Condividi:        

non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 12:03

non credo di averla tolta, o forse mi è sfuggita perchè non finiva mai quel log!!
il orogramma mi diceva che solitamente la scansione dura 10 min però nel caso di camputer infetti il tempo poteva aumentare, a me è durata 1 ora!!!

cmq...
procedo prima con malwarebytes o avenger?
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Sponsor
 

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 12:09

hai delle infezioni, facciamole togliere da malwarebytes- quele che non le riconosce le eliminiamo dopo con avenger

fai la scansione con malwarebytes aggiornato- la scansione COMPLETA mi raccomando
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 12:24

ho aggiornato malwarebytes però da modalità provvisoria non me lo lancia, compare una finestra d'errore...
Lo lancio normalmente? Dopo aver chiuso tt le applicazioni ed essermi disconnesso...
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 12:26

va bene eseguilo cosi'
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 14:44

Ecco qui......


Malwarebytes' Anti-Malware 1.44
Versione del database: 3559
Windows 6.0.6000
Internet Explorer 7.0.6000.16757

14/01/2010 13.58.12
mbam-log-2010-01-14 (13-58-08).txt

Tipo di scansione: Scansione completa (C:\|D:\|E:\|)
Elementi scansionati: 344386
Tempo trascorso: 1 hour(s), 27 minute(s), 47 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 2
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 2
File infetti: 69

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\Program Files\Angle Interactive\RD2010 (Rogue.RegDefender) -> No action taken.
C:\Program Files\Angle Interactive\RD2010\scan-bar-100 (Rogue.RegDefender) -> No action taken.

File infetti:
C:\Qoobox\Quarantine\C\9g86.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\l61yyp.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\mwfubaob.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\ngp8l.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\nqdymj.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\pbudsara.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\qbr2q.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\se12ydam.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\srgo.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\wfx062.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\wu1n.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\C\Users\Michele\AppData\Roaming\hidires\flec003.exe.vir (Email.Worm) -> No action taken.
C:\Qoobox\Quarantine\C\Users\Michele\AppData\Roaming\m\flec006.exe.vir (Worm.Bagle) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\mdelk.exe.vir (Worm.Bagle) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\wintems.exe.vir (Worm.Bagle) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\bcdsrv32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\bitsperf32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\bootstr32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\BttnCmn32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\chtbrkr32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\cmifw32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\cmipnpinstall32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\comcat32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\comsvcs32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\credui32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\d3dx9_2532.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\d3dxof32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dbnetlib32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dfshim32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dfsrperf32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dhcpcsvc632.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dhcpsoc32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\diagperf32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dimsroam32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dispci32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dmband32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dmime32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dmloader32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dpnlobby32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\dsquery32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\Faultrep32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\fdProxy32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\filemgmt32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\fontsub32.dll.vir (Trojan.Tracur) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\halmacpi32.dll.vir (Trojan.BHO) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\mdelk.exe.vir (Email.Worm) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\wintems.exe.vir (Email.Worm) -> No action taken.
C:\Qoobox\Quarantine\D\9g86.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\l61yyp.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\mwfubaob.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\ngp8l.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\nqdymj.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\pbudsara.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\qbr2q.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\se12ydam.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\srgo.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\wfx062.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Qoobox\Quarantine\D\wu1n.exe.vir (Spyware.OnlineGames) -> No action taken.
C:\Users\Michele\Desktop\patch.ECLiPSE.exe (Trojan.Tracur) -> No action taken.
C:\Users\Michele\Downloads\Setup_Registry_Defender.exe (Rogue.RegistryDefender) -> No action taken.
C:\Users\Michele\Downloads\Speed-Downloading_setup.exe (Adware.NaviPromo) -> No action taken.
C:\Users\Michele\Downloads\gameztar_installer.exe (Adware.DoubleD) -> No action taken.
C:\Users\Michele\Downloads\Live-Player_setup(2).exe (Adware.NaviPromo) -> No action taken.
C:\Users\Michele\Downloads\Live-Player_setup(3).exe (Adware.NaviPromo) -> No action taken.
C:\Users\Michele\Downloads\Live-Player_setup.exe (Adware.NaviPromo) -> No action taken.
C:\Windows\System32\189E.tmp (Trojan.Agent) -> No action taken.
C:\Windows\System32\7213.tmp (Trojan.Agent) -> No action taken.
C:\Windows\System32\A497.tmp (Trojan.Agent) -> No action taken.
C:\8xcrbho6.exe (Spyware.OnlineGames) -> No action taken.
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 14:45

