Apertura automatica finestre IE / FF

[Roby_72]

Navigando, ogni tanto si aprono finestre di IE / FF a tutto schermo.
Ho passato Avast!, CCLeaner, AVG Anti-spyware e Ad-Aware e non hanno trovato granché.
Di seguito il log di HijackThis...

codice:

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\domino.exe
C:\WINDOWS\VMSnap1.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\documents and settings\roberto\impostazioni locali\dati applicazioni\owowfhg.exe
C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\Windows Desktop Search\WindowsSearch.exe
C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\LeechFTP\Leechftp.exe
C:\Programmi\MySQL\MySQL Tools for 5.0\MySQLQueryBrowser.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.repubblica.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Programmi\Google\Update\1.2.131.11\GoopdateBho.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Programmi\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programmi\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Programmi\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [domino] C:\WINDOWS\domino.exe
O4 - HKLM\..\Run: [VMSnap1] C:\WINDOWS\VMSnap1.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Roberto\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [owowfhg] "c:\documents and settings\roberto\impostazioni locali\dati applicazioni\owowfhg.exe" owowfhg
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Monitor Apache Servers.lnk = C:\Programmi\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O9 - Extra 'Tools' menuitem: &Impostazioni di Google Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programmi\Google\Google Gears\Internet Explorer\0.4.20.0\gears.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Programmi\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.coolstreaming.us/consolle.../KooPlayer.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1179864841578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/nv/inquiero...ivex118_28.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sederoma.novacomitalia.com
O17 - HKLM\Software\..\Telephony: DomainName = sederoma.novacomitalia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sederoma.novacomitalia.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Servizio di configurazione Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Programmi\Apache Group\Apache2\bin\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Atelier Web Remote Agent (AWREMOTEAGENT) - Unknown owner - C:\WINDOWS\awrexec.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c90e6b51d965d7) (gupdate1c90e6b51d965d7) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
--End of file - 12762 bytes

Grazie, Roby

[Deifobe]

ciao,

scarica navilog1.exe_il mafioso sul desktop e installalo.
Eseguilo, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione che dovrai postare).

[Roby_72]

Ah avevo fatto anche questo stamattina, me l'ero dimenticato nell'elenco...
Ora rifaccio...

Roby

[Deifobe]

nell'elenco?
navipromo è ancora li'... forse l'hai eseguito solo in modalità normale?

[Roby_72]

Originariamente inviato da Deifobe
nell'elenco?
navipromo è ancora li'... forse l'hai eseguito solo in modalità normale?

Volevo dire nell'elenco dei software usati per pulire elencati prima...
Ero arrivato fino al report di navilog...
Ora lo rigenero.

Roby

[Roby_72]

Eccolo:

codice:

Search Navipromo version 3.6.5 began on 24/09/2008 at 17.41.23,66

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "Roberto" 

Updated on 22.08.2008 at 17h30 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 6.0.2900.5512
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***

Favorit
WebMediaPlayer

*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***

...\WebMediaPlayer found !

*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***

...\WebMediaPlayer found !

*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Roberto\datiap~1" *** 


*** Search folders in "C:\Documents and Settings\Roberto\impost~1\datiap~1" *** 


*** Search folders in "C:\Documents and Settings\Roberto\menuav~1\progra~1" *** 


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Roberto\impost~1\datiap~1" * 

Files found :

owowfhg.exe found ! 
owowfhg.dat found ! 
owowfhg_nav.dat found ! 
owowfhg_navps.dat found ! 



*** Search files *** 


c:\docume~1\alluse~1\desktop\WebMediaPlayer.lnk found ! 
C:\WINDOWS\prefetch\WEBMEDIAPLAYER.EXE-02FB90CD.pf found !

*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found ! 

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Roberto\impost~1\datiap~1" : 

owowfhg.dat found !
owowfhg.exe found !
owowfhg_nav.dat found !
owowfhg_navps.dat found !

3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 24/09/2008 at 17.49.37,45 ***

Roby

[Deifobe]

ok puoi rimuovere tutto.

Riavvia il computer in modalità provvisoria, esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

Svuota C:\WINDOWS\Prefetch


Riesegui navilog in modalità normale (opzione 1) e accertati che non escano altri file.Se non esce nulla, puoi disinstallare navilog1

Quando finisci avvertimi, controlliamo anche con systemscan

[Roby_72]

Fatto tutto, ecco il nuovo log:

codice:

Search Navipromo version 3.6.5 began on 24/09/2008 at 18.18.36,85

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "Roberto" 

Updated on 22.08.2008 at 17h30 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 6.0.2900.5512
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\Roberto\datiap~1" *** 


*** Search folders in "C:\Documents and Settings\Roberto\impost~1\datiap~1" *** 


*** Search folders in "C:\Documents and Settings\Roberto\menuav~1\progra~1" *** 


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\Roberto\impost~1\datiap~1" * 



*** Search files *** 



*** Search specific Registry keys ***


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\Roberto\impost~1\datiap~1" : 


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 24/09/2008 at 18.27.19,53 ***

Roby

[Deifobe]

ok

scarica SystemScan
disconnetti il pc da internet => disattiva l'antivirus => esegui systemscan => clicca su "Scan Now". Finita la scansione, riattiva l'antivirus

carica il rapporto che trovi sul desktop su Savefile e posta il link ottenuto.

nota (modificata x te): se lo rileva l'antivirus.... semplicemente fallo stare zitto...

[Roby_72]

Fatto... Al momento l'upload di file su SaveFile non funziona.
Appena posso riprovo e posto il risultato.
Intanto ti ringrazio.

Roby