *
*** Search files ***
*** Search specific Registry keys ***
*** Complementary Search ***
(Search specific files)
1)Search new Instant Access files :
2)Heuristic Search :
* In "C:\WINDOWS\system32" :
* In "C:\Documents and Settings\gino\impost~1\datiap~1" :
* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :
* In "C:\DOCUME~1\utente\impost~1\datiap~1" :
3)Certificates Search :
Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !
4)Search known files :
*** Search completed on 20/06/2008 at 22.21.28,26 ***
grazie a tutti per gli aiuti!!
è pulito... c'era un altro ospite che dai rapporti precedenti non era uscito.
Domani accertati di aver fatto tutto quello che ti ho indicato (svuotare C:\WINDOWS\Prefetch e la cache di java; eliminare messengerskin e i backups di hijackthis..)
edit: esegui hijackthis e fixa:
e, se non ti serve, disinstalla:O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [TrojanScanner] C:\Documents and Settings\gino\Desktop\Trojan Remover\Trjscan.exe
MessengerDiscovery
...e poi ti avevo scritto:
Questa connessione è tua?
gsa_00967_Connection => PhoneNumber=89919XXXX
e controlla le altre...
scarica, installa e aggiorna malwarebytes, esegui una scansione completa (deve essere spuntato) e posta il rapporto.
posta anche un nuovo systemscan
Se non è da disinstallare/reinstallare Java, allora forse abbiamo finito.. domani vediamo.
Ciao
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Permessi di invio
Rispondi quotando