aspetto tue indicazioni per eliminarli...
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 14:57

per caso hai scaricato Platinum Defender o qualcosa di simile? se e' cosi' uno dei motivi di questa catastrife e' questo rogue e anche Live-Player - ti consiglio di non usarli piu'

leggi qui

http://it.pcthreat.com/parasitebyid-7889it.html

si riavvia malwarebytes ed elimina tutto

da modalita' provvisoria lancia questo programma

http://www.tgsoft.it/italy/download.htm

aggiornalo prima di fare una scansione completa

posta il log. (lo trovi sull'icona in alto con raffigurato un block notes )
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 17:06

finalmente ha finito, ecco il lpg

ps live-player l'ho usato qualche volta mentre registry defender l'ho scaricato involontariamente. Volevo scaricare un antivirus ma dopo il download mi sono ritrovato questo programma che ingenuamente ho installato


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
14/01/2010 - 15:44:20

[SCANSIONE DEL REGISTRO]
OK

[E:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
14/01/2010 - 15:49:57

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Qoobox\Quarantine\C\Muestras\117702.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\119403.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\120479.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\125456.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\128778.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\129590.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\131602.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\134332.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\135346.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\135596.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\140276.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\140946.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\145439.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\148200.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\149838.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\14990292.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\150057.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15029058.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15043738.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15066311.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\152022.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15203717.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15380325.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\15774852.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\157966.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\160010.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\165485.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\168559.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\172459.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\195297.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\216420.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\234469.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\252971.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\29964703.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\30317951.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\Muestras\30433221.EXE.Muestra EliBagle v13.40.vir Infetto da I-WORM.Beagle.DM
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\opdux.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\q3kku.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\C\t8g.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\D\opdux.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\D\q3kku.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *
C:\Qoobox\Quarantine\D\t8g.exe.vir Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

D:\8xcrbho6.exe Infetto da Trojan.Win32.Agent.BEL
* * * RIMOSSO * * *

[E:]


Chiavi Registro infette: 0.
Files Infetti: 43.
Files Sospetti: 0.
Files Analizzati: 249111.
Files Totali: 249111.
Chiavi Registro rimosse: 0.
Virus Rimossi: 43.



dimmi la prossima operazione
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 20:23

vai nel pannello di controllo >>> installazione applicazioni e se e' ancora li' rimuovi live-player e
registry defender


Scarica Avenger

http://swandog46.geekstogo.com/avenger.zip

Estrailo in una cartella a tua scelta
Esegui il file avenger.exe
Ora incolla queste righe nella box bianca che si è aperta:

files to delete:
c:\users\\michele\appdata\\local\vmndldd.exe
c:\users\michele\appdata\local\vmndldd_navps.dat
c:\users\\michele\appdata\\local\vmndldd.dat
c:\users\michele\appdata\local\vmndldd_nav.dat
c:\users\michele\appdata\local\jfbejfbd.exe
c:\users\\michele\appdata\\local\jfbejfbd_navps.dat
c:\users\\michele\appdata\local\jfbejfbd.dat
c:\users\\michele\appdata\local\\jfbejfbd_nav.dat
C:\Users\\Michele\AppData\\Local\Temp\herss.exe
C:\Users\\Michele\AppData\\Roaming\hidires\flec003.exeC:\WINDOWS\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\SYSTEM32\WINTEMS.EXE
C:\WINDOWS\MDELK.EXE
C:\WINDOWS\SYSTEM32\MDELK.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS
C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS
C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE
C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\DOWNLD\105071837.EXE


registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vmndldd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jfbejfbd



Togli il segno di spunta dalla voce Scan for Rootkits
Premi il pulsante Execute
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 20:48

ecco fatto, ho disinstallato live-player, di registry defender nessuna traccia


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:


