Condividi:        

Drive Cleaner 2006

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Drive Cleaner 2006

Postdi maxdant70 » 21/04/08 06:04

Ciao a tutti
Facendo lo scan con Spybot S&D 1.5 mi rileva questo spyware:
DriveCleaner 2006: [SBI $7E4FBD6E] ID di classe (Chiave di registro, nothing done) HKEY_CLASSES_ROOT\CLSID\InprocServer32
Chiaramente correggendo l'errore alla scansione successiva si rigenera immediatamente.
Anche in Mod. Provvisoria stessa cosa.
Allego il log di Hijack che mi sembra pulito:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.03.16, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\WinPatrol\winpatrol.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Notepad 2\notepad2.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6080 bytes

Mi piacerebbe, con il Vs. aiuto, risolvere il problema.
Grazie
maxdant70
Newbie
 
Post: 7
Iscritto il: 07/01/07 11:05

Sponsor
 

Re: Drive Cleaner 2006

Postdi Luke57 » 21/04/08 07:25

Ciao, questo è un tool apposito, scarica SmitFraudfix e decomprimilo in una cartella a tua scelta estraendo tutti i file:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Riavvia in modalità provvisoria (premi il tasto f8 ripetutamente all'avvio del computer, prima che si carichi windows, nella schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e confermando con invio)

Apri la cartella che contiene SmitfraudFix avvia smitfraudfix.cmd
Seleziona opzione #2 - Clean cliccando sul 2 e premi Invio.
Riceverai questo messaggio: Registry cleaning - Do you want to clean the registry ?
Rispondi Sì cliccando Y e premi invio.
Rispondi Sì (Y) ad eventuali altre domande

eseguita tutta la scansione dopo il riavvio del pc posta sul forum il rapporto del programma .
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Drive Cleaner 2006

Postdi maxdant70 » 21/04/08 20:19

Ciao, grazie intanto per la risposta più che veloce.
Ha eseguito la procedura come mi hai descritto e il rapporto che mi ha generato è:

SmitFraudFix v2.315

Scan done at 20.14.53,53, 21/04/2008
Run from C:\Programmi\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Poi vi è una serie costituita da 8000 righe di local hosts come ad esempio:
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
127.0.0.1 localhost
127.0.0.1 http://www.007guard.com
e via..
che scusa l'ignoranza ma vorrei capire cosa sono..


la parte finale del report è questa:
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAC30CB8-3369-46BD-ACFC-F4F0A83BC47B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAC30CB8-3369-46BD-ACFC-F4F0A83BC47B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BAC30CB8-3369-46BD-ACFC-F4F0A83BC47B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End


Finita la procedura ho rifatto lo scan in Mod. Provvissoria con SpyBot ma rileva lo stestesso il problema, l'ho corretto ho riavviato in Mod Normale ho rifatto lo scan ma rileva ancora lo spy..

Precedentemente a tutto cio avevo fatto lo scan on-line di Kapersky che segue:

Monday, April 21, 2008 7:55:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/04/2008
Kaspersky Anti-Virus database records: 718029
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 41252
Number of viruses found 5
Number of infected objects 7
Number of suspicious objects 0
Duration of the scan process 01:23:33

Infected Object Name Virus Name Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Max\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\cert8.db Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\history.dat Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\key3.db Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\parent.lock Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Max\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Cronologia\History.IE5\MSHist012008042120080422\index.dat Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\spsg97mg.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Max\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Max\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Max\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080421-050022.log Object is locked skipped
C:\Programmi\DAEMON Tools Pro\dtprohlp.dll Infected: not-a-virus:AdTool.Win32.WhenU.u skipped
C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped
C:\Programmi\ESET\infected\PJFJEUCA.NQF Infected: Trojan-Downloader.Win32.Bagle.nb skipped
C:\Programmi\ESET\logs\virlog.dat Object is locked skipped
C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
C:\Programmi\Sygate\SPF\debug.log Object is locked skipped
C:\Programmi\Sygate\SPF\rawlog.log Object is locked skipped
C:\Programmi\Sygate\SPF\seclog.log Object is locked skipped
C:\Programmi\Sygate\SPF\syslog.log Object is locked skipped
C:\Programmi\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP23\A0001330.dll Infected: not-a-virus:AdTool.Win32.WhenU.u skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP23\A0001351.exe Infected: not-a-virus:AdTool.Win32.WhenU.j skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP23\A0001353.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP23\A0001374.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP23\A0001377.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{5A59B3FF-46ED-4FB2-97BE-1AF3354D6918}\RP28\change.log Object is locked skipped
C:\VEXPLITE\Max\reg.dat Object is locked skipped
C:\VEXPLITE\reg_ecc.dat Object is locked skipped
C:\VEXPLITE\VIRITMON.LOG Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SF20924E9.tmp Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Paramete.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.


Ti ringranzio ed attendo impazientemente....
maxdant70
Newbie
 
Post: 7
Iscritto il: 07/01/07 11:05

Re: Drive Cleaner 2006

Postdi Luke57 » 22/04/08 08:17

Ciao, nel report ci sono infezioni solamente nella cartella del ripristino configurazioni di sistema e nella quarantena del nod32. Smitfraud non ha trovato niente, per cui penso che dovrai eliminare manualmente quel valore [SBI $7E4FBD6E] della chiave HKEY_CLASSES_ROOT\CLSID\InprocServer32.
Apri regedit (start>esegui>regedit (lo scrivi nello spazio)>OK)
Aperto l'editor del registro clicchi sul segno + accanto alla chiave HKEY_CLASSES_ROOT,vai su Modifica>Trova, nello spazio della nuova finestrella incolli [SBI $7E4FBD6E] poi click su Trova successivo. Una volta trovato il valore, click tasto dx su di esso e scegli elimina. Chiudi il registro.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Drive Cleaner 2006

Postdi maxdant70 » 22/04/08 21:51

Ciao, ho seguito le tue indicazioni, ma posizionandomi su HKEY_CLASSES_ROOT e
impostando la ricerca su [SBI $7E4FBD6E] non trova niente..
E' possibile o sbaglio qualcosa?
grazie
maxdant70
Newbie
 
Post: 7
Iscritto il: 07/01/07 11:05


Torna a Sicurezza e Privacy


Topic correlati a "Drive Cleaner 2006":


Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

cron