Error: could not open file "c:\users\\michele\appdata\\local\vmndldd.exe"
Deletion of file "c:\users\\michele\appdata\\local\vmndldd.exe" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: file "c:\users\michele\appdata\local\vmndldd_navps.dat" not found!
Deletion of file "c:\users\michele\appdata\local\vmndldd_navps.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\users\\michele\appdata\\local\vmndldd.dat"
Deletion of file "c:\users\\michele\appdata\\local\vmndldd.dat" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: file "c:\users\michele\appdata\local\vmndldd_nav.dat" not found!
Deletion of file "c:\users\michele\appdata\local\vmndldd_nav.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\users\michele\appdata\local\jfbejfbd.exe" not found!
Deletion of file "c:\users\michele\appdata\local\jfbejfbd.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "c:\users\\michele\appdata\\local\jfbejfbd_navps.dat"
Deletion of file "c:\users\\michele\appdata\\local\jfbejfbd_navps.dat" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "c:\users\\michele\appdata\local\jfbejfbd.dat"
Deletion of file "c:\users\\michele\appdata\local\jfbejfbd.dat" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "c:\users\\michele\appdata\local\\jfbejfbd_nav.dat"
Deletion of file "c:\users\\michele\appdata\local\\jfbejfbd_nav.dat" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "C:\Users\\Michele\AppData\\Local\Temp\herss.exe"
Deletion of file "C:\Users\\Michele\AppData\\Local\Temp\herss.exe" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: could not open file "C:\Users\\Michele\AppData\\Roaming\hidires\flec003.exeC:\WINDOWS\WINTEMS.EXE"
Deletion of file "C:\Users\\Michele\AppData\\Roaming\hidires\flec003.exeC:\WINDOWS\WINTEMS.EXE" failed!
Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)
--> an object cannot have this name


Error: file "C:\WINDOWS\SYSTEM32\WINTEMS.EXE" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\WINTEMS.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\WINTEMS.EXE" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\WINTEMS.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\MDELK.EXE" not found!
Deletion of file "C:\WINDOWS\MDELK.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\MDELK.EXE" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\MDELK.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE"
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE" not found!
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS" not found!
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE"
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\HIDIRES\FLEC003.EXE" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE"
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE" not found!
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WINUPGRO.EXE" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS" not found!
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\WFSINTWQ.SYS" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not open file "C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE"
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\M\FLEC006.EXE" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\DOWNLD\105071837.EXE"
Deletion of file "C:\USERS\MICHELE\APPDATA\ROAMING\DRIVERS\DOWNLD\105071837.EXE" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vmndldd" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vmndldd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jfbejfbd" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jfbejfbd" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 20:57

non ha eliminato niente perche' non sono piu' nel pc, anche se credo che il virus navipromo sia annidato da qualche parte

scarica Navilog

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

disattiva il UAC

Start
Pannello di controllo
Account Utente e Protezione per la Famiglia
Account utente
Attiva o disattiva Controllo account utente
Togliere il segno di spunta da "Per proteggere il computer..


click col tasto destro sul file Navilog1.exe seleziona, dal menu a tendina, "esegui come amministratore"
- dopo aver selezionato la lingua, scegli l'opzione 1
- finita la scansione seleziona questa volta l'opzione 2 dopo il riavvio portati in C:\ e copia/incolla il contenuto del file cleannavi.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 21:26

Fix Navipromo version 4.0.6 scansione iniziata il 14/01/2010 21.18.48,87

!!! Attenzione,questa scansione potrebbe rilevare archivi/programmi legittimi !!!
!!! Postate questo log all'interno dei Forum per farlo analizzare !!!

Fix effettuato da C:\Program Files\navilog1

Aggiornamento del 03.01.2010 delle ore 11h00 effettuata da IL-MAFIOSO

Microsoft® Windows Vista™ Home Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Default System BIOS
USER : Michele ( Administrator )
BOOT : Normal boot




C:\ (Local Disk) - NTFS - Total:137 Go (Free:55 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)


La Ricerca è stata effettuata in modalità normale

La pulizia dei valori verrà effettuata al riavvio del Computer


C:\ProgramData\Games-Attack eliminato !
c:\users\michele\appdata\local\virtua~1\progra~1\Live-Player eliminato !
C:\Windows\prefetch\LIVE-PLAYER.EXE-038B57E5.pf eliminato !


Pulizia in C:\Windows\Temp effettuata !
Pulizia in C:\Users\Michele\AppData\Local\Temp effettuata !


*** Una copia del registro verrà salvata nella cartella Safebackup ***

Copia del registro effettuata con successo !

*** Pulizia registro ***

Pulizia del registro effettuata




*** Scan terminato 14/01/2010 21.23.51,20 ***
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 21:29

sai dirmi se hai ancora problemi? se si, quali

postami un log di hijackthis
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 21:40

problemi per ora niente

ho installato hijackthis -> do a system scan and... però alla fine non mi rilascia il log, si apre un blocco note vuoto

a metà scansione compare una finestra:
for some reasod your system denied write access to the hosts file. if any hijacked domains are in this file, hijacht may not be able to fix this.
if that appens you nedd
eccetera eccetera


che dovrei fare?
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 21:42

appena finisce compare
impossibile trovare il file C: program files\trendmicro\hijackthis\hijachthis.log

creare n nuovo file?
si no annulla

qualunque opzione scelga non avviene nente
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 21:44

risolto, l'ho eseguito come amministratore


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21.43.43, on 14/01/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced WindowsCare V2\Awcl.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\BtUsrBdg.exe
C:\Windows\System32\BTSetBootKey.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\VEXPLite\MONLITE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
O4 - HKLM\..\Run: [BTSETBOOTKEY] BTSetBootKey.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLite\MONLITE.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &AOL Toolbar Cerca - c:\program files\aol\aol toolbar 5.0\resources\it-it\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VirIT eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLite\viritsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7344 bytes
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 21:53

vai qui >>>> http://www.virustotal.com/it/

analizza il file segnato in rosso

C:\Windows\system32\conime.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 22:01

Il file è già stato analizzato:
MD5: 05cb3da78a4bbd9b799a5957f9d101cc
First received: 2007.10.26 13:40:37 UTC
Data 2010.01.11 12:44:20 UTC [>3D]
Risultati 0/41
Permalink: analisis/1448b75e3921e0f3f20949b7db089a392c30e1c22275ee3fdd3fa9824cc08433-1263213860
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi shel » 14/01/10 22:03

devi rianalizzarlo e postare il rapporto
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: non mi si aprono alcuni programmi! tipo emule, msn..HELP!

Postdi MikGio90 » 14/01/10 22:11

File conime.exe ricevuto il 2010.01.11 12:44:20 (UTC)
Stato corrente: finito
Risultato: 0/41 (0.00%)
Formattato Formattato
Stampa risultati Stampa risultati
Antivirus Versione Ultimo aggiornamento Risultato
a-squared 4.5.0.48 2010.01.11 -
AhnLab-V3 5.0.0.2 2010.01.10 -
AntiVir 7.9.1.134 2010.01.11 -
Antiy-AVL 2.0.3.7 2010.01.11 -
Authentium 5.2.0.5 2010.01.10 -
Avast 4.8.1351.0 2010.01.10 -
AVG 9.0.0.725 2010.01.11 -
BitDefender 7.2 2010.01.11 -
CAT-QuickHeal 10.00 2010.01.11 -
ClamAV 0.94.1 2010.01.11 -
Comodo 3545 2010.01.11 -
DrWeb 5.0.1.12222 2010.01.11 -
eSafe 7.0.17.0 2010.01.10 -
eTrust-Vet 35.2.7229 2010.01.11 -
F-Prot 4.5.1.85 2010.01.10 -
F-Secure 9.0.15370.0 2010.01.11 -
Fortinet 4.0.14.0 2010.01.09 -
GData 19 2010.01.11 -
Ikarus T3.1.1.80.0 2010.01.11 -
Jiangmin 13.0.900 2010.01.11 -
K7AntiVirus 7.10.943 2010.01.09 -
Kaspersky 7.0.0.125 2010.01.11 -
McAfee 5857 2010.01.10 -
McAfee+Artemis 5857 2010.01.10 -
McAfee-GW-Edition 6.8.5 2010.01.11 -
Microsoft 1.5302 2010.01.11 -
NOD32 4760 2010.01.11 -
Norman 6.04.03 2010.01.10 -
nProtect 2009.1.8.0 2010.01.11 -
Panda 10.0.2.2 2010.01.10 -
PCTools 7.0.3.5 2010.01.11 -
Prevx 3.0 2010.01.11 -
Rising 22.30.00.05 2010.01.11 -
Sophos 4.49.0 2010.01.11 -
Sunbelt 3.2.1858.2 2010.01.10 -
Symantec 20091.2.0.41 2010.01.11 -
TheHacker 6.5.0.3.146 2010.01.11 -
TrendMicro 9.120.0.1004 2010.01.11 -
VBA32 3.12.12.1 2010.01.11 -
ViRobot 2010.1.11.2130 2010.01.11 -
VirusBuster 5.0.21.0 2010.01.10 -
Informazioni addizionali
File size: 68608 bytes
MD5 : 05cb3da78a4bbd9b799a5957f9d101cc
SHA1 : a012c3a14e8117d3b68c215101a84de10b33e0f5
SHA256: 1448b75e3921e0f3f20949b7db089a392c30e1c22275ee3fdd3fa9824cc08433
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xEACE
timedatestamp.....: 0x4549AE78 (Thu Nov 2 09:38:16 2006)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xF026 0xF200 6.57 7ae3bb5d5b355e5b762a724216c3f620
.data 0x11000 0x56C 0x200 3.36 7cfde319aae420bde9bc45b57c06e8bf
.rsrc 0x12000 0x8D0 0xA00 2.88 bcf997ca70576d60c5fec089748b0126
.reloc 0x13000 0x9AE 0xA00 5.77 16276b8751326a8b42850e5ecd78bb87

( 10 imports )

> advapi32.dll: RegQueryValueExW, RegOpenKeyExW, RegCloseKey
> gdi32.dll: GetStockObject, TranslateCharsetInfo
> imm32.dll: ImmCreateContext, ImmReleaseContext, ImmGetContext, ImmGetGuideLineW, ImmGetConversionStatus, ImmGetOpenStatus, ImmSetConversionStatus, ImmGetProperty, ImmAssociateContext, ImmSimulateHotKey, ImmTranslateMessage, ImmCallImeConsoleIME, ImmGetIMEFileNameW, ImmEscapeW, ImmNotifyIME, ImmGetCandidateListW, ImmGetCompositionStringW, ImmGetHotKey, ImmSetActiveContextConsoleIME, ImmDestroyContext, ImmSetOpenStatus
> kernel32.dll: lstrlenA, RegisterConsoleIME, InterlockedExchange, MultiByteToWideChar, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, GetVersionExW, InterlockedDecrement, InterlockedIncrement, lstrlenW, WideCharToMultiByte, GetCommandLineW, RegisterApplicationRestart, HeapSetInformation, OpenEventW, SetEvent, CloseHandle, GetCurrentThreadId, GetACP, LocalAlloc, LocalReAlloc, LocalFree, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, InterlockedCompareExchange, Sleep, UnregisterConsoleIME
> msctf.dll: TF_IsCtfmonRunning, TF_Notify
> msvcrt.dll: memset, _amsg_exit, malloc, free, __getmainargs, _local_unwind4, memcpy, _vsnwprintf, _cexit, _exit, _XcptFilter, _ismbblead, exit, _initterm, _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, memmove, _acmdln
> ole32.dll: CoUninitialize, CoCreateInstance, CoInitializeEx
> oleaut32.dll: -, -, -, -, -, -, -
> user32.dll: UnregisterClassW, CreateWindowExW, RegisterClassW, LoadCursorW, LoadIconW, EnableWindow, DispatchMessageW, TranslateMessage, GetMessageW, GetKeyState, GetKeyboardLayoutNameW, IsWindow, IsWindowEnabled, SetForegroundWindow, PostQuitMessage, DefWindowProcW, DestroyWindow, PostMessageW, RegisterWindowMessageW, ActivateKeyboardLayout, SendMessageTimeoutW, KillTimer, AttachThreadInput, SetTimer
> uxtheme.dll: SetThemeAppProperties

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 57f9d101cc
ssdeep: 1536:8NAxUXGDZdOHdSq42VRvsVLTqZBq08KDK6dJSFJ30fa73:8a08ZdOHdr5RvsVPDKDjSFJp7
PEiD : -
PDFiD : ['-', None, None]
RDS : NSRL Reference Data Set

( Microsoft )

Installed Vista Ultimate: conime.exe
MikGio90
Utente Junior
 
Post: 58
Iscritto il: 13/01/10 14:47

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "non mi si aprono alcuni programmi! tipo emule, msn..HELP!":

Emule
Autore: MarioLombardi
Forum: Software Windows
Risposte: 0

Chi c’è in linea

Visitano il forum: Nessuno e 81 ospiti